Security researchers have identified three strongholds for any profitable cybercrime campaign that has innovation at its core. The first is thinking outside the box when it comes to tactics, techniques and procedures (TTPs). The second tier is strategic and introduces innovative monetization mechanisms. The operational tier is based on resource management and strategic goals.
Security analysts are less likely to examine the operational part of this puzzle than the other two. White hats must be able to see subtle changes in major cybercrime trends, which can be tedious and time-consuming.
Project management is crucial to hacking operations’ success. It allows threat actors to be more agile and makes it possible to exploit victims’ digital environments.
Cybercrime: Technical Innovation isn’t Key
The threat landscape is a competitive area where only forward-thinking, dexterous players can survive. Outstanding operational practices are essential for staying afloat in these turbulent waters.
Technical sophistication is not necessarily a dominant trait in a successful attacker group, contrary to popular belief.
These practices are essential for modern cybercrime operations. They allow you to compromise multiple targets in a short time period, extract large amounts sensitive data, pay high salaries to team members and continuously improve your offensive toolkit.
Technical sophistication is not necessarily a dominant trait in a successful attacker group, contrary to popular belief. Hackers can make a lot of money by combining a little above-average phishing skill with monetization proficiency using “classic” methods such as wire transfers, cryptocurrency mixing services, stolen credit cards, and wire transfer. But their importance is overshadowed by good team coordination and project management.
Read more on TechRepublic: How Phishing-as-a-Service Operations Pose a Threat to Organizations
Hackers need project management
Operational competence is a key factor that distinguishes advanced persistent threat (APT), groups from the rest of dark web. These cliques are capable of tackling dozens, or even hundreds, of victims and can easily overcome the challenge.
Contrary to popular belief, many of these groups aren’t adept at adopting the latest technology trends. What allows them stay on track and get maximum value from what they do? It is a combination of smooth business processes and good human resource management that underpins a long-term growth strategy. The following principles are the foundation of today’s most successful cybercrime gangs.
Business processes must be battle-tested and repeatable.
Stakeholders manage people and projects, as well as the data retrieved and financial assets.
It is important to remember that technical innovation goes beyond the management responsibilities of stakeholders. Stakeholder responsibility in cybercrime is limited to the enhancement of existing TTPs. Regular team members don’t need to innovate, as all the basic processes are well established.
The dark side of HR Management
No matter how rapidly technologies change, the human resource factor still determines the efficiency of any cybercrime organization. APT groups employ a broad range of job functions, from coders and translators to managers and operators.
Hacking gangs may recruit people through fake companies in certain situations.
Hacking gangs may recruit people through fake companies that act as a curtain to cover up their foul play. This is done under the pretense of hiring penetration t
