Cybercrime Inc. Hackers Model Themselves On Big Business

The clichéd image of a cybercriminal is one of a lone hacker, huddled over a computer in their parent's basement. Today, that stereotype couldn't be further from the truth, because, now more than ever, cybercrime is carried out by gangs running sophisticated operations.

The most organized criminal groups, such as those active on the dark web, are operating like legitimate businesses, with departmentalized teamwork, collaboration tools, training, and even service agreements between malicious software providers and their hacker customers.

"When you start to see malware kits that have customer service agreements and warranties associated with them, you know that you've moved into a pretty professional space," says Nathaniel J Gleicher, former director for cybersecurity policy for the White House's National Security Council.

Like the legitimate software market, cybercrime is now a huge economy in its own right, with people with a range of skillsets working together towards one goal: making money with illicit hacking schemes, malware, ransomware, and more. It's essentially an extension of 'real world' crime into cyberspace, and it's come a long way in recent years as groups have become bigger, more specialized, and more professional.

"There's been a substantial amount of improvement and innovation in the way attackers go after networks and, as cybercrime has professionalized, you've seen individuals develop a particular set of skills which fit into a broader network," says Gleicher, now head of cybersecurity strategy at Illumio.

"You have people who are managing and distributing credit card information, people who are cracking bank accounts, people who are managing remote access toolkits, to people who specialize in social engineering. There're very specific skillsets," he adds.

But it's not just gangs of hackers anymore: the cybercriminal ecosystem has evolved to the extent that it supports roles you'd expect to find in any large business.

"Advanced cybercrime groups now mirror legitimate organizations in the way they operate, with networks of partners, associates, resellers, and vendors. Some groups even deploy call center operations to ensure maximum impact for their scamming efforts," says Sian John, chief strategist for EMEA at Symantec.

That overlap with the world of business is also true of the tools cybercriminals use to communicate and collaborate, with different groups, whether they're responsible for orchestrating phishing campaigns or stealing and cloning card data, coordinating their actions for maximum effect.

"They're very much acting like a business. We're seeing that they very much collaborate and communicate via encrypted instant messaging systems," says Jens Monrad, senior intelligence analyst at FireEye.

However, such systems aren't open to anyone, as the dark web is still very much a closed space. "They're still using various internet forums, some which are only available if you have enough street credibility or that you have to pay for to demonstrate how you're willing to collaborate on their terms," Monrad says.

Terms and conditions have very much become a part of the increasingly professionalized world of cybercrime, where cybercriminals are now leasing out or franchising their malicious software as a service and making just as much money, if not more, than when they were selling it themselves.

"The franchises take that technology, but rather than hosting it in the country where it's being developed, they'll ask the developers if they can take some of their services and host them in places they can't get to and let them take a cut. It's exactly the same as an independent software company: they have their own channel programme," says Bharat Mistry, cybersecurity consultant at Trend Micro, who describes such operations as "full-on enterprises on the underground".

This practice of hosting services to allow foreign cyber-attackers to more easily commit cyberattacks against local targets has been observed in China and Russia. It's systemic of what has become a global trade meaning, like the largest enterprises, cybercriminal outfits are able to operate around the clock.

With 24-hour operations in what looks increasingly like a service-based business, cybercriminals are even recruiting people to work as customer service operatives -- although many of these 'employees' will be unaware they're working for a criminal group.

"Some groups deploy call center operations to ensure maximum impact on their scamming efforts and, in some instances, employees of the call center are oblivious to the fact they are working for criminal groups executing low-level campaigns like tech support scams," says Symantec's Sian John.

If traced by the authorities, the people unwittingly aiding these criminal activities might be fined or worse. But while these individuals might be discovered, the gangs they are working for often remain in the shadows.

Cybercrime Credentials

While those at the bottom are unskilled, the professionalization of cybercrime has brought about another initiative you'd expect to see in any legitimate business operation: training courses. These programs are offered on the dark web in exchange for Bitcoin, the preferred currency of organized cybercriminal groups.

