For Cybercrime Gangs, Professionalization Comes With Corporate Headaches

  /     /     /  
Publicated : 23/11/2024   Category : security


For Cybercrime Gangs, Professionalization Comes With Corporate Headaches


They rake in millions, but now, as much as zero-days and ransoms, cybercriminals are dealing with management structures and overhead.



Todays
foremost cybercrime gangs
operate
like large enterprises
, with more than $50 million dollars in annual revenue and around 80% of operating expenses going to wage bills.
In a
report published April 3
, researchers David Sancho and Mayra Rosario Fuentes of Trend Micro mapped out the economics of running a cybercrime business in 2023. Using observations and estimations, they explained, they aimed to show the quarterly financial reports for typical criminal groups under small, medium, and large enterprise categories.
Our hypothesis was that the bigger these organizations are going to be, the more theyre going to resemble the structure of a corporation, Sancho tells Dark Reading. The most surprising thing, he says, is when you put everything together, how consistent the picture is.
Small, medium, and especially large cybercrime gangs operate just like their legitimate counterparts, from their managerial structure all the way down to benefits for the lowest-level employees.
The inner workings of cybercrime operations dont just make for fun facts, though. If you agree with our conclusion that the larger the organism, the more structured it becomes, Sancho says, that presents an opportunity for anybody who is investigating or otherwise dealing with these organizations.
In parallel with the corporate economy, the researchers mapped cybercrime organizations into three categories:
Small: 1-5 staff and affiliates, one management layer, under $500K annual revenue
Medium: 6-49 staff and affiliates, two management layers, up to $50M revenue
Large: 50+ staff and affiliates, a few management layers, and more than $50 million in revenue
The smallest hacker groups operate with a move fast and break things kind of mentality — funding operations out of their own pockets, making income however they can, and with everybody on the team doing a little of everything.
But as revenue grows larger and larger, theres a bottleneck, Sancho explains. If we can get this much money with five hackers. Lets see what we can get with six.
At this point gangs begin to bring on full-time staff — necessary for maintaining million-dollar annual profits — and a defined organizational structure.
When youre more than five, six people, somebody needs to be in charge of something, otherwise if everybody does everything, its kind of a mess, the researcher notes.
The more they start growing, the more the complexity grows, he continues. And when youre thinking about organizations of 20-plus, 50-plus, you definitely need people arranged in some sort of structure. Some people do finance, some do marketing, some do sales.
These groups have IT and even human resources divisions, operating with a pyramid-style management structure. As a humorous case in point: The Conti group used to have employees of the month.
As
Sun Tzu famously observed in
The Art of War
: When you are ignorant of the enemy but know yourself, your chances of winning or losing are equal. Know thy enemy and know yourself; in a hundred battles, you will never be defeated.
Hackers have a reputation for working in the shadows — dark rooms, anonymous identities, and so on — by their own design. Once enterprises can recognize a bit of themselves in their adversaries, it makes the job of dealing with them less confusing.
For example, if youve been hit by a small group, you might reasonably assume that they act more like a startup. Those groups can be more flexible and attack you differently, Sancho says, and so victims should react with more caution.
Conversely, for the biggest, baddest criminal outfits. Once you realize that criminal organizations behave in an enterprise manner, then you realize their need to have a repository of documents, he explains. They need to have rules for how to interact with one another. Theyre mostly working remotely.
Investigators can look for data one might not otherwise associate with cybercrime gangs — mergers and acquisitions information, shared calendars, and the like. And if nothing else, businesses may take some comfort in knowing that their attackers have predictable systems in place.
Professionalization can also prevent agility
for cyberattackers. Cybercrime gangs are just like corporations now and as long as thats true, Sancho concludes, theyll have the same headaches corporations have, like, for instance,
sourcing good talent
.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
For Cybercrime Gangs, Professionalization Comes With Corporate Headaches