How Cybercrime Evolved Into a Business
When many people think of a cyberattacker, they think of an individual trying to make money or cause harm. But in reality, attackers today are often part of an organized matrix that can carry out attacks with increasing efficiency. In recent years, cybercrime and hacking groups have evolved to become more businesslike in both their structures and tactics. Well-known groups like LockBit, Cozy Bear and Wicked Panda—all wanted by the FBI–are part of this trend. More than 100 of the FBI’s most wanted criminals are connected to organized cybercrime, with the U.S. government offering rewards of up to $10 million for information leading to their arrests.
While the attacker has long had the advantage and it’s never been a fair game, the evolution of cybercriminal groups should be considered when evaluating why cyberattacks have soared in both number and severity. As businesses spend more on cybersecurity solutions, they would be well-served to take a closer look at the evolution underway in many of these groups. Ultimately, learning more about these groups and their techniques could help lead to smarter and more effective security tools and policies.
The Rise of the Affiliate Model
More cybercriminal groups are offering their tools and expertise to other bad actors to use for a fee or are offering profit-sharing schemes to those who carry out attacks on their behalf or with their tools. Known as ransomware-as-a-service (RaaS), this model increases the reach and efficiency of leading cybercriminal groups.
Such models also empower and train smaller and newer groups, adding to their skillbase and toolkit. An amateur can purchase the tech they need to carry out an attack for a few hundred dollars. This makes the whole industry more efficient and effective, as smaller players can work with larger and more established groups and start having an effect right away, rather than spending time to develop their own tech and recruit people with the necessary skills. In practice, anyone with the desire to commit cybercrime can connect with a more experienced group and start carrying out attacks.
While this makes bad actors more powerful and more numerous, the focus on efficiency is also an important lesson for cybersecurity professionals. In addition to underlining the need to be prepared for an attack at all times, security professionals should also focus on their own efficiency. This includes embracing a mindset of efficiency and ensuring each tool purchased or policy implemented directly protects the organization’s most important assets rather than just trying to keep up with trends or technology.
The Power of Marketing and Customer Service
To make money by offering RaaS and working with affiliates, cybercriminal groups have invested in marketing and customer service efforts. These groups have a strong concept of brand awareness and may even carry out spectacular attacks to get their name out and attract more partners and affiliates. They also work to spread their name and brand on the dark web to draw in more business. When they get queries from others interested in working with them or buying their malware, they usually answer right away, again a sign of efficiency and a business-like mindset.
While such tactics explain how so many of these groups have become successful, efficient and far-reaching, these same practices are also an opportunity for businesses seeking to defend themselves against attacks. Mainly, these marketing and public relations efforts could provide valuable intelligence material to cybersecurity teams. Threat intelligence, in general, needs to play a larger role in corporate cybersecurity.
An Eager and Expanding Workforce
The global economic downturn has led many people in less developed countries to resort to cybercrime and other illicit digital work, sometimes known as “hack for hire.” A similar trend has been taking shape in countries like China, North Korea, Russia and Iran, where sanctions and other measures have cut them off from the global economy. In addition to being home to a willing potential workforce, many states also turn a blind eye to such cybercriminal groups and, increasingly, support and hire them.
These safe harbors and the growing government cooperation with cybercriminal groups will likely continue to boost their abilities and legitimacy. Meanwhile, businesses that want to fend off attacks must consider geopolitics and state-sponsored attackers when undertaking threat intelligence and other aspects of cybersecurity. All businesses, even if they are not involved in politics, critical infrastructure or other activities that relate to national interest or security, are vulnerable to attacks by state-backed groups, especially as more of these groups seek money rather than just influence.
Businesses should not underestimate these groups and, even more importantly, should be aware of how they work. Understanding how they work can help companies plan their defensive strategies, including more relevant threat hunting and protection of key business assets. As cybercrime grows larger and more efficient, those businesses that better understand this evolving threat will be the ones most successful in the fight against it.
