Inside The Mind Of Cyber Criminals

There are some common misperceptions that security professionals have about cybercrime and the people who do it.

Information sharing amongst security specialists is crucial; in the eyes of a criminal, no company is unique. As a rule of thumb, perpetrators will initially cast a wide net and move downstream toward the easiest prey. It’s more likely to become a victim via common attack vector, rather than to experience a highly sophisticated and tailored attack.

On the other hand, security specialists should never underestimate the determination of an attacker. Highly valuable and quickly sold on underground information such as payment, healthcare, and personally identifiable records, as well as sensitive M&A information, must be identified as a targeted asset, quarantined, and stored encrypted. 

The actionable contingency plan must be rehearsed and quickly activated in the case of a breach including a clear response strategy if extortion is attempted. Security professionals must be aware of upcoming threats and successful mitigation practices when establishing a robust and secure network, making sure the proper data backups are in place.

What are some common misperceptions that security pros have about cyber-crime and the people who do it?

The common misperception about cyber criminals we often observe is that it is assumed that illicit actors have diverse skills and experience, allowing them to initiate a wide range of attacks, subsequently earning a hefty amount of money as a result. In reality, the current underground has shifted toward mass plug-and-play automated services, offering the opportunity to participate in illicit activities to a broad number of novice members. Recorded Future has recently identified a survey, conducted among members of a closed underground community, revealing that the majority of cyber criminals are earning a mere $1,000 to $3,000 a month, while only 20% are earning significantly larger amounts of $20,000 a month or more.

Who are these criminals? Are they part of established criminal groups or one-man shows?

For the most part, the largest demographic of members participating in underground communities are lone actors with a clean criminal record and without any ties to organised syndicates. These criminals tend to maintain a stable day job while partaking in illegal activities mostly on an occasional basis. Often these actors are introduced to the life of cyber-crime during their early college years and remain active many years to follow.

A separate and significantly more sophisticated cohort are cyber-criminal syndicates which maintain a strict hierarchy, comprised of highly skilled members, each with a very narrow set of responsibilities.

A typical group is controlled by a single mastermind “boss”, a very intelligent and highly educated person, and includes bankers with extensive connections in the financial industry to arrange money laundering and cash out of stolen funds. 

Additionally, forgers are responsible for fake documents and supporting paperwork and professional project managers oversee the technical aspects of operations, software engineers, and skilled hackers. 

Some groups include ex-law enforcement agents responsible for information gathering as well as counter-intelligence operations.

Team members tend to have strong ties in real life and often are respected members of their communities, viewed by many as successful businessmen and entrepreneurs. The group will often have a diversified investment portfolio and maintain a presence in real estate, hospitality, and auto-related businesses.

Cyber-criminal syndicates don’t regard themselves as ordinary street criminals and rarely cross paths with everyday gangsters, preferring to remain in the shadows and avoid unnecessary attention from both law enforcement and local mafia branches.

However, on certain occasions, requiring the involvement of a vast number of “troopers,” often, related to a large cash-out operations, a one-time project can be launched through a chain of intermediaries.

What types of research do you feel are most beneficial for an enterprise security team?

We have to understand no silver bullet will solve every security problem. An effective security perimeter has to include the combination of:

  • Automated tools responsible for identification of unusual behavior.
  • Alerts on known IOCs and TTPs.
  • Intelligence obtained from underground communities.
  • Response procedures and guidelines.

Direct access to deep and dark web is crucial, but for a variety of safety reasons, might not be a viable option. Hidden criminal communities are not very fond of researchers, and in certain situations, an inexperienced researcher can draw unnecessary attention to the company and put it in danger.

In one of the recent cases, a poorly trained researcher has openly inquired about penetration solutions in newly adopted infrastructure which was tested at a limited number of corporate locations, immediately observing a sudden surge of malicious activity.

To avoid this, we would recommend utilising the help of professional threat intelligence providers that operate undercover on a day-to-day basis and are familiar with all of the complex politics of these communities.

Several providers allow users to research deep and dark web sources in a safe and secure manner, without risking the integrity of the organisation.

Companies also must foster internal security teams, ensuring they are capable of discovering relevant and actionable data as well as stimulating the unrestricted environment, providing the opportunity to initiate counter-measures quickly, and minimising the red-tape procedures.

RecorderdFuture:              Cybercrime Inc. Hackers Model Themselves On Big Business:

 

« Irish Law Firms Experience 50% Increase In Cyberattacks
Snowden Loses In Norway »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cybertrust Japan

Cybertrust Japan

Cybertrust Japan provides a comprehensive security certification and digital authentication service, enabling customers to build and manage highly secure IT infrastructures.

Beryllium InfoSec Collaborative

Beryllium InfoSec Collaborative

Beryllium InfoSec Collaborative is an information security and cyber security company with 40-plus years of experience across industry & government.

Quantum Security Solutions (QSec)

Quantum Security Solutions (QSec)

QSec is an innovative information security consultancy based in Ghana. We can provide your organisation with information security products and services that assure against information risk.

Cyber Range Solutions (CRS)

Cyber Range Solutions (CRS)

CRS provides cyber security training and improve security team performance by providing a hyper realistic, virtual training environment.

Client Solution Architects (CSA)

Client Solution Architects (CSA)

Client Solution Architects (CSA) is a leading digital transformation consulting firm focused on the U.S. Defense Department and all U.S. Federal enterprise information technology service areas.

NI Cyber Security Centre

NI Cyber Security Centre

NI Cyber Security Centre works to make Northern Ireland cyber safe, secure and resilient for its citizens and businesses.

Datastream Cyber Insurance

Datastream Cyber Insurance

DataStream Cyber Insurance is designed to give SMB’s across the US greater confidence in the face of increasing cyber attacks against the small and medium business community.

Secora Consulting

Secora Consulting

Secora Consulting is a professional services company specialising in tailored cybersecurity assessments and cyber advisory services.

Mutare

Mutare

For three decades, Mutare has been empowering organizations to re-imagine a better way to connect through our transformative voice security, digital voice and text messaging solutions.

Tidal Cyber

Tidal Cyber

We formed Tidal for one simple reason—we believe that defenders need and deserve tools and services that make achieving the benefits of threat-informed defense practical and sustainable.

Vector Choice Technologies

Vector Choice Technologies

Vector Choice Technology Solutions has a long standing reputation in cyber security consulting since 2008.

Positka FSI Pte Ltd

Positka FSI Pte Ltd

Positka, being a Splunk Singapore partner, provides Splunk & Phantom Services, Cybersecurity & Risk Management, Analytics & Big Data, Lean Process Optimization, and Managed Security Services.

Paramount Defenses

Paramount Defenses

Paramount Defenses have unrivaled capability in two of the most critical areas in cyber security today – Active Directory Security and Privileged Access.

Proton

Proton

Proton provides free encrypted email, calendar, drive, password manager, and VPN services. Building a better Internet.

Arctera

Arctera

Arctera simplifies data management to keep you secure. Our company operates as three units - Data Compliance, Data Resilience, and Data Protection.

CirrusHQ

CirrusHQ

CirrusHQ are a Specialist AWS Advanced Consulting Partner with a focus on Cloud Management, DevOps, Migration and Consulting Services for the private and public sectors.