IT security professionals are constantly reminded that cybercrime is an evolving discipline. But up until now, it's been anyone's guess as to where their digital adversaries are gathering their notes. While some would assume that hacker operations are as chaotic as the threats they spawn, it seems that a surprising portion carry on with militaristic precision. According to an undercover investigation from researchers at Fortinet, cybercriminal groups are actually organized along many of the same lines as the corporate entities they're targeting.
Cybercriminal talent management
Although their code of ethics is decidedly looser than the one observed by corporate human resource professionals, cybercrime masterminds often weigh similar considerations. Elaborate operations cannot be executed single-handedly, and talent recruitment and management are often central to success.
According to CSO Online, cybercrime directors will reach out to their underground talent pool with ads hidden in legitimate Internet job boards, postings in hacker forums and invites to private portals. Foot soldiers may not even need evolved technical skills depending on the task, but middle managers are recruited more judiciously from the ranks of previous partners and reputation-based online communities. In many cases, there is even a probationary period in which new hires are presented with a number of challenges that test their potential.
While this level of refinement is cause enough for concern, companies should also be aware of some potentially surprising co-conspirators. According to CSO, researchers discovered that a number of IT consultants and hosting providers were willing to turn a blind eye to malicious operations – for the right price. As a result, the organizational structure of cybercriminal groups may not only mirror that of a target company, the two frameworks may even overlap as opportunistic administrators play both sides.
Division of labor
Once cybercriminals have filled their pipelines with talented recruits, they also exhibit an impressive knack for specialization. While some foot soldiers can be molded into virtually any shape of digital mercenary, others are brought into the fold for their unique brand of skills.
According to Network World, researchers found that entry-level recruits were often tasked with manually breaking the CAPTCHA codes which are now omnipresent across websites. While this mind-numbing work would only net low-level criminals less than $1 for every 1,000 codes cracked, their labor remains fundamental to botnet operations. Slightly higher up the ladder, Fortinet found that malware infection and spreading services could fetch approximately $100 per 1,000 installs.
Aside from job opportunities, cybercriminal marketplaces are also defined by their availability of ready-made exploits – and even consulting services. For instance, an aspiring hacker in the market for a quick buck could rent a botnet for approximately $100 an hour. Alternatively, they could spend around $400 for expert assistance in setting up a crimeware platform of their own.
And for the truly ambitious hacker, researchers found that the latest versions of the Zeus botnet code could be purchased for $3,000 while Butterfly code only cost three figures.
This underground economy also reflected overriding themes of meritocracy and free market principles. Aside from monitoring employee performance and promoting successful collaborators, it seems cybercriminals have a keen idea of how much certain services are worth.
According to Network World, installing malicious code on U.S.-based computers was deemed nearly 15 times more valuable than identical activity on Asian computers in certain scenarios. As researchers noted, the market for Asian malware is relatively saturated and the risks and rewards found in the U.S. are far greater.
Security News from SimplySecurity.com by Trend Micro