Picture an office block. You zoom in on a floor, then further still into an individual office. Inside, workers are typing away, joining zoom meetings and laughing by the coffee machine. A fairly generic picture, yes? Yet these workers are not what they seem. Each is a criminal operative, hacking, phishing and defrauding thousands of innocent victims as part of a highly sophisticated criminal group, organised just like a legitimate business. This scenario may sound far-fetched, but in reality isn’t far from the truth. This structured model is growing increasingly popular with organised cybercrime gangs as they adapt to growing cyber defences and incorporate technological advances, writes Dan Bridges, Technical Director – International at Cyware, pictured.
Rise of the criminal collective
Research from IBM and Google highlights the ways cybercriminal groups are starting to operate similarly to large enterprises, even adopting leadership teams and management hierarchies. As these ‘companies’ grow, they begin forming their own industry, networking together, selling products and services, building their own marketplaces to sell and trade malware and information, and even hiring out specialists and subcontractors for individual jobs. On top of offerings such as Ransomware-as-a-Service, criminal organisations are also posting job advertisements and actively hiring for roles such as pen-testers in order to improve their ‘company’ offerings.
This is cybercrime on a whole new level. With this high level of organisation and commitment, it is clear just how advanced cybercriminal operations have become. and it is concerning that many legitimate businesses are still trying to fight the fight alone. An isolated approach is not sustainable, as only through defensive collaboration across the industry will businesses be able to strengthen their entire security ecosystem enough to effectively defend against a larger, more integrated criminal cyber threat.
Building
It is time to harness the power of the well-established cybersecurity communities that exist to promote best practices and intelligence sharing. Organisations such as the Open Source Security Foundation (OpenSSF) and the Open Cybersecurity Alliance (OCA) bring together industry leaders to address a wide range of security challenges and foster collaboration by reducing the technical barriers that prevent cybersecurity tools from integrating.
However, these initiatives are just the beginning. Organisations must focus on an industry wide collective defence model, with organisations embracing the mindset of mutual protection. This collective defense approach encourages businesses and public sector entities to share intelligence, pool resources and treat an attack on one as an attack on all. This approach ensures that organisations are constantly aware of any new tactics cybercriminals may employ, and are able to defend accordingly. This collaboration will not only provide protection for established businesses, it will also ensure that smaller, more vulnerable organisations are just as prepared for the slew of inevitable attacks they will face as they grow. Overall the collective defence approach will strengthen the whole industry, providing a near impenetrable defence for every business that participates.
For the collective defence approach to deliver long-term success, the system requires structured collaboration, well-defined roles and a strong commitment to intelligence sharing. In the ideal scenario, organisations would exchange indicators of compromise (IoCs), tactics, techniques and procedures (TTPs) alongside joint threat-hunting and incident response strategies.
Many of these requirements are already in place. Organisations are increasingly using sophisticated internal threat intelligence tools to monitor risks and automate responses. Extending these capabilities to external partners is the logical next step. In addition, those struggling with fragmented security alerts and siloed IT teams can turn to modern threat intelligence platforms (TIPs), which consolidate data from multiple sources, transforming it into actionable insights. These systems enable faster, more effective communication, improving situational awareness and resilience.
By streamlining communication and fostering collaboration, TIPs provide IT and security teams with a clearer, more comprehensive view of the evolving threat landscape. This rapid data aggregation strengthens situational awareness, enhances resilience and, crucially, enables analysts to cut through the noise so they can identify the most relevant threats and remediation strategies before risks escalate.
For these systems to remain effective in the face of united criminal organisations, businesses must build upon their security measures and begin looking to the hyper orchestration model. Hyper orchestration builds upon TIP functionality by facilitating automated, real-time intelligence sharing across entire networks, including internal business units, supply chain partners and industry peers. Through this automated defence system, each stakeholder group is better equipped to stay ahead of and defend against emerging threats.
As the threat of these criminal organisations looks large, the impact of a collective defence will be colossal. A joint defence industry wide between security teams where an attack on one is treated as an attack on all will be vital to ensure businesses stay protected from attacks. As a famous man once said, ‘a rising tide lifts all boats’, collaboration is the future, and security teams must take advantage of this before they are overcome by the combined forces of criminal groups. It is time to fight fire with fire.
