Confused economies and rising unemployment rates foster a rich opportunity for cybercrime recruitment.

Derek Manky, Chief Security Strategist & VP Global Threat Intelligence, FortiGuard Labs

November 3, 2022

3 Min Read
Source: Igor Stevanovic via Alamy Stock Photo

It's well known that cybercrime has become big business — and not just in terms of the volume but also in how crime syndicates are organizing themselves. As we saw earlier this year with the leak of files from the Conti ransomware group, that organization was operating very much like any other enterprise — it even had an HR lead and a recruitment director. We've also seen how bad actors are actively recruiting internal help with their missions.

Here's one aspect of cybercrime syndicates that's unlike most of their legitimate business counterpoints — economic uncertainty and rising unemployment rates are a boon for them. That's because these factors create a ripe opportunity for ramped-up recruitment efforts.

We're witnessing huge growth in ransomware-as-a-service (RaaS). The ransomware threat continues to adapt with more variants enabled by RaaS; our researchers saw 10,666 different variants in the first half of 2022, compared with just 5,400 in the previous six-month period. Why is this important? Because it underscores just how much easier RaaS is making it for bad actors to operate — they're able to perpetrate attacks faster and at a high rate of scale.

Recruitment, Recruitment, Recruitment

One way cybercriminals operate is through the use of "cyber mules" to launder their financial gain. Sometimes these mules know what they're getting into, and sometimes they're lured in under false pretenses. Criminal organizations frequently rely on legitimate-looking job postings on legitimate job-hunting websites. A dubious job ad might refer to the need for a "money transfer agent," a "payment processing agent," or even a role as vague and general as an "administration representative." These job listings and solicitation emails prey on people's desperation by offering what seems to be legitimate employment.

Leaning on insiders within organizations for help is another tactic cybercrime syndicates use for their recruitment efforts. One recent survey found 65% of respondents said they had been approached by bad actors to help with ransomware attacks against the organizations they work for.

With more people and resources, cybercrime organizations will be able to pull off more attacks and organizations need to be aware of this. Recruitment efforts show that ransomware groups are expanding and potentially able to pull off more sophisticated attacks.

Collaboration to Combat Cybercrime Recruiting

It takes a global team effort with solid, dependable relationships among cybersecurity stakeholders to defeat international cybercriminal groups. Criminal organizations operate nearly identically to legitimate enterprises. They have costs and profit margins. They may start looking for a new way to make money if they are unable to make a profit in a timely manner because cyber defenders are destroying their infrastructures and making them constantly start over. Cybercrime may start to decline after attackers start to give up out of concern about being discovered and arrested or because they believe the rewards aren't worth the dangers.

The World Economic Forum Partnership Against Cybercrime (PAC) is undertaking one such initiative. To disrupt cybercrime ecosystems, PAC has concentrated on fusing private sector data and digital knowledge with public sector threat intelligence. PAC has long said that breaking down communication barriers and adopting a worldwide strategy will make it simpler to get beyond the factors that protect cybercriminals.

Last year, this private-public partnership introduced the Cybercrime Atlas, a joint research initiative that gathers and compiles data about the cybercriminal ecosystem and the main threat actors active today. Legal authorities will gain from increased visibility into cybercrime operations in their investigations, takedowns, prosecutions, and convictions.

Economic insecurity provides a ripe opportunity for cybercriminals to recruit, and they've gotten so good at it that some unsuspecting job seekers get pulled into their web of evil. Or they go after employees at companies they want to target, hoping for some insider help. Collaboration at the global level combines the strengths and resources of the private and public sectors to give organizations the up-to-date intel they need to protect their networks from increased cybercrime recruitment and its fruits.

About the Author(s)

Derek Manky

Chief Security Strategist & VP Global Threat Intelligence, FortiGuard Labs

As Chief Security Strategist & VP Global Threat Intelligence at FortiGuard Labs, Derek Manky formulates security strategy with more than 15 years of cybersecurity experience. His ultimate goal is to make a positive impact toward the global war on cybercrime. Manky provides thought leadership to the industry, and has presented research and strategy worldwide at premier security conferences. As a cybersecurity expert, his work has included meetings with leading political figures and key policy stakeholders, including law enforcement, who help define the future of cybersecurity. He is actively involved with several global threat intelligence initiatives, including NATO NICP, Interpol Expert Working Group, the Cyber Threat Alliance (CTA) working committee, and FIRST, all in an effort to shape the future of actionable threat intelligence and proactive security strategy.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights