For Cybercrime Professionalization, Gangs and

The most prominent cybercriminal gangs today are like big corporations that generate greater than 50 million in annual revenues and approximately 80% of operating expenses going towards wages.

In a paper published on 3 April Researchers David Sancho and Mayra Rosario Fuentes from Trend Micro mapped out the costs of running a cybercrime company in 2023. By using “observations and estimates” they stated, they wanted to provide “the quarterly financial reports of typical criminal organizations under the small, medium as well as large-scale enterprise.”

“Our theory was the larger these companies will be in size, the more they’ll start to be akin to what it takes to be a business,” Sancho tells Dark Reading. The most fascinating thing Sancho says is “when you look at everything and see how similar the picture appears.”

Small, medium and most importantly, the large cybercrime groups operate as their real counterparts with respect to their organizational structure down to the benefits offered to lower-level employees.

The inside workings of cybercrime do not just create interesting facts, however. “If you’re in agreement with us that the more complex the entity is, the more organized it is,” Sancho says, “that opens up a new opportunity to anyone who is looking into or otherwise dealing with these groups.”

The Cybercrime Economy in 2023

Parallel to the economy of the corporation, researchers classified cybercrime organisations into three types:

  • Small: 1-5 employees and affiliates, one layer of leadership less than $500K in annual revenue
  • Medium: 6-49 employees or affiliates. layers of management and up to $50M in revenue
  • Big: 50+ employees and affiliates, several top management levels with more than $50 million of annual revenue

The hacker groups that are the smallest have an “move quickly and break things” type of mindset -financing operations from their pockets, earning profits however they can and with every member of the team working on a bit of all things.

However “as the revenue increases and becomes larger, there’s an issue with a limitation,” Sancho explains. “If we could earn this much money using five hackers. Let’s see what we could do by using six.”

The gangs then begin to hire full-time staff which is essential to maintain the million-dollar annual profit and establish a clearly defined organization structure.

“When the number of people you have is more than six or five individuals, there must be a person who can take charge of something in order to ensure that everyone is doing everything, it’s chaos,” the researcher notes.

“The greater the growth and becoming more complex, the more it increases,” he continues. “And when you’re considering groups of 20 to 50 or more there is a need for individuals arranged according to some kind of system. Some people do finance, some do marketing, some do sales.”

The groups include IT and human resources divisions that operate under the pyramid-type management system. For a funny illustration: Conti group was once home to workers of the month.

How Cybercrime Prevention Targets for Corporate Cybercriminals Can be of benefit

According to Sun Tzu famously observed in The Art of War: “When you’re not aware of your opponent, but you know yourself, the chances for winning and losing is equally. Know your enemy and be aware of yourself. In hundreds of fights, you’ll never lose.”

Hackers are known for working in shadowsdark rooms, anonymous identities and so onaccording to their own plans. When companies can see some of them in their adversaries and their adversaries, it makes the task of dealing with them easier.

If, for instance, you’ve been attacked by a small number of people it’s reasonable to assume that they’re acting more than startups. “Those groups could be more flexible and can attack you in a different way,” Sancho says, which is why victims must respond with greater beware.

In contrast, for the largest most dangerous, most ruthless criminal outfits. “Once you recognize that criminal organizations operate in a manner that is businesslike that is when you realize they need an archive of documents,” he explains. “They require rules regarding how they communicate with each other. They’re working largely from home.”

Investigators may look for information that they would never think of as cybercrime gangsmergers and acquisitions data like shared calendars, other such. In addition businesses can take satisfaction in knowing that their adversaries have a system that is predictable.

Professionalization also reduces the agility for cyber attackers. Cybercrime gangs are similar to corporations right now, and as long as this is accurate, Sancho concludes, “they’ll be facing the same headaches companies face,” like, for example, finding good talent.