A Look Inside the Business of Organized Cybercrime

Anthony Freed
By | December 27, 2012

Posted in: Network Security Trends

Ever consider adding "malware developer" or "botnet master" to your curriculum vitae? With the increasingly sophisticated nature of Crime-as-a-Service (CaaS), there just might be a recruiter out there looking to help you land a new job and put those nefarious skills to use. A new report which delves into the makeup of organized cybercrime reveals that the structure of some of the most successful syndicates is almost indistinguishable from those of legitimate enterprise operations, and the basic goal is the same: Profitability in a highly competitive landscape.

Network security vendor Fortinet released the 2013 Cybercrime Report which details how cybercrime has evolved an operational hierarchy which mirrors those of large commercial enterprises, including an executive class, middle management, marketing, and an ever expanding workforce with highly specialized skillsets.

"Today, as any commercial enterprise, cybercrime has evolved into a complex, highly organized hierarchy involving leaders, engineers, infantry, and hired money mules. Looking from the outside in, there’s little to distinguish cybercrime organizations from any other business," the report states.

Key to the success and profitability of the syndicates examined in the study include the development of a strategic business model which is overseen by an executive class. Once the model is in place, middle management begins the process of recruiting staff to execute the operation through the establishment of affiliate programs, and the services are then ready to be openly marketed through online forums and underground communities.

"Crimeware syndicates, in order to survive, must possess a comprehensive business model and monetization strategy because even an illegal company needs to ‘pay the bills’ in order to function on a day-today basis," the report notes.

Some of the CaaS offerings being actively advertized by the criminal syndicates include:


  • Consulting services such as botnet setup ($350-$400)

  • Infection/spreading services (~$100 per 1K installs)

  • Botnets & Rentals [Direct Denial of Service (DDoS) $535 for 5 hours a day for one week], email spam ($40 / 20K emails) and Web spam ($2/30 posts)

  • Quality Assurance vs. Detection (Crypters, Scanners - $10 per month)

  • Affiliate Programs ($5k per day is possible)

  • Onshore & Offshore Hosting – Virtual Private Servers ($6 per month),

  • Bulletproof/Fast Flux hosting and (VPNs & reverse proxies ($3 per month)

  • Blackhat Search Engine Optimization (SEO) ($80 for 20K spammed backlinks)

  • Inter-Carrier Money Exchange & Mule services (25% commission)

  • CAPTCHA Breaking ($1/1000 CAPTCHAs)—Done through recruited humans

  • Crimeware Upgrade Modules: Using Zeus Modules as an example, (from $500 to $10K)

The Fortinet report points out that while collaborative efforts between law enforcement agencies internationally have proven to be somewhat effective in dismantling some of the largest criminal operations, it is up to individual organizations in the private sector to take proactive measures to ensure that an effective security strategy is in place in order to make the success of these operations that much more challenging for the syndicates.

"As history has shown, collaborative efforts have toppled some of the world’s most powerful botnets and crime rings and will continue to do so. While new cybercrime syndicates will continue to emerge and proliferate, organizations that arm themselves with a solid, multi-layered security strategy and security best practices are doing their part in the effort to reduce the effectiveness of cybercrime," the study concluded.

You May Also Be Interested In: