In our first blog in this series, we covered how ransomware groups go about their recruitment, with their large teams comprising many threat actors with niche skill sets. We all know how high-profile, widespread, and lucrative the ransomware industry is. It feels like new groups appear every week. But it’s important to remember that other areas of cybercrime, such as non-encryption-based malware, phishing in its various forms, and credit card fraud are still going strong. Cryptojacking malware attacks grew 300 percent in 2021 alone. Just like the ransomware industry, the threat actors behind these attacks don’t work as one-man armies. The operator of a credential-harvesting botnet may not be the person who developed and prepared it for delivery to the target systems. In the second part of this three-part series, we’ll take a look at how recruitment works for some of the components of the cybercriminal ecosystem that existed long before ransomware: malware development and delivery, phishing, and carding. We’ll identify common trends between them, analyze what’s on offer, and examine how users contract and offer their services.
Figure 1: Freelance section on a cybercriminal forum, often used for recruitmentMalware development and delivery
A ransomware group would be nothing without its ransomware executable, but there’s so much more to malware than just encryption software. From cryptojackers to credential harvesters, banking trojans to botnets, there really is something ..
Support the originator by clicking the read the rest link below.
