Cybercrime is maturing as a business model.Cybercriminals can call on an extensive network of specialists for “business” expertise, including people who train and recruit, launder money, and provide escrow services, according to Hewlett Packard Enterprise.
The cybercriminal underground includes people who provide human resources functions, like recruiting and background checks, but also specialists who help market and sell exploit kits and compromised data and others who serve as middlemen in anonymous transactions, says The Business of Hacking white paper from Hewlett Packard Enterprise.
Shogo Cottrell, a security strategist with HPE Securitysaid “Cybercriminals are increasingly taking a business-based approach toward their activities. With some organizations developing in-house training for disaster recovery, and other business functions, and others contracts for those services in the underground marketplace. Cybercriminals are embracing the traditional sound business practices of increasing your revenue, reducing your costs, maximizing your profit.”
“It’s hard to maintain trust and a reputation in the cybercriminal community, given that there’s a lot of paranoia and there’s a lot of distrust. With a marketing team, they can market the things they’re doing a put a good face in front of the underground public” said Cottrell.
“Some criminal hacking businesses offer 24-by-seven telephone support, others offer money-back guarantees on their products. They are following the money, in a sense. These traditional business models, with marketing teams focused on the reputation of the cybercriminal groups, help build up the group reputations in the criminal underground,” he added.
Organized crime and intellectual property theftoffer large paydays, but can be difficult to pull off and can be risky. Advertising fraud and extortion, on the other hand are identified as types of cybercrime that have high payout potential while requiring relatively little effort and involving low risk to criminals. Hacktivism and credit card fraud are relatively easy and low risk but offer low payout potential reported HPE paper.
Businesses can disrupt hacker profits by using end-to-end encryption on their sensitive data, and by deploying application security tools,”Attackers prefer easy targets, so deploying any technologies to harden your assets will have dramatic results,” HPE paper recommends.