Cybercrime Inc. Hackers Model Themselves On Big Business

Uploaded on 2016-09-27 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

The clichéd image of a cybercriminal is one of a lone hacker, huddled over a computer in their parent's basement. Today, that stereotype couldn't be further from the truth, because, now more than ever, cybercrime is carried out by gangs running sophisticated operations.

The most organized criminal groups, such as those active on the dark web, are operating like legitimate businesses, with departmentalized teamwork, collaboration tools, training, and even service agreements between malicious software providers and their hacker customers.

"When you start to see malware kits that have customer service agreements and warranties associated with them, you know that you've moved into a pretty professional space," says Nathaniel J Gleicher, former director for cybersecurity policy for the White House's National Security Council.

Like the legitimate software market, cybercrime is now a huge economy in its own right, with people with a range of skillsets working together towards one goal: making money with illicit hacking schemes, malware, ransomware, and more. It's essentially an extension of 'real world' crime into cyberspace, and it's come a long way in recent years as groups have become bigger, more specialized, and more professional.

"There's been a substantial amount of improvement and innovation in the way attackers go after networks and, as cybercrime has professionalized, you've seen individuals develop a particular set of skills which fit into a broader network," says Gleicher, now head of cybersecurity strategy at Illumio.

"You have people who are managing and distributing credit card information, people who are cracking bank accounts, people who are managing remote access toolkits, to people who specialize in social engineering. There're very specific skillsets," he adds.

But it's not just gangs of hackers anymore: the cybercriminal ecosystem has evolved to the extent that it supports roles you'd expect to find in any large business.

"Advanced cybercrime groups now mirror legitimate organizations in the way they operate, with networks of partners, associates, resellers, and vendors. Some groups even deploy call center operations to ensure maximum impact for their scamming efforts," says Sian John, chief strategist for EMEA at Symantec.

That overlap with the world of business is also true of the tools cybercriminals use to communicate and collaborate, with different groups, whether they're responsible for orchestrating phishing campaigns or stealing and cloning card data, coordinating their actions for maximum effect.

"They're very much acting like a business. We're seeing that they very much collaborate and communicate via encrypted instant messaging systems," says Jens Monrad, senior intelligence analyst at FireEye.

However, such systems aren't open to anyone, as the dark web is still very much a closed space. "They're still using various internet forums, some which are only available if you have enough street credibility or that you have to pay for to demonstrate how you're willing to collaborate on their terms," Monrad says.

Terms and conditions have very much become a part of the increasingly professionalized world of cybercrime, where cybercriminals are now leasing out or franchising their malicious software as a service and making just as much money, if not more, than when they were selling it themselves.

"The franchises take that technology, but rather than hosting it in the country where it's being developed, they'll ask the developers if they can take some of their services and host them in places they can't get to and let them take a cut. It's exactly the same as an independent software company: they have their own channel programme," says Bharat Mistry, cybersecurity consultant at Trend Micro, who describes such operations as "full-on enterprises on the underground".

This practice of hosting services to allow foreign cyber-attackers to more easily commit cyberattacks against local targets has been observed in China and Russia. It's systemic of what has become a global trade meaning, like the largest enterprises, cybercriminal outfits are able to operate around the clock.

With 24-hour operations in what looks increasingly like a service-based business, cybercriminals are even recruiting people to work as customer service operatives -- although many of these 'employees' will be unaware they're working for a criminal group.

"Some groups deploy call center operations to ensure maximum impact on their scamming efforts and, in some instances, employees of the call center are oblivious to the fact they are working for criminal groups executing low-level campaigns like tech support scams," says Symantec's Sian John.

If traced by the authorities, the people unwittingly aiding these criminal activities might be fined or worse. But while these individuals might be discovered, the gangs they are working for often remain in the shadows.

Cybercrime Credentials

While those at the bottom are unskilled, the professionalization of cybercrime has brought about another initiative you'd expect to see in any legitimate business operation: training courses. These programs are offered on the dark web in exchange for Bitcoin, the preferred currency of organized cybercriminal groups.

