True interdependent web of criminals collaborate and share malicious tools and services automating the creation of new and sophisticated attack campaigns and becoming an increasingly profitable and low-risk business
CLM, a Latin American value-added distributor focused on information security, data protection, cloud and infrastructure for data centers, and SentinelOne, one of the leaders in cybersecurity in the world, unravel the complex collaborative web of e-Crime and its cyberattacks. According to CLM's product director, Gabriel Camargo, the dynamics of cyber threats have taken on a new level of complexity, driven by the exchange of services, tools and knowledge between various types of partners, from those sponsored by governments to dangerous gangs.
“In the thriving business of cybercrime as a service (CaaS), diverse groups share kits and tools instantly and collaborate very efficiently, taking advantage of shared services accessible on the dark web. Understanding how the current threat scenario is configured is essential for cybersecurity”, he explains.
Sharing knowledge and malicious business practices
In recent years, the availability of e-Crime services has become established among various levels of cybercriminals, leading to significant specialization of criminal networks and promoting cooperation between illicit providers. Cybercrime as a Service (CaaS) models allow attackers to share technical knowledge and malicious business practices on dark markets, where the tools, code and services needed for cyberattacks are accessible.
This ecosystem functions as an authentic Market Place, where aspiring hackers can buy or rent what they need to launch their own campaigns. Furthermore, illicit service providers efficiently serve numerous criminal entities, with offers of obfuscation, rental of botnets IoT, services phishing, backdoor generators, among others, sold on private forums on the dark web.
Dark Web – breeding grounds for new waves of cybercrime
THE dark web is a center for modern cybercrime, which facilitates exchanges between cybercriminals, allowing the scale and complexity of cyber threats to be expanded. These illicit environments are fed by several popular addresses, accessible through the browser TOR, on darkNet, like I2P (Invisible Internet Project) and Hyphanet.
While these services also serve legitimate purposes, SentinelOne says there is no doubt that cybercriminals benefit greatly from the features they offer.
Monetization of breaches – the emergence of Initial Access Brokers
In this scenario, the Initial Access Brokers (IABs), which sell unauthorized access to compromised systems, allowing buyers to launch their attacks. The introduction of monetization in data breaches emphasizes that there has been a transformation of cyber threats into extremely profitable commodities. IABs also provide a marketplace for stolen credentials, discovered software vulnerabilities, and other breaches, empowering a broader set of criminals. With this immediate access to potential targets, cybercriminals are able to exploit these gateways to quickly launch new campaigns.
Expertise in outsourcing for profit and the role of cyber associates
The change in the way cybercriminals collaborate is also attributed to cyber affiliates or associates, individuals or groups who use their knowledge to assist in cyberattacks in exchange for a share of the profits. This allows for specialization within the criminal ecosystem, where different participants contribute their knowledge to create an increasingly diverse and potent threat ecosystem.
Affiliates act as components that integrate the structure of Ransomware as a Service (RaaS) and leverage specialized features and tools provided by RaaS platforms to launch sophisticated campaigns, even without advanced technical knowledge. This collaboration amplifies the scope and severity of ransomware attacks, as affiliates operate autonomously with the support of RaaS platforms, expanding the threat landscape.
Facilitators work behind the scenes
Beneath the surface of cybercrime lies a network of enablers that fuel malicious operations. Crypter developers, for example, create tools that try to disguise malware, in order to avoid detection by less sophisticated security software. Already the malware kits and droppers offer pre-packaged malicious code, further lowering the barrier to entry into cybercrime and attracting a new generation of would-be criminals with little technical knowledge.
THE Bulletproof hosting or bulletproof hosting plays a fundamental role in the interconnection of cybercriminals. This type of hosting is a safe haven for illegal activities on the web, with an infrastructure resistant to removals and police actions. This is because providers have their infrastructure in jurisdictions that are known to have lenient or inadequate internet regulations. And so, cybercriminals can host illegal content, distribute malware, create phishing sites, and other malicious activities.
“It is the perfect environment to collaborate, share resources and coordinate attacks, making their collective impact much greater than if they had operated independently”, explains Camargo.
Cryptocurrencies have made financial settlement anonymous
Behind the explosion of cybercrime in recent years is the ability of criminals to move large sums of money without supervision. Cryptocurrencies like Bitcoin have transformed the way attackers manage their earnings and conduct illegal activities. Crypto wallets store digital assets securely and allow anonymous transactions at unique addresses. Mixers or tumblers they scramble transactions, ensuring that the origin of funds is difficult to trace. Threat actors also use exchanges to convert from one cryptocurrency to another.
For CLM, the growing exchange between cybercriminals reflects the complexity of the current e-Crime scenario. It also demonstrates the urgency for organizations to establish end-to-end cybersecurity strategies that are capable of autonomously safeguarding multiple attack surfaces. “The disruption of the cybercrime ecosystem presents Boards of Directors, CISOS and CIOs with a major challenge. Cybersecurity needs to include solutions based on Artificial Intelligence, which provide deep visibility to all systems, detect and respond to threats in real time and are scalable”, concludes Gabriel Camargo.
EN 
PT 
