Understanding the business model of cybercrime
As businesses get bigger they begin to gain extra layers of management and start to behave in different ways. A new report from Trend Micro reveals that the same is true for cybercrime groups.
A typical large cybercrime organization allocates 80 percent of its operating expenses to wages, with the figure similarly high (78 percent) for smaller criminal organizations, according to the report.
Other common expenses include infrastructure (servers/routers/VPNs), virtual machines, and software, just like any tech business.
Jon Clay, VP of threat intelligence at Trend Micro says, "The criminal underground is rapidly professionalizing -- with groups beginning to mimic legitimate businesses that grow in complexity as their membership and revenue increases. However, larger cybercrime organizations can be harder to manage and have more 'office politics,' poor performers, and trust issues. This report highlights to investigators the importance of understanding the size of the criminal entities they're dealing with."
The report identifies three tiers of criminal business. Smaller businesses make up the majority, typically with one management layer, one to five staff members, and under $500K in annual turnover. Their members often handle multiple tasks within the group and also have a day job on top of this work.
Medium businesses typically have two management layers, six to 49 employees, and up to $50m in annual turnover. They usually have a pyramid-style hierarchical structure with a single person in charge.
Large crime businesses typically have three management layers, 50+ staff, and $50m+ in annual turnover. They also have relatively large numbers of lower management and supervisors and may even have corporate-like departments (e.g., IT, HR) and run employee programs, such as performance reviews. They are likely to partner with other criminal organizations, while those in charge are seasoned cyber-criminals and hire multiple developers, administrators, and penetration testers -- including short-term contractors.
Understanding the type of criminal organizations they're dealing with can help investigators and law enforcers to prioritize which groups should be pursued for maximum impact.
You can get the full report from the Trend Micro site.
Image credit: Gladkov/depositphotos.com