Do you offer medical and dental? Cyber criminals do. It sounds funny, but many of today’s cyber criminals take their work very seriously. These threat actors are establishing their own enterprises, adopting many of the structures, strategies and principles of the above-board business world. Hackers are hiring, offering attractive benefits and focusing on customer experience.
It’s yet another reason to be on guard and make sure your business is taking the right cyber security precautions. Here’s how hacking has evolved into a professional enterprise and what you can do about it.
The Professionalization of Cyber Crime
To many business owners, cyber security experts must sound like a broken record: The threat is always increasing. One wonders how hackers sustain such growth and where the people come from who are doing all this hacking. The answer is surprising.
More and more, people end up becoming hackers in much the same way as regular people enter a normal profession. They apply for a job, interview for the role and start building a career in the field. Cyber crime experts report there are advertisements on the dark web recruiting for low-level hacking teams as well as state-level advanced persistent threat (APT) groups.
Like legal business models, cyber crime enterprises devote attention to recruitment and human resources, offering attractive and competitive compensation packages, workplace benefits and incentives and long-term career development.
The Latest Trends in Cyber Crime Operations
Here are some of the latest threats making headlines in 2023:
1. Rampant Recruiting Efforts
Times have been hard for law-abiding workers in the technology sector lately, with data showing over 1,000 firms have laid off more than 240,000 people so far in 2023. These job cuts come on top of 154,336 tech layoffs in 2022. Cyber criminal enterprises are making the most of the situation, turning a bad job market into a recruitment drive and ramping up efforts across the board.
SecurityWeek reports on job listings offering up to $20,000 a month in compensation, plus paid time off, paid sick leave, performance bonuses and employee referral programs. Roles vary from traineeships and part-time jobs to full-time employment and partnerships.
Recent events have confirmed these offers are sincere. A leak of internal chats by a disgruntled employee of the Conti ransomware group revealed it has payroll positions for a human resources lead and a recruitment director. Meanwhile, law enforcement actions taken against the Doppelpaymer hacker group revealed that recruitment was a key aspect of its operational strategy. It offered paid vacations and requested references to verify past cyber crime successes.
2. Increasing Insider Threats
While laid-off tech workers are one source of talent for cyber crime syndicates, currently employed workers are another. This year has seen a 17% uptick in efforts to recruit insiders, knowingly or unknowingly, to participate in hacks, industrial espionage and more.
A survey by Hitachi ID says approximately 65% of bosses and employees at IT companies have been approached in some way to assist in a ransomware attack in the last year. Threat actors used email, phone calls and social media to reach out to prospective recruits. In exchange for premium system access, some offered cash and bitcoin prizes ranging from $500,000 to over $1 million.
In some cases, criminals have been quite forward about their offers. CSO Online reports that hackers have targeted low-wage call center and front line workers in retail, telecom, shipping, social media, financial services and government industries. Companies such as Amazon, Meta, Walmart, Chase, PayPal, AT&T and Verizon have been impacted. A single task performed by such an insider may be compensated for with anywhere from $1,200 to $5,000 and up.
However, some targets of insider threats are not even in on the take. These hacks involve legitimate job seekers who become the victim of a hacker seeking insider information or system access. The Yellow Dev 13 hacker group has been caught creating websites for non-existent companies with fake talent recruiters. When job seekers connect with one of these recruiters, they can be hacked with malware. In some cases, the hackers have even used AI to generate profile pictures, bios and more to amplify the believability of their schemes.
3. Streamlined Customer Experiences
Another way hackers are professionalizing their operations is by focusing on improved customer experiences. It may sound strange to think of a hacked company as a “customer,” but this is exactly how modern hackers are thinking of it. A major focus of groups in 2023 is making the engagement, contact, negotiation and payment of a ransom demand as easy as possible.
Grief, an infamous hacking group, has co-opted the strategies and tactics typically found at PR firms to get its ransom demands met. The group commonly cited professional research to back up its demands.
In one case, Grief told a ransomware victim the cost of downtime would be 10x the ransom requested. In another, it cited cost figures from a Varonis Global Data Risk report. In another case, it quoted Article 33 of the EU’s General Data Protection Regulation rules. The point was to win over decision-makers and quickly and efficiently facilitate a ransom payment, rather than be refused and miss out on a “sale.”
The Protection Today’s Businesses Need
While the warnings of cyber experts may seem repetitive, it is clear this messaging is sincere. In 2023, the threat of cyber attacks continues to change and evolve. More individuals are being recruited to participate in cyber crime activities, lucrative offers are being made to insiders in the context of a challenging economy, and cyber crime enterprises are focused on long-term strategies for their success.
Protecting your business’s computers, assets and reputation is key in this environment, and the right cyber insurance plays an important role. Coverage from Lockton Affinity’s CyberLock Defense is tailored to suit you industry and your business. To learn more about our industry-leading protection, click here.