Paint a picture in your mind of a typical hacker...
I'm guessing you've got an image of a young male in a hoodie sitting in a darkened room, typing away at a computer keyboard. While that may be the case, it's more likely a group of individuals who run their cyber criminal operations as a business—aka organized crime. Think offices with cubicles and work-from-home (WFH) employees. Anytime there's a lot of money to be made, it's a given that organized crime will step in.
Many of you may remember The Godfather, written by Mario Puzo, originally published in 1969. This crime novel tells the story of one of five New York mafia families, the Corleone's. The Corleone family is fighting for survival after a failed assassination attempt on the head of the family, Don Vito Corleone (the Godfather), by one of the other families vying for control.
In a famous scene, his two sons, Sonny and Michael, and his top lieutenants gather to discuss what action to take in the wake of this egregious infraction. Michael, the younger son, suggests meeting with the head of the offending family, and his corrupt police Captain to broker a truce. However, he intends to shoot them both. When the elder son, Sonny, protests, Michael calmly says, "It's not personal Sonny, it's strictly business."
Cyber crime—it's strictly business. Big business. Cyber crime "companies" run just like other businesses. They post job openings on the Dark Web and interview new employees. They sell software like malicious code or malware to other hackers—just like a legitimate software company. They offer ransomware as a service "kits"—whereby they get a "cut" of the profits for all successful attacks—just like a franchise.
The question is, who are these organized crime actors?
In a May 2021 post published by the U.S. Department of Defense, the U.S. Deputy Assistant Director for Cyber Security, Mieke Eoyang, said to the U.S. House of Armed Services Committee during a hearing on cyber crime,
"The line between nation-state and criminal actors is increasingly blurry as nation-states turn to criminal proxies as a tool of state power, then turn a blind eye to the cyber crime perpetrated by the same malicious actors," she said. "We have also seen some states allow their government hackers to moonlight as cyber criminals."
Nation-states are not only condoning but also actively promoting cyber crime. How twisted is that?! Cyber crime doesn't hit the books as a source of income—but the "take" can be significant. Who would some of the nation-states be?
North Korea, Iran, Venezuela, and other cash-strapped nations come readily to mind. Oh, and don't forget Russia.
On top of that, there are many "companies" who have no nation-state affiliation but whose annual income rivals that of many major (legitimate) corporations.
Here are a few of the more prominent ones: Dark Side, REvil, FIN7, Cobalt, Clop, Lazarus, MageCart, and GozNym Gang, to name a few. They're making billions by attacking businesses and individuals.
I don't know about you, but even though I know a lot about computers, I know that when it comes to cybersecurity, I'm no match for the organized crime perpetrated by nation-states and well-oiled criminal syndicates. Neither is your "IT guy" or most IT teams, for that matter. So, if you're trusting your personal security or the security of your business to anything but a professionally trained security team—you're a statistic waiting to happen.
To learn the first steps in protecting your business, set up a time to talk with a One Step Secure IT cybersecurity expert by calling (623) 227-1997 or scheduling a Discovery Call here.
Like What You're Reading?
Subscribe to the Cyber Roundup E-Newsletter for useful tips, relevant blogs, insights from experts, and upcoming events.