Historically, the cybercriminal has been viewed by society as a lone wolf, stabbing out at the world with little more motivation than some dim anarchistic impulse. More and more, however, it seems that the hackers of the underworld are looking toward the examples set by both legitimate businesses and the world’s organized crime rings, adopting those entities’ successful operational methods. Dark Reading columnist Brian Prince recently looked into the cybercriminal black market, and found that today’s crimeware landscape is littered with sophisticated syndicates made up of a strict hierarchy of lieutenants, soldiers, recruiters, and hired guns.
Cybercrime as a Fortune 500 company
Like any legitimate business or organized crime ring, cybercrime syndicates are largely comprised of low-level workers. In this case, they are tasked with infecting other machines through email links malicious websites and helping to build a larger botnet network. Above them are the middle-management types, who handle the recruitment of a cybercrime syndicate’s army of foot soldiers. At the top sit the executives. They set up the base of operations and necessary infrastructure, but keep their hands clean of launching infections. In addition, cybercriminals will retain the services of mules to transfer money via difficult to trace implementations, such as Western Union.
The money a crimeware syndicate can bring in rivals that of many legitimate businesses. As such, cybercriminals tend to mirror their resource management processes. Using commercial business management software, cybercriminals can keep meticulous count of their various accounts, infected networks, and the ground-level infantry members at their disposal.
The lucrative world of cybercrime
Beyond their own dedicated attack campaigns designed to retrieve bank account and credit card numbers, cybercrime syndicates can also acquire funding by renting out their services to interested parties. For a fee, cybercriminals will offer clients their bevy of hacking resources, including botnet networks, exploit kits for infiltrating websites, and source code as a basis for creating unique malware.
Not only is the structure of cybercrime syndicates becoming more complex, so are their methods of attack. According to CRN, one recent trend is the increasing usage and effectiveness of “Cloud Cracking”. This highly sought after service provides a low cost password cracking delivery system, which with more complex and wider networked botnets have shown an increasing effectiveness paired with a continually plummeting cost. Another trend gaining popularity seems to be Ransomware, a type of malware that encrypts files on an infected computer, before the cybercriminal demands a fee to return the user’s data.
Is victory possible in the cyberwar?
The looming question remains, how can state and federal law enforcement combat such wide reaching crime rings? There are a number of barricades standing in place. While cybercriminals require hosting providers and domains to house their arsenal of malware, government agencies have found them difficult to shut down. When law enforcement does succeed in shutting down a malicious host, one or more tend to pop up in its place. In addition, resources for combating cybercrime pale compared to the number of threats lurking out in cyberspace.
Although the U.S. government has pushed for better communication and cooperation between state agencies as a means to combat cybercriminals, ultimately, the responsibility for evading crimeware falls upon individual businesses. Bolstering an organization’s network defenses through sophisticated layered security protocols has proven time and again to be the best defense against the ever-growing hordes of cybercriminals. The world’s governments will continue to take down cybercrime syndicates when they can, but realistically, they are caught in an arms race, with each side continually looking to outmaneuver the other.
Do outgunned government agencies stand a chance against the networks of cybercrime syndicates? Tell us what you think in the comments section below.