Cyber Criminals and the Business Insider

Cyber Crime Business Insider

You’re on the morning train on the way to work and take a look at the guy next to you. He’s clean-cut, wearing a crisp suit and holding a leather briefcase just like dozens of others. Just another worker headed to the office, right?. Yes, but not in the way you think he is. That person is going to work but rather than creating reports and spreadsheets, he’s part of a criminal ring dedicated to breaking into corporate networks to steal data and money. Hackers are no longer basement-dwelling weirdos as they are portrayed in Hollywood productions. They’re business people.

Hackers have grown increasingly organized and sophisticated as the years have passed. The reason for this is simple: there are millions of dollars available to them. Thousands of businesses do not have the capital or employee resources to adequately protect sensitive information and make easy marks for enterprising people with computer skills and questionable moral compasses. Like any business, criminals have evolved their practices to promote growth and capitalize on new opportunities.

Black Collar Jobs

cyber criminals

Like any corporation, continuous improvements are made to further successful operations and strengthen results by investing capital. Hackers have done just so. Within the last year, cyber criminals have pocketed more than $24 million dollars from ransomware alone. This is just the beginning. Hackers have used their ill-gotten gains to create livable wages and recruit others to strengthen their operations. One could even call them entrepreneurs, as they are straightforwardly organizing and operating large-scale organizations analogous to those of the corporate world. And with any entrepreneur that sees his or her business going well, they open the opportunity for someone else to jump on the bandwagon. In fact, entrepreneurial hackers have become so successful that they are franchising their ransomware businesses to any wanna-be hacker ready to compromise their values for some quick cash.

In the past, ransomware attacks could point to one cybercriminal doing all the work themselves from building the software to setting up infrastructure to executing the attack. But just as any business evolves, ransomware operations have too, there’s a criminal carrying out each duty essential to a planned attack.

It begins with the ransomware developers, the masterminds behind the Malware itself. They are the builders in the ransomware world that design and create a plethora of attacks ranging from the malware itself to malvertising exploit kits.

Then comes the ransomware operators whose job it is to make sure the malware is downloaded by unsuspecting users. These cybercriminals hackers are the ones who facilitate the attack and lurk around businesses, creating lists of targeted victims and, once ready, inflict their particular brand of devastation. But their duties don’t stop there. They’re also customer service reps.

Everyone knows that with every good business, strong customer service and marketing is key. When businesses learn that they are the victims of a ransomware attack, they have a lot of questions. What happened? How do I pay you? How do I get my files back? Ransomware operators provide victims with a “customer-service line” that can guide them through the entire extortion process. This line quickly guides the victim through the steps necessary to get access to their files back, after paying a “modest” fee of course. The reasoning is simple: by making the process relatively pain-free, hackers improve their chances of getting their victims to pay. In fact, the average ransomware payment is roughly $300 which is not a high barrier for most businesses to clear. What’s a day’s worth of your time worth?

From Anarchy to Structure

The professionalization, franchising and systemization of ransomware activities has given each hacker the ability to focus on and hone their specific trade. As a result, attacks are more effective and targeted than ever before and businesses need to take data protection seriously. While it’s typically used to describe musicians or actors, it’s possible that the hacker community has sold out. The anarchists of yesteryear may have retired their brightly colored mohawks, but they’re being replaced by modern-day professionals that are business people just like you and I.

By Todd O’Boyle

Using Data Scraping to Learn What You Need to Know
Data Scraping Opportunities How can you know what you don’t know? It sounds like a rhetorical question, but it is in fact a vital component of business strategy. As much as any company or organization ...
JK Chelladurai
Usage-Based Pricing We are now in an era where many businesses are flipping their business model and shifting from subscription-based pricing to usage-based models, to better cater to the modern ‘pay-as-you-consume’ buyer. So what exactly ...
James Corbishly
Teams Sprawl in the Remote Workspace As working from home has become the new everyday norm, with more employers embracing the remote-work model as a new and likely permanent fixture of the employment world, there ...
Dana Gardner
Low-code Development Has Entered a Maturity Spurt Closing the gap between the applications and services a company needs -- and the ones they can actually produce -- has long been a missing keystone for attaining ...
Metasploit-Penetration-Testing-Software-Pen-Testing-Security
Vulnerability Scanners Cyber security vulnerabilities are a constant nuisance and it certainly doesn't help with the world in a current state of disarray and uncertainty. Vulnerabilities leave businesses and individuals subject to a wide range ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.