Blogs & Stories

Trustwave Blog

The Trustwave Blog empowers information security professionals to achieve new heights through expert insight that addresses hot topics, trends and challenges and defines best practices.

13 Habits Cybercriminals Share With Real Business People

Cybercriminals - they're just like us! Well, maybe not, but the shadowy characters who earn their living plundering companies of sensitive data and locking them out of their critical files aren't all that different from legitimate business people.

Shady syndicates have transformed cybercrime into an enterprise worth hundreds of billions, or even trillions, of dollars. Some of these groups now equal the proficiency of nation-states, which were long considered far superior to any other online saboteur.

Click here to download the "Security Survival Guide for Growing Businesses"

How did this happen? Cybercriminal groups shed their image of "teenagers in a basement" and got serious. Now they are led by powerful profiteers who recognize the rewards of professionalism and organization, borrowing from legitimate businesses the very principles that lead to success.

Exactly how do hacking groups mirror the real world? Here are 13 shared habits and characteristics that may make you oddly respect the very people you are at war with.

1) They Are in it for the Money

Gone are the days when bands of hackers amounted to nothing more than loosely knit groups of teens seeking fame and notoriety. Like anyone who goes into business - no matter their noblest intentions - the ultimate goal is to turn a profit. And cybercrime is as lucrative an illicit activity as they come, physical or otherwise. For example, the 2015 Trustwave Global Security Report found that attackers launching a malware infection campaign can earn a whopping 1,425 percent return on investment in just one month.

2) There is a Clear Division of Labor

Like a reputable business, cybercrime operations are complex and hierarchal, sometimes featuring dozens of members who take on specialized roles and responsibilities - each handling some facet of the enterprise. From malware creators to server administrators, from designers and programmers to affiliates, from stolen data resellers to counterfeit carders and launderers, there is something for everyone.

3) They Have "HR Teams"

Did you think that any old Joe could walk off the street and join a cybercriminal operation? Not so fast. For starters, hacking enterprises certainly don't want to hire a competitor or undercover law enforcement agent who can infiltrate them. They also don't want to bring on employees who aren't going to excel at their duties. So, like real companies, they may interview candidates, rely on endorsements and recommendations, and perform background checks.

Marketing representatives from cybercriminal groups frequent online forums in hopes of growing their reputation as reliable providers of crimeware tools, such as exploit kits, for customers. That's right: Even in the perfidious world of cybercrime, a sullied reputation can send a business into a tailspin.

5) …But They Can Still Be Up to No Good

Before we bestow too much credit to cybercriminal groups for valuing their public image, at the end of the day there is no honor among thieves. Just like in the legitimate world of business, where certain companies run afoul of basic ethics, the same happens in the underground. For instance, our SpiderLabs researchers recently revealed how the maintainers of the Sundown exploit kit are stealing code from other kit handlers.

6) They Perform Quality Assurance

Nobody likes a product that doesn't work. Most cybercrime rings are outfitted with personnel that apply due diligence to all of their creations. Among other things, this typically involves running their executables against malware scanners to ensure maximum conversions.

7) They Offer Customer Support

How do you guarantee positive reviews and word-of-mouth from the public? Same as trustworthy organizations do: through dependable customer support. Many cybercrime outfits offer round-the-clock support and money back guarantees, as well as holiday specials, including around Black Friday - a U.S.-coined "holiday" that immediately follows Thanksgiving and is said to unofficially kick off the holiday shopping season.

8) They Invest in R&D

Successful organizations are those that can quickly react to market shifts and the changing habits of consumers. The most successful ones can predict these even before they happen. Trustwave CEO and President Robert McCullen described in Forbes   how spammers, for example, study click-through rates among certain demographics to optimize their strategies. Another example, as pointed out by the 2016 Trustwave Global Security Report, is the Angler exploit kit, whose developers actively monitor patch releases to develop exploits as quickly as possible.

9) The Last Two Months of the Year Can Be Make or Break

Like retailers that look forward to November and December as a way of getting into the black, cybercriminal activity typically ramps up this time of year too. These fraudulent businesses are just being savvy capitalists: They know that the public is particularly active online during the holiday season and may let its guard down.

10) They Clock Out for Nights and Weekends

While a cybercrime op must stay active at all times of the day, security researchers have noted that due to how efficient these attack groups have become, they can afford to give certain "employees" off on nights and weekends.

11) They Know When to Cut Their Losses

Successful businesspeople are pliable. If their idea isn't working, they'll pivot because there is no justification for throwing capital into a money pit. The same goes for cybercrooks: If they are meeting too much resistance from a particular target or having little success with a particular (attack) method, they'll move on.

12) They Value Risk

While crime committed on the internet tends to offer a lower chance of punishment than in the physical world, cybercrooks are still attentive to risk. Why, for instance, has ransomware become so explosive? Because it presents a low-risk, high-reward opportunity for cybercriminals. Unlike, for example, a carding syndicate - which features many different moving parts and takes ample time to pull off to completion - a ransomware operation is fairly straightforward and presents less chance of getting caught.

13) They Can Go Out of Business, Too

Joint efforts by the security industry and law enforcement have brought many cybercrime rackets  to their knees. But it seems that when one falls, another one is eagerly waiting in the wings. But your goal isn't to place a digital "going out of business sign" in the window of every criminal ring. Instead it is to merely ensure you aren't letting their customers into your house. You can accomplish this by abiding by the security fundamentals of deterring malware, identifying vulnerabilities, monitoring and detecting for threats and readying yourself to adequately respond to an incident. Learn how Trustwave can help.

Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.