Business of Cybercrime

THE BIG BU$INE$$ OF

CYBERCRIME

Cybercrime has become a big business – an entire ecosystem of organizations run just like yours. Keeping up with the players, weapons, and enemies can feel like a free-for-all action game. To fight back, we need to understand that world and its key actors and methods.

Randsomware as a service operators
organized cybercriminal
Insider threats
Nation-state sponsored actor
Black hat hackers
Novice attackers
How big is the cybercrime business?

The $1.5 Trillion Dollar Cybercrime Industry

  • #1
  • $1B
  • 3X
  • $6.9T
THE BUSINESS OF cybercrime IS SHIFTING

Exposing the Ecosystem

As organized cybercrime entities join forces—forming groups and organizations—Arctic Wolf® is shedding a light on the full extent of the online cybercriminal ecosystem that enables these attacks, their business models, and the bad actors targeting your organization.

Cybercrime in Action

Ransomware as a Service (RaaS)

What is RaaS?

Ransomware-as-a-Service (RaaS) is the commercialization and commodification of ransomware where individuals or ransomware gangs sell ransomware tools to affiliate groups for use.

Attack Method

In these kinds of attacks, the ransomware is purchased by affiliate groups from developers or ransomware gangs and then deployed. The developer usually takes a cut of the profits as well.

Ransom Payments

In late 2020, Darkside, a ransomware gang, announced the launch of their own affiliate program in an effort to maximize revenue. They announced details of the program on two major Russian cybercrime forums: they would provide a crypto-locking malware code with a unique ID embedded for each affiliate.

For every victim that pays a ransom, the affiliate shares the take with the ransomware operator taking anywhere from 10-40% of the ransom payment.

See how effective our response timeline is when a ransomware attack happens.

Cybercrime in Action

Business Email Compromise (BEC)

What is BEC?

Business email compromise (BEC) is the tactic of spoofing and taking over email addresses.

Attack Method

BEC attacks can come in various forms – from attackers positioning themselves as the CEO requesting an emergency fund to acting company suppliers and requesting fund transfers to fraudulent accounts.

Cybercriminals deploying BEC attacks target employees up and down the corporate ladder.

Fueled by Payouts

In August 2021, officials in Peterborough, NH were scammed out of $2.3 million in a BEC scheme. Bad actors outside the country had sent two separate emails over a period of several weeks, purportedly representing the local school district in one case and a construction contractor in the other. Each netted more than $1 million.

See a real life BEC attack in action and how Arctic Wolf helped the organization defend themselves.

Cybercrime in Action

Zero-Day Exploits Market

What is the Zero-Day Exploits Market?

The commercial activity of trafficking software exploits.

Attack Method

Since Zero-Days are flaws or loopholes already present in the system in place, it makes the attack more reliable and sophisticated. They are undetected until the day they are released and therefore can be exploited while staying under the radar, which makes them highly effective for threat actors.

Making Money from Vulnerabilities

Zero-day vulnerabilities can be used in several ways to make money. Initial cybercriminals seek out and discover these vulnerabilities within vendor systems and turn around and sell the zero-day threats to threat groups at expensive rates.

Threat actors who have access to these threat in turn use zero-day vulnerabilities to steal data and request large sums through a ransomware attack in order stop the release of this data.

Explore an example of the Microsoft Exchange Vulnerabilities exploit in action and how it was resolved before damage could be caused.

WHO TO LOOK OUT FOR

Meet the Players

While there are many cybercriminals out there, these are the six key threat actor groups to look out for.

ORGANIZED
CYBERCRIMINAL
INSIDER
THREAT
NOVICE
ATTACKER
RAAS
OPERATOR
NATION-STATE
SPONSORED ACTOR
BLACK HAT
HACKERS
organized cybercriminal
Nation-state sponsored actor
Black hat hackers
Insider threats
Novice attackers
Randsomware as a service operators
organized cybercriminal
ALL ABOUT THE BENJAMINS

They want access to personal, financial, or health data in order to sell it on the dark web. For the retail sector, the stolen data from these hacks typically appears on the black market within days of the theft.

Cybercriminals operate behind anonymous peer-to-peer networks, using encryption technologies and digital currencies to hide their communications and transactions.

Depending on the attack type, they may work solo or as part of an organization, but they often have relationships with each other.

CHARACTERISTICS

REAL-LIFE EXAMPLES

TECHNIQUES

  • Phishing

  • Social engineering

  • Business email compromise (BEC)

  • Malware

  • Ransomware

  • Remote access trojans

Targets

  • Large cash

  • Data-rich enterprises

MOTIVATORS

  • Financial gain/profits

Business Model & Financing

Provide Ransomware as a service (RaaS), extract ransoms from targets. Usually paid in decentralized currencies / crypto / other digital assets.

