Marketplaces, strategic partnerships … Cybercriminal groups are increasingly resembling the companies they choose as targets
The world of cybercrime is a very organized and professional world. Kaspersky’s cybersecurity experts note that this universe is structured like a vast ecosystem of providers who sell services to each other. Certain groups of cybercriminals go even further and do not hesitate to create real marketplaces, like the one that the Sodinokibi group has recently used to sell stolen data, or even to create alliances and partnerships as recently claimed on its website. the group behind the Maze ransomware.
“Cybercriminals are primarily motivated by money and in recent years have turned to the few victims who are most likely to pay: businesses. But corporate defenses cannot be broken through by the same means as those used against individuals, and the random installation of malware by unsuspecting employees is not enough. An essential point to keep in mind is that the attack on a company is not due to chance: it is a complex operation resulting from the action of a complete value chain, from intrusion into the system from the company to the ransom note or the theft of data through the installation of malware. And each of these steps can be carried out by different groups, ”analyzes Ivan Kwiatkowski, cybersecurity researcher at Kaspersky.
For example, the owner of a network of infected machines has several options to take advantage of it.
• Infrastructure as a Service: victim machines are used as relays for other attacks, or to store illegal content.
• Crimeware as a service: sale of services related to cybercrime, such as the organization of DDoS attacks or the distribution of spam from infected machines.
• Malware as a Service: installation of customer-supplied malware on infected computers (usually billed based on the number of installs).
• Some split infected machines into bundles like lots (“pack of 1000 victims in France”) and sell direct access.
Cybercrime is a thriving business and businesses today must be one step ahead of cybercriminals to ensure their protection. Through research by GReAT (Global Research and Analysis), its team of security experts that operates worldwide, Kaspersky offers a monitoring service as well as advanced threat research in order to provide a detailed report of current cyber threats.