I recently saw a TV commercial dramatizing a cybercriminal bazaar of sorts. And what were they selling you ask? Simple: your information and various methods to obtain it. But this was no ad hoc collection of street vendors. This was an organized, calculated sale. Read More ..
Although many cybercrimes are committed by individuals or small groups, large organized crime networks have emerged. These "professional" criminals find new ways to commit old crimes, treating cybercrime like a business and forming global criminal communities. Criminal communities that share, swap and sell strategies and tools and can combine forces to launch coordinated attacks. They even have an underground marketplace where they can buy and sell stolen information and identities.
The point is, gone are the days of most cybercriminals hiding out in mom’s basement, crouched over a computer trying to break into that large enterprise or government agency. No, today, the bulk of effective cybercrime is conducted over complex, organized information-sharing networks.
And why are these networks of operatives successfully infiltrating some of the world’s largest and supposedly most secure businesses and governments? Simple. Cybercriminals are actually sharing information among each other much more effectively than legitimate businesses and governments. For the most part, the “good guys” are operating in their own silos. Sure they are keeping up on the latest attack methods, but often times the information they are obtaining a) is not actionable b) is not timely enough and c) takes substantial human capital to obtain.