Buybacks have gotten a bad rap from both Republicans and Democrats. But stocks would be trading at a massive discount without them.Marketsread more
Fiat Chrysler and France's Renault could soon partner up to take on the sweeping changes to the global auto industry, according to a report in the Financial Times. The...Autosread more
Microsoft shares have gained 133% since November 2015, outperforming a tech "basket of unicorns" over that stretch.Technologyread more
The president's state visit comes amid tensions with carmaker Toyota over potential auto tariffs. Trump has repeatedly threatened Japanese and European carmakers with tariffs.Traderead more
The IRS is about to release a new draft of Form W-4, which will more closely reflect the changes stemming from the Tax Cuts and Jobs Act. For workers, that means they'll need...Personal Financeread more
When commercial real estate investor Manny Khoshbin spent $2.2 million on the fastest production car in the world, he had no idea it would very quickly also become the...Autosread more
The Mega Millions jackpot has spilled over $400 million. It would be the ninth largest winning since the game began in 2002.Personal Financeread more
Trump was speaking at a meeting of Japanese business leaders in Tokyo during his state visit to Japan on Saturday.Marketsread more
The biggest U.S. gasoline price surge in years is running out of steam just in time for the start of the summer driving season.Energyread more
The federal minimum wage has remained $7.25 per hour since 2009. But several states, and even some companies, have since taken matters into their own hands to pay employees a...Workread more
Stocks rose on Friday, but notched weekly losses as investors worried the U.S.-China trade war is hurting economic growth.US Marketsread more
Cybercriminal organizations compete with each other for customers, fight for the best project managers and even look for leaders who serve in a CEO-like role to help them stay organized and on the task of stealing your money.
"We can see the discipline they have, we can see that they are active during office hours, they take the weekends off, they work regular hours, they take holidays," said Caleb Barlow, head of threat intelligence for IBM Security.
"It varies by groups. In organized crime, there is certainly a boss, much like you would hire a home contractor. That person doesn't necessarily do all the work. They hire the subcontractors, like the plumber and the electrician, that is typically how you do the work, you have lots of subcontractors."
Understanding how malicious hackers are able to structure their business operations is important, he said, so companies can better grasp what they're fighting, as the underground economy often functions in parallel with the broader economy.
Cybercriminal organizations aren't all the same, but a typical structure looks like this: a leader, like a CEO, oversees the broader goals of the organization. He or she helps hire and lead a series of "project managers," who execute different parts of each cyberattack, explains Christopher Scott, who leads the response to security incidents as part of IBM's X-Force business.
If the goal of the group is to get money by hacking a company and stealing its information, a series of project managers will oversee different functions over the scope of the crime that play to their specializations.
Specialists in malicious software might start by buying or tweaking a custom product to steal the exact kind of information the group requires. Another specialist might work to send fraudulent emails to deliver the malicious software to targeted companies. Once the software is successfully delivered, a third specialist might work to expand the group's access within the targeted corporation, and seek the specific information the group hopes to sell on the black market.
IBM provided a graphic representation of how one real, 120-day targeted hacking campaign against a Fortune 500 company looks from the point of view of the criminal group executing it. (Click to enlarge.)
In this case, an attack against a Fortune 500 company meant to steal and destroy data, the different colors roughly represent different job functions, Scott explained.
On the left of the graphic, attackers who specialized in compromising corporate networks worked their way into the business to gain a foothold. Other "project managers" compromised various employee accounts by stealing their credentials, and used those accounts to execute different tasks in the scheme, from gaining access to sensitive areas or gathering information.
Gaps across the timeline represent periods where the hackers stopped doing some of their activities so they wouldn't trip sensors the company used to detect criminal activity.
At the end of the 120-day cycle, other specialists, represented in bright red, came in to finish the job, using different malicious code to destroy their tracks as well as the company's data.
Criminal groups don't exist in a vacuum. The offer what essentially are B2B services to one another and also hijack one another's progress -- just like the corporate world, explained Juan Andres Guerrero-Saade, who heads research at Chronicle, the Alphabet "Other Bet" company focused on cybersecurity.
"If I'm a good developer, then I will create the ransomware and sell it, or sell it as a service," just like legitimate companies that offer software-as-a-service, said Guerrero-Saade. "I will then maintain the malware and if you find victims and get them infected and get them to pay, I will take 10% or 20%."
Some of these service providers have seen their earnings cut back in recent years. In the first half of this decade, a type of malicious software known as banking trojans, which steal a person's credentials to take money from their bank account, became popular. Specialists who offered money-laundering services were in high demand. That demand has waned in recent years as ransomware grew more popular and criminals were able to get money directly.
"It created kind of a different dynamic. You didn't need money mules, you didn't anger the banks, folks [who were targeted] didn't know who to turn to, so that came into vogue," he said.
Criminal groups also have aggressive salespeople work to displace their competitors by stealing territory, explained Guerrero-Saade.
This is common among specialists who offer distributed denial of service (DDoS) attacks, which work to overwhelm a victim company's computers with so much information that they shut down.
Some criminal groups offer DDoS-for-hire services, and these services rely on each group having compromised tens or hundreds of thousands of computers. These hacked computers work together as a "botnet" to launch the DDoS attack.
Guerrero-Saade said it is common for one DDoS-for-hire service to attack only computers already compromised by a competitor, then take that botnet over for its own purposes. Criminals with more computers in their botnet are more effective, he explained. This way, the DDoS-for-hire service can undercut the competition and say "see, I have 100,000 computers while he only has 20,000 or so."
Companies are getting better at identifying the hallmarks of many of these different types of criminal-business structures said Scott.
But sometimes, they grow so big and so organized that they become too easy to identify -- and thus, go out of business.
"When you are dealing with these more bureaucratic type organizations, the activities are very predictable," he said. One group called Dyre, which specialized in banking trojans, became so large around 2015 that the group became one of the easiest to thwart, he said.
Understanding these trends is important for companies hoping to fight cybercriminals, Scott said.
"If you are chasing a particular adversary, you may actually get to understand how many of the same tools, techniques and practices they use. [Companies] don't have unlimited funds, but if you know the tactics properly, you can really focus the security spend."