Professionalisation of cyber crime poses new risks

A new report by research firm RAND has revealed changes taking place in the underground market operated by cybercriminals, such as the increasing use of new technologies such as Bitcoin, that are making hacking attacks more dangerous than ever before.

The investigation, which was carried out on behalf of Juniper Networks, found the cybercrime black market has been steadily growing in sophistication.

Online crime has become increasingly organised to the point where it now mirrors very closely the type of organised crime seen offline, the report found.

"Historically, 80 per cent of hackers were freelance' and just 20 per cent were part of organised crime," Mark Quartermaine, VP for UK and Ireland at Juniper Networks, told IT Pro.

"Now, that has been flipped on its head as this hacking market matures and 80 per cent are working as part of organised groups."

The researchers found a distinct hierarchy operating in these groups with mules', who carry out most of the groundwork, vendors', who provide services such as botnets for hire or money laundering, through to highly skilled administrators', who develop malware and exploit kits. The members of this elite top level are also the ones who make the most profit from the cybercrime economy.

RAND also discovered the use of cryptocurrencies is increasing. While some transactions can still be carried out using traditional currencies, the researchers found many criminal sites now only accept cryptocurrencies, such as Bitcoin, Litecoin or Pecunix, because of their anonymity and security characteristics.

However, Quartermaine does not believe that cracking down on these types of digital currencies would destroy the cybercrime black market.

"These kinds of underground markets enable greater fluidity and cryptocurrencies are part of that," said Quartermaine.

"But if they disappeared, these criminals would find some other way of transacting."

With regard to the future of cybercrime, RAND's researchers claimed ability to carry out attacks is likely to outstrip the ability to defend very quickly, particularly as the number of everyday transactions carried out online increases.

Quartermaine agreed with this position.

"Increasing amounts of data are going online and we will soon see the shift to hyper-connectivity as we move to the Internet of Things," he said.

"By 2020, the number of connected devices is predicted to be greater than the population of the world. Every way you look at it, networking is going to increase and so vulnerabilities are also going to increase, which means it is something we have to get our head around now," he concluded.