Cybernews
  • News
  • Editorial
  • Security
  • Privacy
    • What is a VPN?
    • What is malware?
    • How safe are password managers?
    • Are VPNs legal?
    • More resources
    • Strong password generator
    • Personal data leak checker
    • Antivirus software
    • Best VPN services
    • Password managers
    • Secure email providers
    • Best website builders
    • Best web hosting services
  • Follow
    • Twitter
    • Facebook
    • YouTube
    • Linkedin
    • Flipboard
    • Newsletter

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

Our readers help us create quality content. If you purchase via links on our site, we may receive affiliate commissions. Learn more

Home » Security » The sophisticated business strategies of the modern cybercriminal

The sophisticated business strategies of the modern cybercriminal

by Adi Gaskell
26 March 2020
in Security
0
cybercriminals
0
SHARES

The common perception of the modern hacker is a lone wolf operating out of their basement, but the reality could hardly be more different. Crime groups today, such as Superzonda in South America, Business Network in Russia and the global Shadow Crew are increasingly connected and sophisticated. Indeed, they often use, and extend business techniques from legitimate enterprises to create global teams that are incredibly efficient, setting the kind of best practice behaviors that might in another world be the subject of a Harvard Business School case study.

Speed of response is often a central part of this, with phishers rapidly developing e-mails asking for donations to the ‘Red Cross’ in response to the 2010 earthquake in Haiti. Such scammers are also using text to donate methods to swindle people out of money. What is perhaps most interesting, however, is in the organizational structure of cybercriminals.

Mob vs flashmob

In the past, we would perhaps assume that the modern criminal takes a leaf out of the Godfather’s book, with a top-heavy hierarchy complete with dons and capos. The reality of the modern cybercriminal is much more fluid though, and indeed more like Al Qaeda in style, with loosely affiliated cooperative networks that come together for projects and disband soon after. New research from Michigan State University highlights how common this style is among the modern cybercriminal.

“It’s not the ‘Tony Soprano mob boss type’ who’s ordering cybercrime against financial institutions,” the researchers say. “Certainly, there are different nation states and groups engaging in cybercrime, but the ones causing the most damage are loose groups of individuals who come together to do one thing, do it really well – and even for a period of time – then disappear.”

Whereas historic crime families often have a reputation established over many years, and a documented history to match, the online space is typically much harder to trace. The research found that there are strong levels of organization among cybercriminals, but that the style and approach varies considerably depending on the nature of their work. For instance, it’s rare for there to be organizations that have persisted over many years, or even multiple generations, as in other organized crime networks.

Instead, cybercriminal networks are often made up of loose coalitions of hackers who come together because of their unique skill sets, collaborate together on a particular crime, and then disband again. This may see one person with an expertise in password encryption teaming up with another who is fluent in a certain programming language working together to do more damage as a unit than either would individually.

“Many of these criminals connected online, at least initially, in order to communicate to find one another,” the researchers explain. “In some of the bigger cases that we had, there’s a core group of actors who know one another really well, who then develop an ancillary network of people who they can use for money muling or for converting the information that they obtained into actual cash.”

Modern businesses

Such criminals also increasingly turn to niche locations to find specific expertise. For instance, Dubai is known to offer the best talent for laundering money. This requires almost constant networking to have a web of talent to tap into, and in this sense, it’s not a million miles from the way Hollywood film studios constantly scout for the best acting talent for any given film. It’s vital that criminals in ID theft know how to find criminals able to replicate the holograms on ID cards, for instance.

As in other forms of professional life, it’s also true that many cybercriminals are driven more by intrinsic motivation than extrinsic. Sure, with the risks involved, the money has to be there, but for many, the motivation is less about the money than it is about the intellectual challenge of cracking into a sophisticated security system, or the moral requirement to attack specific targets who they believe go against what they believe in.

In another nod to the businesses that have emerged during the Internet era, many cybercriminals are also only too well aware of the ‘long tail’, that provides fruitful exploits away from the big, blockbuster heist. The modern cybercriminal is only too well aware that significant riches are available in smaller, repeatable operations. Many credit card hacks, for instance, follow this approach, with purchases on the smaller side and laundered through a ‘mule’, who might not even be aware they’re part of the scam. Add these small transactions up by thousands and you get to a large heist.

It’s clear that the methods of cybercriminals are changing markedly from the organized criminals of the past, and many now adopt the significant and agile approaches of the most sophisticated legitimate businesses of today. It’s vital that law enforcement agencies appreciate this so that they can better crack down on them.

“As things move to the dark web and use cryptocurrencies and other avenues for payment, hacker behaviors change and become harder to fully identify, it’s going to become harder to understand some of these relational networks,” the researchers conclude. “We hope to see better relationships between law enforcement and academia, better information sharing, and sourcing so we can better understand actor behaviors.”

ShareTweetShareShare
Next Post
Business woman with mask working in the office on laptop.

To beat coronavirus, we’ll have to give up our privacy

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's choice

One of the biggest Android VPNs hacked? Data of 21 million users from 3 Android VPNs put for sale online
Security

One of the biggest Android VPNs hacked? Data of 21 million users from 3 Android VPNs put for sale online

by CyberNews Team
26 February 2021
4

A user on a popular hacker forum is selling three databases that purportedly contain user credentials and device data stolen...

Read more
A blast from the past: the finest retro PCs people use

A blast from the past: the finest retro PCs people use

26 February 2021
How this IMDb flaw gave me credit for working on Chernobyl, GOT, and other gigs

How this IMDb flaw gave me credit for working on Chernobyl, GOT, and other gigs

25 February 2021
Forget Bruce Willis. AI will protect us from killer asteroids instead

Forget Bruce Willis. AI will protect us from killer asteroids instead

24 February 2021
COMb data leak - Mother of all breaches

COMB: largest breach of all time leaked online with 3.2 billion records

12 February 2021
  • Categories
    • News
    • Editorial
    • Security
    • Privacy
  • Reviews
    • Antivirus Software
    • Password Managers
    • Best VPN Services
    • Secure Email Providers
    • Website Builders
    • Best web hosting services
  • Tools
    • Password generator
    • Personal data leak checker
  • Engage
    • About Us
    • Send Us a Tip
    • Careers
  • Twitter
  • Facebook
  • YouTube
  • Linkedin
  • Flipboard
  • Newsletter
  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.

Home

News

Editorial

Security

Privacy

Resources

  • About Us
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!