If crime doesn’t pay, some cyber criminals won’t be aware of it. According to a report released on Monday by Trend Micro, a top team member in a cybercrime organization like Conti can earn an estimated US$1.1 million per year.
Since cybercrime groups don’t file reports with the SEC, the leaked information about the salaries the group earned by a top money maker in a large criminal enterprise like Conti and estimated revenue of $150 million to $180 million is based on a report by Trend Micro. represents a best estimate. million.
Trend Micro researchers said, “The facts gleaned from the leaked conversations paint a picture of the Conti organization as more semblance of a large, legitimate business.”
“It appears that these criminals have managed to create a complex organization with multiple layers of management and internal rules and regulations that mimic a legitimate corporation,” he added.
The report “Inside the Halls of a Cybercrime Business” by David Sancho and Mayra Rosario Fuentes, focuses on the revenue and organization of three different criminal groups – one small (less than $500,000 in annual revenue), one medium (up to $50 million) And a big one (over $50 million).
size affects specialization
Like any enterprise, size affects how specialized a criminal organization needs to be, observed Trend Micro vice president of market strategy Eric Skinner.
“A smaller group will specialize in one area – either subcontracting other aspects of their operations or being a niche provider to larger groups,” he told TechNewsWorld.
“As a conglomerate gets bigger,” he continued, “they can bring more niche skills in-house to reduce costs or have more control over their supply chain.”
“Criminal organizations mirror legal business because both are trying to maximize profit,” he said. “An organization that is not motivated by profit, say an utopian or terrorist organization, will often have different structures to reflect their different goals.”
As criminal organizations grow, they face the same “business” challenges as legitimate organizations, including recruiting, training, software development, business development and marketing, noted Sean McNee, internet intelligence expert. is the vice president of research and data at Domain Tools. Seattle.
“As such,” he told TechNewsworld, “they have adopted many best practices and business models to address the same issues legitimate organizations face in managing these challenges.”
McEnany said the cybercrime ecosystem is a competitive free market that is maturing rapidly.
“Relationships in that economy allow organizations to find technical expertise, efficient affiliation and sales models, and the ability to scale effectively,” he continued. “Cybercrime operations can be viewed in the context of tech startups – capitalizing on momentum, iterating rapidly to product-market fit and building business partnerships.”
Criminal organizations are no different from for-profit corporations, said John Bambenek, principle threat hunter at Netenreich, an IT and digital security operations company in San Jose, California.
“They need to organize people and processes to accomplish their mission of making money,” he told TechNewsWorld. “They’re just willing to use criminal tools to get it.”
Not only do traditional business models have a proven track record of success, but they also scale well, said Erich Krone, a security awareness advocate at KnowBe4, a security awareness training provider in Clearwater, Fla.
“In dealing with groups of criminals, there must be a clear delineation of authority, and there must be checks and balances to ensure that these criminals are not stealing from their own cybercrime organization,” he told TechNewsWorld. “Organization and well-defined authority are important in ensuring a smooth operation.”
The report states that determining the size of an organization can be important information for law enforcement.
It explained that knowing the size of a targeted criminal organization could allow stalking groups to prioritize over others in order to achieve maximum impact.
“Also note that the larger the organization, the less vulnerable it may be to arrest, but the greater the risk of manipulation,” the researchers wrote.
“Data-gathering techniques are important,” he continued, “if there is anything the leaked Conti chats have taught us, it is that information disclosure does far more to paralyze group operations than server takedowns.” Might be powerful.”
“Once private information is leaked, the relationship of trust between group members and their external partners can be irreversibly broken,” he said. “At that point, it is more difficult to re-establish trust than simply changing IP addresses or switching to a new Internet provider.”
sacrifice of scales
Crone pointed out, however, that cybercrime operations that are well organized will be very difficult for law enforcement to penetrate and gather information.
“They can protect the top leadership by pinning the blame on many levels below them,” he said. “Similar to street drugs, usually low-level, street vendors are arrested, while kingpins and large-scale traffickers go unpunished.”
Trickbot and Conti were recruited at technical universities and on legitimate job search sites, and it’s likely those recruiters weren’t aware of the work they were supporting, said a senior at Flashpoint, a global threat intelligence company. Andras Toth-Szifra said the analyst.
“The arrest of one person may not necessarily compromise an organization because lower-level employees may not be aware of the work they are supporting,” he told TechNewsWorld. “Analysts have observed similar tactics employed to recruit unwitting money mules.”
Skinner said that with increased organization and specialization, cybercrime groups are moving faster and more effectively during each phase of an attack.
“While most attacks still begin with phishing or the exploitation of vulnerable Internet-facing assets, we are seeing an increase in supply-chain attacks,” he said.
“And,” he continued, “we are seeing an evolution in extortion tactics, beyond destructive ransomware, with a greater focus on threats of data theft and public disclosure of sensitive information.”
“What we’re seeing is a shadow economy developing,” McEnany said.
He noted that recent trends focus on specialization and division of labor within groups as they mobilize the resources needed to grow and mature their criminal enterprises.
“Cooperation has always been the hallmark of many of these groups,” he said. “With consolidation in some of the larger organizations, their ability to develop certain capabilities in-house has increased.”
“With the proliferation of the ransomware-as-a-service model, the marketing and support of customer support and their ‘customer success’ has also increased,” he added.
One of the attractive things about cybercriminals is the speed at which they adopt cutting-edge technology, said Andrew Barratt, managing head for solutions and investigations at Coalfire, a provider of cybersecurity advisory services based in Westminster, Colo.
“A few years ago, we knew of criminals using AI and machine learning to perform language processing – all pre-chat GPT – to mimic the language used in emails used by their targets. For.”
“They’re cloud-friendly, globally diversified, and in a lot of cases, willing to take risks with new technology because the payoff can be so high,” he said.