How Organized Cybercrime Works

Cybercrime is on the rise, in part because hackers have learned to run their operations like an agile, modern business.

“We believe that data is the phenomenon of our time…it is the new basis of competitive advantage, and it is transforming every profession and industry,” declared IBM CEO Ginni Rometty at the 2015 IBM Security Summit. “If all of this is true — even inevitable — then cybercrime, by definition, is the greatest threat to every profession, every industry, every company in the world.”

Three years later, the numbers support Rometty’s bold conclusion. According to Cybersecurity Ventures’ 2017 Annual Cybercrime Report, the worldwide cost of cybercrime will grow to $6 trillion per year by 2021, double what it was in 2015. By some estimates, cyber-theft is the fastest-growing crime in the United States.

And while many people in the corporate world still picture basement-dwelling loners when they think of a “cybercriminal,” the reality is that modern large-scale cybercrime looks far more like a corporate enterprise than we’d like to imagine. Not unlike the most powerful drug cartels, cybercrime rings are more agile, more efficient, and oftentimes more organized than the security experts working to stop them.

The Familiar Organizational Structure of Cybercrime Rings

Just like a standard enterprise, a cybercrime ring typically adheres to a clear organizational structure, one with well-defined roles and an agreed upon chain of command. At the top will be an organizational leader, an individual responsible for conceiving of and planning each cyberattack and ensuring that every person below them understands their role and communicates effectively both up and across the chain of command.

Worried about cyberthreats? Read our white paper for more cybersecurity  insights.

Cybercrime rings also almost always have a team of in-house programmers who are tasked with developing new variations of malicious software capable of infecting targeted systems, spreading quickly and widely, and most importantly, evading detection. According to McAfee Labs’ 2018 Threats Predictions Report, the total amount of known ransomware alone grew by 56% last year. That shows just how dedicated cybercriminal rings are to creating malware that’s more dangerous, less visible, and harder to stop than what their targets are expecting.

The next two roles — network administrators and intrusion specialists — often operate in tandem and are the critical players while an attack is taking place. A network administrator manages their ring’s full slate of malicious payloads (viruses, ransomware, denial-of-service attack packets, etc) deciding which “tool” to use and which moment represents the best opportunity to launch the attack. An intrusion specialist, on the other hand, is charged with making sure that any and all malicious software that is successfully installed on the target’s systems continues running for as long as possible.

Finally, in order to guarantee that their scheme ends up being profitable, cybercrime rings employ both data miners and financial specialists. Data miners organize and reformat stolen data in order to make sense of it, while financial specialists determine how much money the specific information they’ve stolen is worth on various black markets.

Unfortunately, taking down any one of these team members doesn’t necessarily compromise the entire crime ring. For one, cybercriminals often prefer to give and receive compensation in the form of untraceable cryptocurrencies like Bitcoin. This effectively eliminates the “paper trails” that have undone criminal organizations in the past.

What’s more, cybercriminals are careful to only share incriminating information on the Deep Web (a term that refers to all the online content that is not indexed by traditional search engines) where anonymity is easily achieved. Many cybercrime rings “subcontract” various roles to anonymous individuals they find in these “hidden” corners of the internet, greatly reducing the likelihood that any one person knows enough to harm other team members.

Finding a Way to Fight Back

While dismantling — or even finding — cybercrime rings is well beyond most companies’ cybersecurity capabilities, the good news is that there are steps every organization can take to protect their critical systems from catastrophic attacks.

First and foremost, effective cybersecurity hinges on sophisticated asset management. Companies must take the time to identify the authorized and unauthorized users and devices connected to their networks. Otherwise, they are going to be completely oblivious if and when a cybercriminal attempts to infiltrate their IT infrastructure via a suspect device. Further, companies should invest in network auditing, also known as “white-hat hacking,” in order to identify and address the kinds of vulnerabilities that cybercriminals are looking for.

Whether a company is looking for an end-to-end network assessment, assistance with employee training, or full-on managed IT servicesTurn-key Technologies (TTI) is the perfect security partner for the job. Over the course of more than 25 years of helping organizations protect their systems from cyberattacks, we’ve developed the expertise necessary to secure corporate IT infrastructures large and small. In a world where cybercrime shows no sign of disappearing, robust network security of the kind TTI provides will become an increasingly essential component of any modern business model.

By Craig Badrick


Sign up for the TTI Newsletter