Cybercrime Inc: How Cybercriminals Organize Themselves Like a Business

Help Wanted: Seeking IT administrators, developers, engineers and analysts. Six-figure salary with bonuses, paid vacation and sick leave. No formal education required. Highly flexible work environment — work remotely with no dress code and no set schedule. Note: Duties may involve illegal activities such as coding malware, stealing data or launching ransomware attacks.

How Cybercriminals Organize Themselves Like a Business

Cybercrime has become a booming business, generating about $1.5 trillion in annual revenue according to various analysts. Given the prodigious profit potential, it’s no surprise that today’s cybercrime organizations have begun to organize themselves with a top-down structure similar to most legitimate businesses. The largest ones have CEOs, investors and business plans. Some even offer franchises or partnerships.

And, like any other business, they are constantly seeking talent. Today’s top cybercrooks are being actively recruited via dark web job postings offering high salaries and the types of perks usually provided by more traditional corporate entities.

The increased professionalism is a natural response to the changing nature of cybercrime. The days of “lone wolf” hackers engaging in malicious mischief are long gone. With financial gain now the primary motive for a broad range of computer crimes, malicious actors have organized themselves into groups with formal hierarchies to ensure a more structured and business-like approach to their criminal enterprises.


Getting Down to Business

Specialization is a key characteristic of this change. Just as corporations have departments dedicated to specific functions, cybercrime organizations now have specialists for various tasks, such as malware development, password cracking, data theft, money laundering — and even customer support. This compartmentalization allows them to work seamlessly and efficiently.

Many criminal groups now favor the “platform capitalism” business model used by companies such as Amazon, Apple, Google and Uber. In this model, the organization creates digital platforms to facilitate transactions between producers and consumers. For example, ride-sharing platforms connect drivers with passengers, while e-commerce platforms connect sellers with buyers. Ransomware-as-a-Service (RaaS) is the most obvious way criminal groups leverage the platform capitalism model.

Today’s cybercrime organizations have begun to organize themselves with a top-down structure similar to most legitimate businesses.

In RaaS schemes, criminal groups act as service providers, offering their ransomware variant, command-and-control infrastructure, payment collection mechanisms and technical support to less skilled individuals or criminal groups. These affiliates can then deploy the ransomware on selected targets. Outrageously, some RaaS providers even offer “customer service” to their victims, providing instructions on how to pay ransoms or recover data after an attack. It’s all designed to maximize their profits and ensure victims comply with their demands.


Cybercriminals Investing in AI

RaaS is an incredibly efficient and lucrative service for the providers. They can leverage large numbers of affiliates to launch hundreds or even thousands of attacks simultaneously, earning a share of all ransomware payments generated. For example, the Russia-backed LockBit gang has reportedly extorted more than $90 million from roughly 1,700 attacks against U.S. organizations since 2020.

Like their legitimate corporate counterparts, malicious actors are also making research and development (R&D) an integral part of their growth strategy. Artificial intelligence (AI) and machine learning (ML) have been particular areas of interest. With the ability to rapidly analyze huge datasets, these technologies are increasingly being used to improve and automate many nefarious activities, including password cracking, vulnerability scanning, supply chain attacks and information theft. Some 85 percent of IT security professionals say they’ve seen a rise in AI-powered attacks over the past year, according to a new survey from Sapio Research.

The shift toward a corporate model has enabled cybercriminals to operate more efficiently, increase profits and pose an even greater threat. A multilayered security strategy featuring employee education programs, regular network assessments, threat monitoring solutions and more remains essential for combating the tactics used by these well-organized and profit-driven entities. Contact us for an evaluation of your current security posture. 



Benefits of Managed IT Services from Global Data Systems

  • Strategic Managed IT: We help you solve your technology related business problems.
  • Connectivity: We get you reliable, secure connectivity anywhere in the western hemisphere in 48 hours.
  • Support: When you need help simply call our 24x7x365 support number.
  • Billing: Instead of managing hundreds of vendors - get one, easy to read bill from GDS.

Contact Managed Services Provider, Global Data Systems >