How cybercrime is going pro

With the potential to profit from or disrupt through cybercrime never greater, cybercriminals are getting increasingly serious about their work

By Jo Best

Wed 9 May 2018 @ 16:48

When cybercriminals first began to make their presence felt in the 80s and 90s, they were typically lone individuals who infiltrated networks or wrote viruses to show off their technical skill. Today, they're more likely to be members of highly-organised networks, salarymen in organisations that have come to resemble multinationals in their structure and approach. Once practiced by ‘artisans’, cybercrime is now the province of the professionals.

As cybercrime has become a more lucrative industry, it’s attracted a growing number of practitioners. Facing increasing competition, cybercriminals have been forced to find new ways to outpace their rivals – and law enforcement. It’s therefore little surprise that the cyberthreats organisations now face are more sophisticated and fast-moving than ever before.

Cybercriminals now look to those who know how to make a profit in a tough market: they are increasingly modelling their setups on those of legitimate corporates, taking tips from multinationals in an effort to expand or stay profitable.

Like respectable executives, cybercriminals have learned the importance of building up a knowledge network. However, rather than networking dinners in city venues or swapping contacts on LinkedIn, crooks can use dedicated cybercrime forums to share knowledge and experience, as well as meet up to strike trades.

One early example of such forums offered credit card fraudsters a skills exchange, allowing them to advertise and pool their individual areas of expertise in order to fill any skills gaps and address all aspects of the criminal value chain. It's a model that was built on by the cybercrime gangs that came after, who now employ staff based in a series of geographical time zones, allowing them to offer a 24-hour service.

The cybercriminals have recognised there's money to be made by copying legitimate businesses in other areas too. As well as running their own scams in-house, crooks are now selling on their software for others to use, either for a one-off fee or for a percentage of the profits. Other criminals prefer to offer their crime kits on a lease basis: software-as-a-service has come to the malware underground marketplace in the same way it has to the legal software industry. And, like those professional software companies, criminals also offer guarantees alongside their code, including service level agreements and terms and conditions of use.

Hackers have also picked up a tip or two on salesmanship from the blue-chip companies they are increasingly emulating. Researchers have discovered crooks have produced slickly-made ads to sell their wares, while others have adopted a 'try before you buy' approach to lure in new buyers, offering prospective customers a free trial of malware before they are required to purchase it.

The professional approach to cybercrime can now be found at all levels of the industry, even among those just starting out on their criminal career. Crooks have worked out how to give their more junior colleagues the first steps into the world of cybercrime: offering training to help them build up their skills. And, like regular business qualifications, cybercrime training isn't cheap: one course priced at $1,000 offered would-be credit card scammers a wealth of material on how to find legitimate sources of stolen credit card credentials, carry out social engineering, and make off with the profits.

And, like legitimate industries, as cybercrime has grown, so an ecosystem has sprung up around it to cater to its practitioners. Like many others seeking to take part in illegal commerce online, hackers and malware writers use the marketplaces of the dark web to track down new tools of their trade.

There, too, are mechanisms borrowed from legal industries: purchasers leave feedback for each other's wares and have ways to guarantee that those offering hacking tools or exploit kits for sale are who they say they are, rather than undercover police. Honour among thieves? The professional thieves of today would rather not take a chance.