Story image

Unmasking cyber criminals: research unveils six cybercriminal personalities

14 Apr 16

New research from BAE Systems has unveiled the six different cyber criminal personalities that represent the biggest threats to Australian businesses. 

The company said it has released the research in anticipation of the upcoming launch of the Australian Government’s Cyber Security Review.

The research, The Unusual Suspects, profiles six prominent types of cybercriminals, exposing how they cause harm, and provides practical guidance for companies to defend themselves.

Threat intelligence experts at BAE Systems developed The Unusual Suspects based on extensive analysis of thousands of cyber attacks on businesses to reveal the motivations and methods of the most common types of cybercriminal, the company explains.

BAE Systems says the research shows the increasing industrialisation of cyber crime. 

Dr Rajiv Shah, regional general manager, BAE Systems Applied Intelligence, Australia and New Zealand, says with the majority of Australian businesses still practising a traditional, perimeter-based security approach, the Unusual Suspects is intended to help enterprises understand the enemies they face so they can better defend themselves.

“Some cyber criminals are becoming even more professional, offering skills and services, such as project management, to other criminal organisations,” Shah explains.

“They are writing their own software that comes with service agreements and money-back guarantees if the code gets detected, with the promise of a replacement,” he says.

“This ‘industrialisation’ of cyber crime means it has never been more important for businesses to understand and protect themselves against the risks they face.”

BAE Systems has profiled six cybercriminals:

  • The Professional – career criminals who ‘work’ 9-5 in the digital shadows
  • The Insider – disillusioned, blackmailed or even over-helpful employees operating from within the walls of their own company
  • The Mule – naive opportunists that may not even realise they work for criminal gangs to launder money
  • The Nation State Actor – individuals who work directly or indirectly for their government to steal sensitive information and disrupt enemies’ capabilities
  • The Activist – motivated to change the world via questionable means
  • The Getaway – the youthful teenager who can escape a custodial sentence due to their age

Sergei Shevchenko, senior security researcher, BAE Systems Applied Intelligence, says the majority of attacks are still motivated by short term financial gain, such as the theft of card payment details. 

However, Shevchenko says cyber criminals can also seek out an organisation’s intellectual property. Once cyber criminals steal business data, they are able to sell it on underground forums where Australian data is highly valued, he says.

“We anticipate that organised cyber criminals will go to greater lengths to improve their own operational security and increase their use of deception; that is, the placing of false flags to throw off researchers and hamper attribution,” Shevchenko explains.

“Researchers will need to tread more carefully to effectively guide the enforcement activities by the relevant authorities.”

According to Shah, Australian businesses can prepare for the forthcoming Cyber Security Review by making sure they understand the risks to their organisation; by making sure they elevate cyber risk to be considered at a board level; and, by making sure their approach to cyber defence takes into consideration the full range of motivations of a potential attacker.

HPE expands AI-driven operations
HPE InfoSight extends select predictive analytics and recommendation capabilities to HPE servers, enabling smarter, self-monitoring infrastructure.
Dimension Data nabs three Cisco partner awards
Cisco announced the awards, including APJ Partner of the Year, at a global awards reception during its annual partner conference.
WatchGuard’s eight (terrifying) 2019 security predictions
The next evolution of ransomware, escalating nation-state attacks, biometric hacking, Wi-Fi protocol security, and Die Hard fiction becomes reality.
Why the adoption of SAP is growing among SMEs
Small and medium scale enterprises are emerging as lucrative end users for SAP.
Exclusive: How the separation of Amazon and AWS could affect the cloud market
"Amazon Web Services is one of the rare companies that can be a market leader but remain ruthlessly innovative and agile."
HPE extends cloud-based AI tool InfoSight to servers
HPE asserts it is a big deal as the system can drive down operating costs, plug disruptive performance gaps, and free up time to allow IT staff to innovate.
Digital Realty opens new AU data centre – and announces another one
On the day that Digital Realty cut the ribbon for its new Sydney data centre, it revealed that it will soon begin developing another one.
A roadmap to AI project success
Five keys preparation tasks, and eight implementation elements to keep in mind when developing and implementing an AI service.