Skip to content

Who’s who in the cybercriminal underground

March 14, 2022 – Published on CSO Online

We are at a point in time when cybercriminals including ransomware gangs have established themselves as organized, illicit businesses rather than a one-person hacking operation. More and more ransomware groups have emerged and existing ones continue to prosper in terms of repeatedly attaining success with breaching prominent organizations.

CSO spoke to industry experts about threat actors employing newer tactics and techniques, as well as some key roles assumed by threat actors that have evolved over time.

While the cybercrime landscape might have been much simpler to decipher years ago, the different key roles assumed by actors: from IABs to exploit developers to “as-a-service” providers evolved from “opportunities to monetize specific phases of the attack chain,” and limiting the need for actors to be proficient in all aspects of conducting an attack operation, says Drew Schmitt, principal threat intelligence analyst at GuidePoint Security.

Previously attackers would execute an entire attack independently. The task was often time consuming and did not guarantee successful outcomes. Individuals and groups soon found their niche over time, and “realized that they could exponentially increase their profits by selling one part of the attack chain or selling the same malware (with different configurations) to a wider group of buyers,” says Schmitt. “Through this model they were able to make more money while doing substantially less work.”

Read More HERE.