New Report Uncovers Inner Workings of the Cybercriminal Economy

New Report Uncovers Inner Workings of the Cybercriminal Economy


Hewlett Packard Enterprise published the report “The Business of Hacking”, that looks at the adversary value chain as driving force in cybercrime and provides actionable insights to improve enterprise defences.

The profile of typical cyber attackers — and the interconnected nature of their underground economy — have evolved dramatically in the last several years. Adversaries are increasingly leveraging sophisticated management principles in the creation and expansion of their operations to ultimately increase their impact and financial profits, which are both core motivations for nearly all attack groups today. Enterprises can use this inside knowledge against the attackers to disrupt the organizational structure and mitigate their risks.

The research delivers an in-depth analysis of the motivations behind the attacks adversaries choose to pursue, and the ‘value chain’ illegal organisations have established to expand their reach and maximise profits. Based on this insight, the report also provides actionable recommendations for enterprises to mitigate risk through disruption of these adversary groups.

“Organisations that think of cybersecurity as purely another checkbox to mark, often do not leverage the value in high fidelity cybersecurity intelligence,” said Andrzej Kawalec, Head of HPE Security Research and Chief Technology Officer, HPE Security Services. “This report gives us a unique perspective on how our adversaries operate and how we can disrupt them at each step of their criminal value chain.”


The Attackers’ ‘Value Chain’

Today’s adversaries often create a formalized operating model and ‘value chain’ that is very similar to legitimate businesses in structure, and delivers greater ROI for the cybercriminal organization throughout the attack lifecycle. If enterprise-level security leaders, regulators and law enforcement are to disrupt the attackers’ organization, they must first understand every step in the value chain of this underground economy.

 Critical elements to the attackers’ value chain models typically include:

Human Resources Management – includes recruiting, vetting and paying the supporting ‘staff’ needed to deliver on specific attack requirements; the skills-based training and education of attackers also falls within this category.

Operations – the ‘management team’ that ensures the smooth flow of information and funds throughout the attack lifecycle; this group will actively seek to reduce costs and maximize ROI at every step.

Technical Development – the front-line ‘workers’ providing the technical expertise required to perform any given attack, including research, vulnerability exploitation, automation, and more.

Marketing and Sales – these teams ensure that the attack group’s reputation in the underground marketplace is strong and the illicit products are both known and trusted among the target audience of potential buyers.

Outbound Logistics – this encompasses both the people and systems responsible for delivering purchased goods to a buyer, be it large batches of stolen credit card data, medical records, intellectual property or otherwise.

“Cybercriminals are highly professional, have robust funding, and are working together to launch concentrated attacks,” said Chris Christiansen, Program Vice President, Security Products and Services, IDC. “The HPE Business of Hacking Report offers key insight for legitimate organizations to better disrupt adversaries and mitigate risks by understanding how they are operating and maximizing profits.”


Download the full report here


EIMF will organize two seminars in June on Cyber Security

Managing Cyber Security on the 22-23 JuneLearn more 

Online Investigations for Non-Technical Audiences on the 24 JuneLearn More