Cybercriminals are increasingly embracing a sophisticated business-model approach

Criminal hacking groups can employ HR specialists, marketers, and training gurus, HPE says

Cybercriminals can call on an extensive network of specialists for "business" expertise, including people who train and recruit, launder money, and provide escrow services, according to HPE.

The cybercriminal underground includes people who provide human resources functions, like recruiting and background checks, but also specialists who help market and sell exploit kits and compromised data and others who serve as middlemen in anonymous transactions, says The Business of Hacking white paper from Hewlett Packard Enterprise.

Cybercriminals are increasingly taking a business-based approach toward their activities, with some organizations developing in-house training, disaster recovery, and other business functions, and others contracting for those services in the underground marketplace, said Shogo Cottrell, a security strategist with HPE Security. Cybercrime is maturing as a business model, he added.

"They are following the money, in a sense," Cottrell said. Cybercriminals are embracing the "traditional sound business practices of increasing your revenue, reducing your costs, maximizing your profit."

Some criminal hacking businesses offer 24-by-seven telephone support, others offer money-back guarantees on their products, Cottrell said.

These traditional business models, with marketing teams focused on the reputation of the cybercriminal groups, help build up the groups' reputations in the criminal underground, Cottrell said.

It's hard to maintain trust and a reputation in the cybercriminal community, "given that there's a lot of paranoia and there's a lot of distrust," Cottrell said. With a marketing team, "they can market the things they're doing a put a good face in front of the underground public."

The HPE paper identifies advertising fraud and extortion as types of cybercrime that have high payout potential while requiring relatively little effort and involving low risk to criminals. Hacktivism and credit card fraud are relatively easy and low risk but offer low payout potential.

Organized crime and intellectual property theft, on the other hand, offer large paydays, but can be difficult to pull off and can be risky.

The HPE paper recommends that businesses take several steps to disrupt cybercriminals. Businesses can disrupt hacker profits by using end-to-end encryption on their sensitive data, and by deploying application security tools, the white paper says.

"Attackers prefer easy targets, so deploying any technologies to harden your assets will have dramatic results," the paper says.

Many businesses suffering breaches still fail to deploy basic security measures, such as patching software and two-factor authentication, Cottrell said. Hackers conduct their own risk analysis on potential targets; if a company looks difficult to attack, they will move on, he said.

Honeypots or deception grids -- realistic duplications of a business' network set up to trap attackers -- can also be effective, HPE said. These duplicated networks are "complex but may represent the future of getting ahead of the attackers and disrupting them," the paper says.

Businesses being attacked by cybercriminals shouldn't rely on government action, however, the paper says. While many countries are enacting harsher punishments for cybercrime, there's an enforcement problem in some parts of the world, the paper notes.

Harsh penalties in some countries are "driving attackers to operate in ... more lenient countries to reduce their risk," HPE says.

Join the PC World newsletter!

Error: Please check your email address.

Tags cybercrime

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?