Organized (cyber)crime

Forget lone-wolf hackers. Today, cybercrime is in the hands of highly sophisticated criminal organizations.

In the 1930s a reporter asked a notorious outlaw why he robbed banks. His answer: “’Cuz that’s were da money is, stupid.” Today, the money is online. That’s why organized crime has now taken over cybercrime, reports ZDNet.

The “romantic” image of the lone-wolf hacker taking on behemoth organizations is out of date. The image of the 17-year old kid living in his parents’ basement, notes CSOonline, has changed into that of a 35-year-old criminal who, in many cases, is affiliated with organized crime.

And that organized crime is extremely organized. In many cases, it operates on the model of a legitimate business with organizational charts, C-level executives – even human resources departments. 

"It's time to think differently about cyber risk (...) and recogniz[e] that our businesses are being targeted by ruthless criminal entrepreneurs with business plans and extensive resources — intent on fraud, extortion, or theft of hard-won intellectual property," says Paul Taylor, UK head of cyber security at KPMG, in ZDNet.

In the past two years, according to David Ferbrache, technical director of cyber security at KPMG, new patterns of organized cybercrime have emerged. Fraudsters target top executives in corporations, attempting to lure them into transferring funds that can cost companies millions of dollars.

Criminal groups gather information on social media and, when they know the CEO is attending a conference overseas, devise strategies in which they pass themselves off as senior officers. "CEO frauds now have become a massive issue across many of our clients," says Ferbrache.

Because of online information sharing, deployment time is minimized. An attack on one organization, a bank for example, can be replicated globally by multiple cybercriminals at other banks in the blink of an eye, notes Jim Anderson, president of Americas for BAE Systems Applied Intelligence, in CSOonline.