Often, when we think about cybercriminals or hackers, we think of a person – one person. And, yes, there are individual cybercriminals out there, causing havoc for many people through cybercrime activity. But there are also organizations with groups of cybercriminals working together to execute cybercrimes. We call them cyber gangs.
Cyber Gang Positions
Cyber gangs function similar to small business. Each group of individuals, each with their own specific set of skills, works together towards one common goal. In this case, the goal is cybercrime. The make-up of a cyber gang may vary, but the common positions include:
- Team Leader: the contact running the operation.
- Coders: those that develop the malware, spyware, ransomware, etc.
- Network Administrator: the contact responsible for taking over the online services or devices of an organization.
- Intrusion Specialist: the contact that ensures the malware/spyware/ransomware remains on the network/device/etc. and that the network is exploitable.
- Data Miner: the contact that is able to identify the valuable data/information and extract that data in a usable and clean format.
- Money Specialist: the contact that determines the most appropriate way to make money from the various types of data.
Cyber Gang Organizations
The organization works together to execute the cybercrimes that benefit them. And, according to a US cybersecurity firm, FireEye, there are more than 1,900 hacking groups (a.k.a. cyber gangs) active today. That means that there are 1,900 organizations out there, containing multiple individuals, all focused on executing targeted cybercrimes.
Let us put a bit more context to the 1,900 cyber gangs out there. Cyber gangs fall into three categories:
- Nation-State Sponsored threat actors (APTs)
- Financially Motivated groups (FINs)
- Uncategorized groups (UNCs)
Ways to Execute
The APTs are sponsors by a nation-state, which means groups are leveraging cyber activity to advance national interests, gather intelligence, or gain military intelligence. Financially motivated groups are focused on money. Their is not enough information to categorize the others.
And, while each cyber gang has their way of executing a cybercrime, the most common avenues include:
Malware is the front runner when it comes to cyber gang activity. FireEye even noted that 514 new malware strains were developed and deployed in 2020. Of the strains developed, 81% were privately developed and had restricted availability. The remaining 19% were publicly available strains.
Why does all this matter? If we think of cybercriminals as one individual, we may lead ourselves to believe that they are not that big of a threat – it’s just one person, right? While one person can cause damage, the damage can always be much worse. There is a wide spread of individuals working together as a business to execute. It’s important to keep this in mind when considering the organization, you work for, and the level of cybersecurity protection that is needed…and necessary.