Copyright Emerce

Cybercriminal organizations, as they grow larger, have begun to behave more like real businesses. This comes with its own costs and challenges, online security firm Trend Micro.

Cybercrimes are rapidly professionalizing: groups are beginning to bear similarities to legitimate businesses. They are increasing in complexity as their revenues grow. Large cybercriminal organizations are harder to manage and suffer from "office politics," poor performance and trust issues.

A typical organization spends 80 percent of its operating expenses on salaries. This figure is about as high (78 percent) for small cybercriminal organizations, according to Trend Micro's report. Spending on and investing in IT infrastructure (servers, routers, VPNs), virtual machines and software also match.

Small cybercriminal organizations (such as the antivirus service Scan4You) have one layer of management, one to five staff members and annual revenues of less than $500,000. Members often fulfill multiple roles within the group and also have day jobs.

Medium-sized cybercriminal organizations (such as bulletproof hoster MaxDedi) typically have two layers of management, six to 49 employees and annual revenue of up to $50 million.

Large cybercriminal organizations (such as ransomware group Conti) are characterized by three management layers, more than 50 employees, and more than $50 million in annual revenue.

The size and complexity of a cybercriminal organization can provide crucial clues for detection. For example, larger cybercriminal organizations may have employee lists, financial statements, company directories and manuals, merger and acquisition documents, details about employee crypto wallets, and even shared calendars.

© The Content Exchange, source News