IMPACT TO GLOBAL ECONOMY

Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year, reaching $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015.

Nation-state sponsored actor
WORKING FOR AND WITH GOVERNMENTS

Nation-state attacks are originated and executed by entities working for and with the approval of a government against another government. A true force to be reckoned with, these attackers can cause unparalleled damage. They are often backed by substantial financial, technical, and material resources.

They’ve been known to exfiltrate data, steal sensitive information, and redirect funds as part of national espionage programs. Their goal is to spy on or steal from businesses or governmental bodies in order to further the interests of their nation.

CHARACTERISTICS

REAL-LIFE EXAMPLES

TECHNIQUES

  • Custom malware

  • Zero-day vulnerabilities

  • Hidden malware

  • Ransomware

  • Quieter tactics

Targets

  • Government

  • Military

  • Corporations

MOTIVATORS

  • Political

Business Model & Financing

Works as an unofficial extension of a federal government, financed by 3rd party contracts or undisclosed state funding.

IMPACT TO GLOBAL ECONOMY

In the United States alone, the value compromised information due to international hacking is estimated between 25 billion and 100 billion dollars annually.

Global espionage is occurring all around the world, and although the size of the damage varies, the effects are generally the same. China currently receives about 13% of all cyber attacks globally.

Black hat hackers
SOPHISTICATED AND ALONE

A large number of individuals in the cybercrime world hack computers just because they can. They’re known as Black Hat Hackers or Rogue participants, and they always break into networks and systems with malicious intent. They may also insert malware, conduct ransomware attacks, or steal data like credentials, financial data, or other personal information.

Black hats are motivated by self-serving reasons, such as financial gain, revenge, or simply to spread havoc. Sometimes their motivation might be ideological, by targeting people they strongly disagree with.

Black hat hackers often develop specialties, such as phishing or managing remote access tools. They find their jobs through the dark web, develop and sell malicious software themselves, or work as a contractor through franchises or leasing arrangements.

CHARACTERISTICS

REAL-LIFE EXAMPLES

TECHNIQUES

  • Customized codes/scripts/ penetration testing

  • Custom malware

  • Zero-day vulnerabilities

  • Ransomware

  • Phishing

Targets

  • All Organizations

MOTIVATORS

  • Financial motivation

  • Revenge

  • Entertainment

Business Model & Financing

Financial motivation, revenge or simply for entertainment.

IMPACT TO GLOBAL ECONOMY

Similar to novice attackers, it is hard to trace the total global impact of lone Black Hat hackers, but global cybercrime is expected to grow by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025.

Insider threats
THE THREAT’S COMING FROM INSIDE THE ORG

Insider threats are bucketed into two categories – those who unintentionally make mistakes opening up their organization to attacks, and those who maliciously take advantage of privileged access in effort to harm the company.

In cases when employees turn against employers, the impact can be devastating on a business and their security. Additionally, certain threat actors will infiltrate a workforce, express grievances via criminal activity, or turn insiders towards their cause with the promise of financial reward. This is a malevolent threat, given that the insiders they turn have privileged access. Disgruntled former employees are an especially tempting target for organized cybercriminals looking to gain easier access to an organization.

CHARACTERISTICS

REAL-LIFE EXAMPLES

TECHNIQUES

  • Privileged insider access to systems and networks

Targets

  • Disgruntled employees

MOTIVATORS

  • Revenge

  • Monetary gain

  • Competitive advantage

Business Model & Financing

The insider could be disgruntled and looking to exact revenge on their former employer by inflicting maximum pain. They may also be compromised or blackmailed by an outside threat actor using them to help hack your organization.

IMPACT TO GLOBAL ECONOMY

The latest research from the Verizon 2021 Data Breach Investigations Report, suggests that insiders are responsible for around 22% of security incidents.

Overall, the average global cost of insider threats has increased 31% over the last 2 years, from $8.76 million in 2018 to $11.45 in 2020 and the largest chunk goes towards containment, remediation, incident response, and investigation.

Novice attackers
IT’S FUN TO DO BAD THINGS

Novice attackers they are usually younger people who acquire hacking tools built by more talented hackers.

They may often be unsophisticated, highly visible, and impulsive with their attacks. Despite their name and lack of depth of knowledge, many of these threat actors can still be dangerous. Companies that haven't taken basic security precautions are a prime target.

Some novice attackers may also begin to sell their services to others, contracting out their services to larger criminal organizations in an effort to make money off their hobby. They do not always realize the seriousness of the organizations they are contracting for, they’re simply motivated by the entertainment and monetary gain of their “hobby.”

CHARACTERISTICS