Skip Links

Cybercriminals are just businessmen at heart

By Antone Gonsalves, CSO
December 26, 2012 08:35 AM ET

CSO - Cybercrime today is a full-fledged business with executives, middle managers and workers who depend on a variety of service providers to keep the illicit operations humming, a new study shows.

Supporting these criminal enterprises that mirror legitimate commercial enterprises is a shadow underground of chat rooms, Web portals and marketplaces for finding and hiring people and buying or leasing malware, exploit code and botnet-building tools, says the 2013 Cybercrime Report from Fortinet.

Also ready to lend a hand are tech consultants and hosting providers ready to turn a blind eye in return for payment.

The upshot of all these resources for building, deploying and running botnets is that "anyone can make a quick buck without having to be technically adept," the report says. "

"This has led to an explosion in monthly malware volumes, which are three times greater than four years ago," it said.

The organizational structures of these illicit businesses are eerily close of legitimate companies. Executives make decisions, oversee operations and are generally responsible for keeping everything running smoothly.

"Once they get the operation off the ground, they then move to a business development role and hand off the dirty work to the infantry and are not involved with launching attacks," the report says.

[See also: Cybercrime 'much bigger than al Qaeda']

The infantry, comprised of common workers, is typically under the supervision of middle managers recruited through old-boy networks or underground forums. The managers often work with recruiters to hire people to infect machines using a variety of methods, such as email links, poisoned PDFs, compromised Web sites and social-networking links.

To fine recruits, ads are placed on Internet job boards, hacking message forums and underground IRC chat rooms. There are also invitation-only, help-wanted portals that typically originate from Russia, Fortinet says. These portals provide all the tools new recruits need, including malware, URLs to support forums, payment rates and how to receive payments after completing a pre-set number of infections.

The botnets run by the criminal groups perform a number of functions. They are used to download malware and to steal credentials and data from bank accounts and social networking sites. Compromised systems can also be used to proxy malicious traffic, house data, encrypt critical data for ransom and generate revenue through click fraud.

A variety of service providers have sprung up to assist these criminal enterprises. Services include high-performance password cracking that charges $17 per 300 million attempts, which take about 20 minutes. These services are often used to crack passwords for online services.

Research-and-development organizations also exist for creating custom-ordered code, fake antivirus software, ransomware, deployment systems and exploit code. The technology can be bought, leased or rented.

Hosting providers are key to the success of cybercriminals, who need locations to store exploit code, malware and stolen data. Typical providers that don't care what's stored on their servers are often found in Russia and China.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News