Trend Micro Report: Bigger Criminal Groups Operating Like Corporations
A new Bitdefender report shows IT and security professionals are told to keep breaches confidential.
![Malicious hacker group Malicious hacker group](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt30920f0819b391a1/65240081d319c6204240abac/Hacker-Group.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
According to Trend Micro, large criminal business, such as the Conti ransomware group:
Typically have three management layers, 50-plus staff and more than $50 million in annual turnover.
Feature relatively large numbers of lower management and supervisors.
Implement effective operations security and partner with other criminal organizations.
Those in charge are seasoned cybercriminals and hire multiple developers, administrators, and penetration testers – including short-term contractors.
They may have corporate-like departments (IT, HR, etc.) and even run employee programs, such as performance reviews.
According to Trend Micro, medium-size criminal businesses include bulletproof hoster MaxDedi. Bulletproof hosting is a service designed to accommodate criminal activities and help clients evade detection.
Medium-size criminal businesses:
Typically have two management layers, six to 49 employees, and up to $50 million in annual turnover.
They usually have a pyramid-style hierarchical structure with a single person in charge.
Small criminal businesses would include Scan4You, an online counter-antivirus service that helped computer hackers determine whether the computer viruses and other malicious software they created would be detected by antivirus software.
Small criminal businesses:
Typically have one management layer, one to five staff members, and under $500,000 in annual turnover.
Their members often handle multiple tasks within the group and also have a day job on top of this work.
Comprise the majority of criminal businesses, often partnering with other criminal entities.
According to the report, knowing the size and complexity of a criminal organization can provide critical clues to investigators, such as what types of data to hunt for. For example, larger criminal entities may store employee lists, financial statements, company guides/tutorials, M&A documents, employee crypto wallet details and even shared calendars to probe.
Understanding the size of targeted criminal organizations can also allow law enforcers to prioritize better which groups should be pursued for maximum impact.
According to Bitdefender‘s report, 42% of the total IT/security professionals surveyed said they have been told to keep a breach confidential when they knew it should be reported. And 30% said they have kept a breach confidential. At 71%, IT/security professionals in the United States were the most likely to say they have been told to keep quiet, followed by the United Kingdom at 44%, Italy at 36.7%, Germany at 35.3%, Spain at 34.8% and France at 26.8%.
“Some of the most surprising findings are the fact that almost one in two companies does not disclose data breaches when they occur, despite the fact that early warning and transparency would dramatically help customers take the appropriate safety measures on time,” said Bogdan Botezatu, director of threat research and reporting at Bitdefender.
More than half of businesses surveyed suffered a breach in the last 12 months, according to Bitdefender. The United States led at 75% (or 23% higher than average) followed by the United Kingdom at 51.4% and Germany at 48.5% rounding out the top three.
Given the prevalence of data breaches and the overwhelming pressure to keep them quiet, IT/security professionals face a grim situation. Over half agree they are worried about their company facing legal action due to a breach being handled incorrectly.
“Data breaches often allow cybercriminals to access customer information,” Botezatu said. “Depending on the type of stolen data, customers can face immediate or medium-term consequences. Credit card fraud, credential-stuffing attacks or targeted phishing attacks are just some of the possible outcomes of a data breach. By notifying customers that a third party has access to their data, victims can take additional precautions such as cancelling compromised credit cards, monitoring credit card statements or proceeding with caution when opening email communication that allegedly originates from the breached company.”
Keeping quiet about a data breach is also illegal in several jurisdictions, such as Europe, where the General Data Protection Regulation (GDPR) demands that victims be notified of a breach within 72 hours since the incident has been spotted, he said.
Software vulnerabilities are the top threat concern among IT/security professionals, according to Bitdefender. When asked about the security threats that pose the greatest concern, respondents said they are most concerned about software vulnerabilities and/or zero-days threats (53%), closely followed by phishing/social engineering threats (52%) and attacks targeting the supply chain coming in at third (49%). Software vulnerabilities as the top concern correlates with Bitdefender Labs research, which has shown a marked increase in 2023 of cybercriminals exploiting known software vulnerabilities using proof of concept (PoC) attacks.
Extending cybersecurity capabilities across environments is the top challenge, according to Bitdefender. More than two in five of IT/security professionals surveyed said extending capabilities across multiple environments (on-premises, cloud and hybrid) is the greatest challenge they face, which tied with complexity of security solutions also at 43%. Not having the security skill set to drive full value came in as a strong second at 36%. Interestingly, Italy and France cited lack of security skill set as their biggest challenge at 49% and 45%.
Continuous cybersecurity coverage deemed crucial for businesses, according to Bitdefender. Almost all respondents globally said using an MSP, such as a managed detection and response (MDR) service, is a critical element of their security programs with almost all saying they are either currently using or considering using an MSP. The top reason respondents gave include the ability to have 24×7 security coverage (45%), followed by the ability to free up internal IT/cybersecurity resources (35%). Ninety-three percent of respondents said proactive threat hunting as important.
“Almost three quarters of IT leaders say that their security budget will increase throughout 2023,” Botezatu said. “Paired with an increased demand for specialized IT security services such as MDR, threat hunting and 24×7 security coverage, this creates significant opportunities for MSPs.”
Continuous cybersecurity coverage deemed crucial for businesses, according to Bitdefender. Almost all respondents globally said using an MSP, such as a managed detection and response (MDR) service, is a critical element of their security programs with almost all saying they are either currently using or considering using an MSP. The top reason respondents gave include the ability to have 24×7 security coverage (45%), followed by the ability to free up internal IT/cybersecurity resources (35%). Ninety-three percent of respondents said proactive threat hunting as important.
“Almost three quarters of IT leaders say that their security budget will increase throughout 2023,” Botezatu said. “Paired with an increased demand for specialized IT security services such as MDR, threat hunting and 24×7 security coverage, this creates significant opportunities for MSPs.”
A new Trend Micro report shows how cybercriminal groups start behaving like corporations as they grow, with wages making up the highest percentage of their operating expenses.
In the report, Trend Micro outlines three types of organizations based on size. It used examples where it collected the most data from law enforcement and insider information.
Jon Clay, Trend Micro‘s vice president of threat intelligence, said the criminal underground is rapidly professionalizing, with groups beginning to mimic legitimate businesses that grow in complexity as their membership and revenue increases.
Trend Micro’s Jon Clay
“However, larger cyber crime organizations can be harder to manage and have more ‘office politics,’ poor performers and trust issues,” he said. “This report highlights to investigators the importance of understanding the size of the criminal entities they’re dealing with.”
A typical large organization allocates 80% of its operating expenses to wages. The figure is similarly high (78%) for small criminal organizations, according to the report.
Other common expenses include infrastructure (servers/routers/VPNs), virtual machines and software.
In addition, a new Bitdefender report shows cybersecurity professionals are often told to keep breaches confidential. The report is based on an independent survey and analysis of over 400 IT and security professionals. They ranged from manager to CISO. In addition, they work in companies with 1,000 or more employees in geographical regions including France, Germany, Italy, Spain, the United Kingdom and the United States.
See our slideshow above for more from the Trend Micro and Bitdefender reports.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like