Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity NewswireCybersecurity News

Majority of Cybercrime Damage is Caused by a Few, Powerful, Covert Criminal Threat Groups

cyber 3 responsive default
November 15, 2018

A small subset of professional criminal actors is responsible for the bulk of cybercrime-related damage, employing tools and techniques as sophisticated, targeted and insidious as most nation-state actors, says the State of Cybercrime Report 2018.

These sophisticated and capable criminal gangs operate largely outside of the dark web, although they may leverage low-level criminal tools occasionally when it serves their purposes.

At the same time, there has been no lull in the overall volume of threats, and low-level cybercriminal activity remains a robust market economy, often taking place in view of security researchers and law enforcement on the dark web, the report notes. While relatively simple in their approach, these activities can still deal widespread damage.

“Cybercrime is a lucrative industry, and it’s not surprising it’s become the arm of powerful, organized groups,” says Don Smith, Senior Director, Cyber Intelligence Cell, Secureworks Counter Threat Unit, sponsor of the report. “To understand the complete picture of the cybercriminal world, we developed insights based on a combination of dark web monitoring and client brand surveillance with automated technical tracking of cybercriminal toolsets.”

Among the CTU researchers’ key findings were the following:

The boundary between nation-state and cybercriminal actors continues to blur.

  • Nation-state actors are increasingly using tools and techniques employed by cybercriminals, and vice versa. In August 2018, CTU researchers determined the Democratic People’s Republic of Korea was likely responsible for a Gandcrab ransomware campaign against the South Korean population and infrastructure, as part of a broader pattern of attacks. GandCrab is developed and sold “as-a-service,” and is more commonly associated with financially motivated criminal actors.
  • In March 2018, a threat actor likely associated with the Iranian government used access that had previously been leveraged for espionage to deploy a cryptocurrency miner across the environment. CTU researchers have also observed other government-backed espionage groups deploying cryptocurrency miners within compromised networks.
  • The assumption that nation-state-sponsored Advanced Persistent Threats (APTs) are dimensionally different from advanced cybercrime threats is fundamentally flawed.

Ransomware continues to be a serious threat.

  • There has been no significant decrease in the volume of ransomware, banking malware, point-of-sale (POS) memory scrapers or other threats available for purchase on underground forums.
  • The threat actors who developed SamsamCrypt and BitPaymer, the two most impactful ransomware threats observed by CTU researchers during the reporting period, have retained them for their exclusive and targeted use, showing the distinct threat these sophisticated cybercriminal groups pose.
  • The developers of Gandcrab – a new piece of ransomware identified by CTU researchers in January and offered for sale on Russian-language underground forums – have been observed offering a partner program in which the developers received 30–40 percent of any resulting revenue from successful attacks.
  • There is no clear evidence that ransomware has been displaced by other capabilities such as cryptocurrency mining, and targeted ransomware attacks continue to be a worrying trend.
  • The growth of traditional file-encrypting ransomware did slow in 2017, but CTU researchers nevertheless observed no less than 257 new and distinct ransomware families during the reporting period.
  • Some of the more popular new ransomware-as-a-service families release regular updates and feature new additions.

Sophisticated criminal gangs are earning millions of dollars of revenue through stolen payment card data.

  • Sophisticated criminal gangs have combined advanced social engineering (expertise in deception and manipulation) and network intrusion techniques with point-of-sale (POS) malware to generate millions of dollars of revenue through stolen payment card data.
  • The price of credit card details on underground forums incentivizes criminals to target POS terminals, where credit card details can be extracted from the memory of the running device using specialist malware.
  • Cybercriminals are also clever about monetizing card data even after the theft has been discovered, and credit card dump sites such as JokerStash have come under scrutiny as a possible way for sophisticated criminals to do just that.

The dark web is not the darkest depth of the cybercriminal world.

  • Sophisticated, organized criminal groups are quietly dealing most of cybercrime’s damage each year, and they avoid the dark web where possible to evade detection by law enforcement and threat researchers.
  • These more sophisticated criminals may use simple and readily available tools in some cases, but their highly organized approach and evolving capabilities represent a significant threat.

“The observations of CTU researchers over the last 12 months show that the threat from cybercrime is adaptive and constantly evolving,” the report concludes. “To stay ahead of it, it is imperative that organizations develop a holistic understanding of the landscape and how it relates to them, and tailor their security controls to address both opportunistic and more highly targeted cybercriminal threats.”

KEYWORDS: cyber security cybercrime Dark Web ransomware

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • data privacy

    51% of organizations have experienced a data breach caused by a third-party

    See More
  • social-media-freepik1170x658.jpg

    Social networks most likely to be imitated by criminal groups

    See More
  • Hospital bed with red plaid blanket

    Healthcare cyberattacks caused financial damage for 69% of organizations

    See More

Related Products

See More Products
  • threat and detection.jpg

    Surveillance and Threat Detection

  • security book.jpg

    Security Investigations: A Professional’s Guide

  • Physical-Security-and-Safet.gif

    Physical Security and Safety: A Field Guide for the Practitioner

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing