A booming business: The rise of cybergangs

Cybergangs are modeling themselves on successful businesses, with often staggering results. Based on the world’s growing interconnectivity, experts estimate that the cost of cybercrime will exceed $6 trillion annually by 2021, due in part to the growth in cybergang activity. In a 2016 report, Europol attributed the continued growth of “crime-as-a-service” activities to the strengthened connections between cybergangs and specialized developers or cybertools.

Witness the Carbanak gang that targeted 100 banks in 30 countries starting in late 2013 and not ending until they were discovered in 2015. The cybergang netted approximately $1 billion in one of the most sophisticated — and profitable — attacks to date. The cybergang included Russians, Chinese and Europeans who transferred money to dummy accounts worldwide.

Business school adherents

Taking tips from successful Main Street businesses, cybergangs have diversified to include specialized roles and responsibilities not only to accomplish their own goals but those of their clients.

Criminal partners and buyers communicate via encrypted messaging services to coordinate services and activities, such as phishing scams and sales of stolen credit cards. Newer such schemes include how-to training courses, where for a fee paid in Bitcoin, gangs teach techniques to infiltrate websites, and the leasing of malware packages.

Strictly defined positions enable cybergangs to carry out complicated criminal schemes that often span continents and last years. Depending on the scope of the cybergang, the breakdown of positions can include C-level executives, personnel managers, website developers, software developers and salespersons.

Consider the division of labor in the Chinese-based Yanbian Gang, which attacked South Korean mobile bank customers between 2013 and 2014. As outlined in a 2015 TrendMicro report, the group’s “organizers” were responsible for recruiting members and receiving the cybergang’s profits. “Translators” were in charge of fluently crafting messages in the targeted region’s language, while “cowboys” collected the profits from the criminal activity and “malware creators” were responsible for developing and regularly improving the gang’s nefarious applications.

Sink or swim

Advances in machine learning and other technologies designed to thwart cyberattacks has created a world of escalating stakes. New scams and malwares that exploit a company’s unknown network weaknesses are necessary for cybergangs to continue to steal past the defenses erected by vigilant security professionals. Unfortunately, successful attacks in recent years have shown that the capabilities and knowledge of cybergangs are evolving dramatically.

For example, the Carbanak cybergang, attributed with committing the most sophisticated cybercrime ever to date, is expanding its tactics by moving from targeting banks to the hospitality industry. In late 2016, the gang was discovered launching variations of the malware it had successfully used to attack banks to steal credit card and financial information. In their latest venture, Carbanak members contact call centers, where in an attempt to solve their problem, hospitality employees open a document that delivers the malware.

But in recent years, enterprises have become better at training their employees to recognize potentially dangerous situations, such as questionable telephone calls, a coffee shop’s Wi-Fi and emails with unknown attachments. Other strategies executives can implement to stop attackers in their tracks: automated technologies and risk assessments. As discussed in the AT&T Cybersecurity Insights report, more than 90% of attacks are known. This means that by protecting against the most common attack types your organization will be a less attractive target.

Carin Hughes is editor of the AT&T Cybersecurity Insights reports.

Copyright © 2016 IDG Communications, Inc.