"There are online training courses you can pay for which show you how to go about hacking a website and infiltration. Everything which happens in physical enterprises is happening in the cybercriminal underground," says Trend Micro's Mistry, adding "it's only a matter of time" before this becomes a widespread activity within the professional cybercriminal economy

"We should assume any training techniques which are being used in legitimate organizations are being used in cybercriminal organizations as well," agrees Illumio's Gleicher.

Gleicher investigated and prosecuted cybercriminals during his time at the US Department of Justice and therefore has first-hand experience of just how sophisticated these schemes have become.

"What I found most interesting in the rise of professionalization is, as you're tracking these institutions, you quickly find they're based in multiple countries and they have sophisticated coordination frameworks to work together," he says.

What he took away from the experience was that cybercriminal operations are becoming increasingly niche, with groups conducting every type of cyber-fraud using strategic business techniques that rival those used within corporations.

"They're working together in this really clockwork way, they'll specialize. So if you see an organization which runs fraud scams, something as simple as selling fake cars online, they're going to specialize in that and they're going to have teams of people creating legitimate looking websites, and teams of people communicating with prospective buyers who have effective enough English to appear legitimate," Gleicher says.

These trends suggest that hacking and cybercrime are no longer the domain of individuals seeking to make a nuisance of themselves. Cybercrime is now an industry involving major criminal groups, with ecosystems as well-structured as the corporations they're likely attempting to target. Organizations must therefore ensure their own defenses are up to fighting this threat.

ZDNet

 

 

« Finding The Right Security Professional
Internet Takes The Wheel Inside Driverless Cars »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Continuum

Continuum

Continuum is the IT management platform company that allows Managed IT Services Providers to maintain and back up on-premise and cloud-based servers, desktops, mobile devices and other endpoints

Dataguise

Dataguise

Dataguise provides a data-centric security solution to detect, protect, and monitor sensitive data in real time across all data repositories, both on premises and in the cloud.

Trustlook

Trustlook

Trustlook's SECUREai engine delivers the performance and scalability needed to provide total threat protection against malware and other forms of attack.

Cyjax

Cyjax

Cyjax monitors the Internet to identify the digital risks to your organisation, including cyber threats, reputational risks and the Darknet.

SwiftSafe

SwiftSafe

SwiftSafe is a cybersecurity consulting company providing auditing, pentesting, compliance and managed security services.

BioConnect

BioConnect

BioConnect provide biometric access control solutions to verify a person’s identity across physical, IOT and digital applications.

Bugraptors

Bugraptors

BugRaptors is a certified software testing company with extensive experience as a third-party testing vendor, effectively proven as a leader in software testing & QA Services.

SHe CISO Exec

SHe CISO Exec

SHe CISO Exec is a sustainable global training and mentoring platform in information security and leadership.

Gula Tech Adventures

Gula Tech Adventures

Gula Tech Adventures invests in companies and nonprofits that help close the gap in needed technology and workforce to defend the country in cyberspace.

QuantiCor Security

QuantiCor Security

QuantiCor Security is one of the world’s leading developers and manufacturers of quantum computer resistant security solutions for IT infrastructures and the Internet of Things (IoT).

NI Cyber Security Centre

NI Cyber Security Centre

NI Cyber Security Centre works to make Northern Ireland cyber safe, secure and resilient for its citizens and businesses.

Mandiant

Mandiant

Mandiant deliver dynamic cyber defense solutions powered by industry-leading expertise, intelligence and innovative technology.

Legit Security

Legit Security

Legit Security's mission is to secure every organization's software factory by protecting the pipelines, infrastructure, code and people for faster and more secure software releases.

McKinsey & Company

McKinsey & Company

McKinsey & Company is a global management consulting firm. We are trusted advisor to the world's leading businesses, governments, and institutions.

Rescana

Rescana

Rescana offers a cyber risk management platform with the vision to remove the security team bottlenecks, accelerating business processes that require risk assessment.

Razilio

Razilio

Razilio is a boutique cybersecurity consultancy located in Sydney, Australia and serving the world.