"There are online training courses you can pay for which show you how to go about hacking a website and infiltration. Everything which happens in physical enterprises is happening in the cybercriminal underground," says Trend Micro's Mistry, adding "it's only a matter of time" before this becomes a widespread activity within the professional cybercriminal economy

"We should assume any training techniques which are being used in legitimate organizations are being used in cybercriminal organizations as well," agrees Illumio's Gleicher.

Gleicher investigated and prosecuted cybercriminals during his time at the US Department of Justice and therefore has first-hand experience of just how sophisticated these schemes have become.

"What I found most interesting in the rise of professionalization is, as you're tracking these institutions, you quickly find they're based in multiple countries and they have sophisticated coordination frameworks to work together," he says.

What he took away from the experience was that cybercriminal operations are becoming increasingly niche, with groups conducting every type of cyber-fraud using strategic business techniques that rival those used within corporations.

"They're working together in this really clockwork way, they'll specialize. So if you see an organization which runs fraud scams, something as simple as selling fake cars online, they're going to specialize in that and they're going to have teams of people creating legitimate looking websites, and teams of people communicating with prospective buyers who have effective enough English to appear legitimate," Gleicher says.

These trends suggest that hacking and cybercrime are no longer the domain of individuals seeking to make a nuisance of themselves. Cybercrime is now an industry involving major criminal groups, with ecosystems as well-structured as the corporations they're likely attempting to target. Organizations must therefore ensure their own defenses are up to fighting this threat.

ZDNet

 

 

« Finding The Right Security Professional
Internet Takes The Wheel Inside Driverless Cars »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cyber Fusion Center - Maryville University

Cyber Fusion Center - Maryville University

Maryville University Cyber Fusion Center is a virtual lab for working on real-world cyber security challenges.

Huntsman Security

Huntsman Security

Huntsman Security provides technology to enable real-time security monitoring and immediate visibility of advanced threats and compliance issues.

Networkers

Networkers

Networkers is a global recruitment consultancy helping unite job-seekers and hiring companies across the technology industry.

Cyacomb

Cyacomb

Cyacomb (formerly Cyan Forensics) provides digital forensics software to help police forces find evidence on computers many times faster than before.

Langner

Langner

Langner is a software and consulting firm specialized in cyber security for critical infrastructure and large-scale manufacturing.

Portuguese Institute for Accreditation (IPAC)

Portuguese Institute for Accreditation (IPAC)

IPAC is the national accreditation body for Portugal. The directory of members provides details of organisations offering certification services for ISO 27001.

Crypto Valley Association

Crypto Valley Association

Crypto Valley Association is an independent, government-supported association established to build the world’s leading blockchain and cryptographic technologies ecosystem.

Stellar Cyber

Stellar Cyber

Stellar Cyber makes Open XDR, the only comprehensive security platform providing maximum protection of applications and data wherever they reside.

Flatt Security

Flatt Security

Flatt Security is a cyber security startup based in Japan providing security assessments and other cyber security services.

Sollensys

Sollensys

Sollensys is a leader in commercial blockchain applications. Our flagship product, The Blockchain Archive Server™ is the best defense against the devastating financial loss that ransomware causes.

Prophaze Technologies

Prophaze Technologies

Prophaze enable organizations and SaaS providers to improve their web application cybersecurity and reduce costs through AI automation.

Beyon Cyber

Beyon Cyber

Beyon Cyber offer a complete portfolio of advanced solutions & services for cyber security in Bahrain.

Transatlantic Cyber Security Business Network

Transatlantic Cyber Security Business Network

The Transatlantic Cyber Security Business Network is a coalition of UK and US cyber security companies which facilitates collaboration to help address critical cyber security challenges.

Redpoint Cybersecurity

Redpoint Cybersecurity

Redpoint Cybersecurity is a human-led, technology-enabled managed cybersecurity provider specializing in Digital Forensics, Incident Response and proactive cyberattack prevention.

Cydea

Cydea

Cydea are an optimistic cyber security consultancy of experts in security, data, technology and design that want to build a safer, more secure world where more things go right.

Index Engines

Index Engines

Index Engines is the world’s leading AI-powered analytics engine to detect data corruption due to ransomware.