A Portrait of a Modern Cybercriminal

Read Time: 3 min.

In 2020, cybercrime is poised to cause multi-billion damages across the globe. Who are the modern cybercriminals, what are their innate goals and motivation?

In 2009, Shoemaker and Kennedy portrayed 12 profiles of cybercriminals, which are, however, fairly outdated today, and some of them simply do not exist anymore.

Modern-day cybercrime world is remarkably well-organized, disciplined and commoditized. In this blog post we will try to briefly elaborate how it looks like today so we can see the evolution compared to 2009. Importantly, motivation of all these profiles is frequently composed of multidimensional, intertwined and continuously evolving matters. Therefore, one should refrain from imputing motivation per profile, as it virtually always differs and sometimes is even polarized.

The most widespread profiles of cybercriminals and their accomplices in 2020 are:

Script Kiddies - usually young, technically unskilled enthusiasts looking to practice, and sometimes to improve, their hacking skills. Most frequently, they use tools and exploits coded by others, and break-in using well-known vulnerabilities or forgotten systems. They usually don't have any particular victim or purpose in mind, they merely select the easiest victim to practice their skills. Some do this to vandalize breach systems (e.g. making mass defacements on a hacked web server), others try to extract any valuable data (e.g. logins and passwords from all websites on a hacked web server) and sell them on an underground marketplace, making their sellers karma and building credibility. Commonly, they either become professional cybercriminals or leave the domain unless they don't end up in jail by failing to properly hide their traces.

Malware programmers - skilled software developers, savvy in building exploits or trojans for further resale. Today, they offer unprecedentedly well-though service to their clients, similar to multinational software development companies: flexible SaaS subscription, 24/7 technical support in multiple languages (including phone), money-back guarantee and even free trials. They almost never do any hacking themselves but provide formidable cyber weapon to others.

Cyber mercenaries - skilled hackers, usually retained on an ad hoc basis by organized crime, state actors, companies or individuals to steal intellectual property, destroy valuable data, hinder business of competitors or spread fake news. Their core skill is to plan and execute assault in the most efficient and effective manner i.e. ensuring it will be invisible (when applicable) and technically uninvestigable, will leverage the fastest way to get crown jewels (e.g. hacking a careless supplier instead of the target directly), and importantly - not cast any shadow on their clandestine clients.

Bot farmers - cyber gangs specialized in infecting the largest possible number of devices or computers with malware for further resale. They supply zombies (i.e. infected machines) to other gangs specialized in spam, phishing, DDoS or ransomware campaigns. In most cases, they buy customized or even tailor-made malware instead of developing their own, thereby reducing their costs.

Cybercrime SaaS providers - usually organized groups selling DDoS services, phishing or spam campaigns. Some have fairly narrow focus, for instance only in DDoS, bending even the largest cybersecurity companies to retreat from defending their clients (cf. Akamai and Brian Krebs story), while others offer a diversified spectrum of unlawful services.

Ransomware gangs - relatively new and somewhat standalone group. They commonly bring together different tools and skills to extort money from their victims. Today, they tend to focus on specific sectors, victims or attack types to maximize their profits.

Drops - the lowest-rank cybercriminals, commonly with no computer skills whatsoever, exploited to take cash from hacked ATM machines or receive stolen goods. Coming from socially vulnerable classes, suffering overindebtedness and various addictions, they rapidly end up in jail.

Unscrupulous counselors - this group spans from lawyers, knowingly providing shrewd advice to cybercriminals on how to avoid prosecution or conceal their acts, to financial experts advising their evil clients on money laundering, placement and tax evasion matters.

Insiders - corrupted or otherwise motivated employees that steal intellectual property, login credentials or other valuable data from their employers or clients. The rising trend alarmingly falls into blackmailing activities e.g. getting obscene video of a victim to force him/her into cooperation with cybercriminals.

Marketplace operators - organized groups hosting various platforms (in Dark Web and beyond), offering a [presumably] trusted place where the above-mentioned profiles can buy, rent, sell or lease (yes) their unlawful goods and services. Sometimes they act as bailors to secure transactions.

The aforementioned profiles are subject to further vertical and horizontal sub-classification. For example, some refuse dealing with specific areas of business (e.g. child pornography), others do not work against victims located in a specific country (being "Robin Hoods" or simply reducing their own risks living in the same country).

Modern-day realm of cybercrime is highly vivid and volatile, thus we shall expect novel categories of Internet law breakers in the near future.