The bond market has entered a financial twilight zone, and at this point, there doesn't seem to be a smooth way out.Market Insiderread more
Trump said he has "been thinking about payroll taxes for a long time" — and he cautioned that "whether or not we do something now, it's not being done because of recession."Politicsread more
After Elon Musk touts Tesla solar on Twitter, Walmart sues the electric vehicle and clean energy company over store rooftop panels that ignited.Technologyread more
Market bull Jeff Saut told CNBC on Tuesday that the lows are in and the market is headed "much higher."Marketsread more
Urban Outfitters reported earnings and same-store sales for the second quarter that beat analyst expectations, while revenue fell short.Retailread more
President Donald Trump believes he has quite the bargaining chip with the European Union.Marketsread more
Some Apple employees have become disillusioned with the group's culture, where some have thrived while others feel sidelined.Technologyread more
President Donald Trump renewed calls Tuesday to readmit Russia to the G-7 ahead of the group's summit in Biarritz, France, this weekend.Politicsread more
Biden has shown staying power at the top of a jammed Democratic field even as polling numbers for Sanders, Warren and Harris wax and wane.2020 Electionsread more
The FDIC on Tuesday votes to approve a five-agency revision of the post-crisis regulation known as the Volcker Rule.Financeread more
The yield curve is the only economic indicator pointing to a recession, according to Credit Suisse.Marketsread more
Cybercriminal organizations compete with each other for customers, fight for the best project managers and even look for leaders who serve in a CEO-like role to help them stay organized and on the task of stealing your money.
"We can see the discipline they have, we can see that they are active during office hours, they take the weekends off, they work regular hours, they take holidays," said Caleb Barlow, head of threat intelligence for IBM Security.
"It varies by groups. In organized crime, there is certainly a boss, much like you would hire a home contractor. That person doesn't necessarily do all the work. They hire the subcontractors, like the plumber and the electrician, that is typically how you do the work, you have lots of subcontractors."
Understanding how malicious hackers are able to structure their business operations is important, he said, so companies can better grasp what they're fighting, as the underground economy often functions in parallel with the broader economy.
Cybercriminal organizations aren't all the same, but a typical structure looks like this: a leader, like a CEO, oversees the broader goals of the organization. He or she helps hire and lead a series of "project managers," who execute different parts of each cyberattack, explains Christopher Scott, who leads the response to security incidents as part of IBM's X-Force business.
If the goal of the group is to get money by hacking a company and stealing its information, a series of project managers will oversee different functions over the scope of the crime that play to their specializations.
Specialists in malicious software might start by buying or tweaking a custom product to steal the exact kind of information the group requires. Another specialist might work to send fraudulent emails to deliver the malicious software to targeted companies. Once the software is successfully delivered, a third specialist might work to expand the group's access within the targeted corporation, and seek the specific information the group hopes to sell on the black market.
IBM provided a graphic representation of how one real, 120-day targeted hacking campaign against a Fortune 500 company looks from the point of view of the criminal group executing it. (Click to enlarge.)
In this case, an attack against a Fortune 500 company meant to steal and destroy data, the different colors roughly represent different job functions, Scott explained.
On the left of the graphic, attackers who specialized in compromising corporate networks worked their way into the business to gain a foothold. Other "project managers" compromised various employee accounts by stealing their credentials, and used those accounts to execute different tasks in the scheme, from gaining access to sensitive areas or gathering information.
Gaps across the timeline represent periods where the hackers stopped doing some of their activities so they wouldn't trip sensors the company used to detect criminal activity.
At the end of the 120-day cycle, other specialists, represented in bright red, came in to finish the job, using different malicious code to destroy their tracks as well as the company's data.
Criminal groups don't exist in a vacuum. The offer what essentially are B2B services to one another and also hijack one another's progress -- just like the corporate world, explained Juan Andres Guerrero-Saade, who heads research at Chronicle, the Alphabet "Other Bet" company focused on cybersecurity.
"If I'm a good developer, then I will create the ransomware and sell it, or sell it as a service," just like legitimate companies that offer software-as-a-service, said Guerrero-Saade. "I will then maintain the malware and if you find victims and get them infected and get them to pay, I will take 10% or 20%."
Some of these service providers have seen their earnings cut back in recent years. In the first half of this decade, a type of malicious software known as banking trojans, which steal a person's credentials to take money from their bank account, became popular. Specialists who offered money-laundering services were in high demand. That demand has waned in recent years as ransomware grew more popular and criminals were able to get money directly.
"It created kind of a different dynamic. You didn't need money mules, you didn't anger the banks, folks [who were targeted] didn't know who to turn to, so that came into vogue," he said.
Criminal groups also have aggressive salespeople work to displace their competitors by stealing territory, explained Guerrero-Saade.
This is common among specialists who offer distributed denial of service (DDoS) attacks, which work to overwhelm a victim company's computers with so much information that they shut down.
Some criminal groups offer DDoS-for-hire services, and these services rely on each group having compromised tens or hundreds of thousands of computers. These hacked computers work together as a "botnet" to launch the DDoS attack.
Guerrero-Saade said it is common for one DDoS-for-hire service to attack only computers already compromised by a competitor, then take that botnet over for its own purposes. Criminals with more computers in their botnet are more effective, he explained. This way, the DDoS-for-hire service can undercut the competition and say "see, I have 100,000 computers while he only has 20,000 or so."
Companies are getting better at identifying the hallmarks of many of these different types of criminal-business structures said Scott.
But sometimes, they grow so big and so organized that they become too easy to identify -- and thus, go out of business.
"When you are dealing with these more bureaucratic type organizations, the activities are very predictable," he said. One group called Dyre, which specialized in banking trojans, became so large around 2015 that the group became one of the easiest to thwart, he said.
Understanding these trends is important for companies hoping to fight cybercriminals, Scott said.
"If you are chasing a particular adversary, you may actually get to understand how many of the same tools, techniques and practices they use. [Companies] don't have unlimited funds, but if you know the tactics properly, you can really focus the security spend."