The inner mystery of the operation of high-tech criminal groups

Tram Ho

Active cybercrime groups are no different from how a company or corporation operates, even a CEO or a project manager. They work during office hours, they rest on weekends, they have regular hours, and they also have a holiday.

Crime groups in the virtual world compete with each other on customers, excellent talents, and senior leaders as CEOs to help the group comply with order and towards user pocketing. Researchers from IBM and Google describe how criminal groups operate similarly to a company or business. “We can see the discipline of the criminal group, they operate during office hours, they rest on weekends, they have regular hours, and they also have a vacation,” said Caleb Barlow, expert IBM Security’s Security array said. “Each organization is different. For organized criminals, there are certainly bosses and many subcontractors, like contractors building houses with electricians and watermakers. Understanding the hacker structure that builds your organization is extremely important for companies to deal with, because the underworld works in tandem with the broad economy outside.

Set up and complete quarterly targets

In the structure of a cybercrime group, under the CEO there will be outsourced or independent project management members, to deploy the various components of each security attack. If the goal is to make money from attacks and steal information from an organization, some project managers will assume different functions within their capabilities. The malware expert will start by purchasing or changing a product to take up the required piece of information required by the criminal group. Another expert will send fraudulent messages to spread malware to target companies. Once the software is delivered to the destination, the third expert will expand the group’s access to the target organization, and look for special information that the criminals want to make a profit on the black market.

IBM provided an image illustrating a real attack that took place in 120 on a Fortune 500 company from the perspective of the criminal group implementing it (See the big picture here ). The goal of this attack is to steal and destroy data, different colors represent different functions, according to Christopher Scott of IBM’s X-Force team. To the left of the illustration, the attackers focused on hurting the business network to stand in the business organization. The remaining objects attack employee accounts to steal personal data, thereby accessing sensitive information areas. The space in the timeline shows the periods when hackers temporarily stop working to avoid sensors to detect abnormalities of companies. After 120 days have ended, other subjects, shown in bright red, appear and finish work, using a variety of malicious code to wipe away traces and company data.

Same competition, cooperation

Crime groups do not work in a vacuum. Andres Guerrero-Saade, the leader of the research team at Chronicle, Alphabet’s cyber security company, said about B2B services that exist in the underground market, or even steal the opponent’s results. “If I were a good programmer, I would create ransomware malware and sell it, just like normal companies. But no, I will keep it and if you find the victim to infect it and make money, I will ask for 10% or 20%. ”

Some such service providers have experienced a drop in revenue in recent years. In the first half of the 2010s, a type of malware named trojan banking – stealing user information to steal money in their accounts – became popular. Therefore, professional money laundering providers are used. Recently, the time of ransomeware and criminals can make money directly, so the demand for these services has decreased significantly.

Crime groups also have members who are responsible for aggressively encroaching on competitors’ territories. This is quite common in the field of DDoS attacks, when the target company’s computer network is denied services. DDoS attack services provided by criminal groups on the network have dozens, hundreds of thousands of computers were previously attacked, also known as botnets. Guerrero-Saade expert said that it is not uncommon for DDoS attacks to be performed on computers belonging to the opponent’s network, and also for botnets. The more computers in the botnet, the more effective the criminal group works.

The more you grow, the easier it will be to fail

Companies are increasingly progressing in identifying signs of many different criminal organizations. Sometimes, criminal groups are strong and overly regulated leading to more vulnerability. Dyre, a criminal gang specializing in banking trojans, was summed up in 2015 due to the size. For organizations that operate in a strict manner, their activities will be more predictable than before. Knowing this trend is important for companies when dealing with high-tech crime, especially when the budget is not infinite.

Share the news now

Source :