Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

13 Habits Cybercriminals Share With Real Business People

Cybercriminals - they're just like us! Well, maybe not, but the shadowy characters who earn their living plundering companies of sensitive data and locking them out of their critical files aren't all that different from legitimate business people.

Shady syndicates have transformed cybercrime into an enterprise worth hundreds of billions, or even trillions, of dollars. Some of these groups now equal the proficiency of nation-states, which were long considered far superior to any other online saboteur.

How did this happen? Cybercriminal groups shed their image of "teenagers in a basement" and got serious. Now they are led by powerful profiteers who recognize the rewards of professionalism and organization, borrowing from legitimate businesses the very principles that lead to success.

Exactly how do hacking groups mirror the real world? Here are 13 shared habits and characteristics that may make you oddly respect the very people you are at war with.

1) They Are in It for the Money

Gone are the days when bands of hackers amounted to nothing more than loosely knit groups of teens seeking fame and notoriety. Like anyone who goes into business - no matter their noblest intentions - the ultimate goal is to turn a profit. And cybercrime is as lucrative an illicit activity as they come, physical or otherwise. For example, the 2015 Trustwave Global Security Report found that attackers launching a malware infection campaign can earn a whopping 1,425 percent return on investment in just one month.

2) There is a Clear Division of Labor

Like a reputable business, cybercrime operations are complex and hierarchal, sometimes featuring dozens of members who take on specialized roles and responsibilities - each handling some facet of the enterprise. From malware creators to server administrators, from designers and programmers to affiliates, from stolen data resellers to counterfeit carders and launderers, there is something for everyone.

3) They Have "HR Teams"

Did you think that any old Joe could walk off the street and join a cybercriminal operation? Not so fast. For starters, hacking enterprises certainly don't want to hire a competitor or undercover law enforcement agent who can infiltrate them. They also don't want to bring on employees who aren't going to excel at their duties. So, like real companies, they may interview candidates, rely on endorsements and recommendations, and perform background checks.

Marketing representatives from cybercriminal groups frequent online forums in hopes of growing their reputation as reliable providers of crimeware tools, such as exploit kits, for customers. That's right: Even in the perfidious world of cybercrime, a sullied reputation can send a business into a tailspin.

5) …But They Can Still Be Up to No Good

Before we bestow too much credit to cybercriminal groups for valuing their public image, at the end of the day there is no honor among thieves. Just like in the legitimate world of business, where certain companies run afoul of basic ethics, the same happens in the underground. For instance, our SpiderLabs researchers recently revealed how the maintainers of the Sundown exploit kit are stealing code from other kit handlers.

6) They Perform Quality Assurance

Nobody likes a product that doesn't work. Most cybercrime rings are outfitted with personnel that apply due diligence to all of their creations. Among other things, this typically involves running their executables against malware scanners to ensure maximum conversions.

7) They Offer Customer Support

How do you guarantee positive reviews and word-of-mouth from the public? Same as trustworthy organizations do: through dependable customer support. Many cybercrime outfits offer round-the-clock support and money back guarantees, as well as holiday specials, including around Black Friday - a U.S.-coined "holiday" that immediately follows Thanksgiving and is said to unofficially kick off the holiday shopping season.

8) They Invest in R&D

Successful organizations are those that can quickly react to market shifts and the changing habits of consumers. The most successful ones can predict these even before they happen. Trustwave CEO and President Robert McCullen described in Forbes how spammers, for example, study click-through rates among certain demographics to optimize their strategies. Another example, as pointed out by the 2016 Trustwave Global Security Report, is the Angler exploit kit, whose developers actively monitor patch releases to develop exploits as quickly as possible.

9) The Last Two Months of the Year Can Be Make or Break

Like retailers that look forward to November and December as a way of getting into the black, cybercriminal activity typically ramps up this time of year too. These fraudulent businesses are just being savvy capitalists: They know that the public is particularly active online during the holiday season and may let its guard down.

10) They Clock Out for Nights and Weekends

While a cybercrime op must stay active at all times of the day, security researchers have noted that due to how efficient these attack groups have become, they can afford to give certain "employees" off on nights and weekends.

11) They Know When to Cut Their Losses

Successful businesspeople are pliable. If their idea isn't working, they'll pivot because there is no justification for throwing capital into a money pit. The same goes for cybercrooks: If they are meeting too much resistance from a particular target or having little success with a particular (attack) method, they'll move on.

12) They Value Risk

While crime committed on the internet tends to offer a lower chance of punishment than in the physical world, cybercrooks are still attentive to risk. Why, for instance, has ransomware become so explosive? Because it presents a low-risk, high-reward opportunity for cybercriminals. Unlike, for example, a carding syndicate - which features many different moving parts and takes ample time to pull off to completion - a ransomware operation is fairly straightforward and presents less chance of getting caught.

13) They Can Go Out of Business, Too

Joint efforts by the security industry and law enforcement have brought many cybercrime rackets  to their knees. But it seems that when one falls, another one is eagerly waiting in the wings. But your goal isn't to place a digital "going out of business sign" in the window of every criminal ring. Instead it is to merely ensure you aren't letting their customers into your house. You can accomplish this by abiding by the security fundamentals of deterring malware, identifying vulnerabilities, monitoring and detecting for threats and readying yourself to adequately respond to an incident. Learn how Trustwave can help.

Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor. 

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More