Cybercriminals are employing business tactics, and often have an underground support network they can call on to perform tasks like training, money laundering, recruiting and more, according to a white paper from Hewlett Packard Enterprise.
The report, The Business of Hacking, found cybercriminals are now taking a very structured approach to their activities in order to reduce inefficiencies and improve ROI.
In addition to basic business services, hackers often employ specialists to do things like market and sell exploit kits and compromised data, according to the report.
Shogo Cottrell, a security strategist with HPE Security, said some organizations have even developed in-house training, disaster recovery and 24/7 telephone support services.
Cybercriminals are embracing the "traditional sound business practices of increasing your revenue, reducing your costs, maximizing your profit," Cottrell said in an interview with CSO.
The report also looked into the types of cybercrime that are the most successful, but require the least amount of effort. Among the winners: advertising fraud and extortion. Hacktivism and credit card fraud were also identified as easy and low-risk, but had lower average returns.
HPE's report is not the first to call on the growing sophistication of cybercriminal organizations.
A report released by Kaspersky Lab at the end of March found cybercriminals worldwide are beginning to coordinate and work in groups, ignoring both language and geographic barriers to create more efficient targeting tools. And IBM’s annual threat report found that cybercriminals are consistently using large teams of developers to create powerful malware to attack large numbers of organizations.
The HPE paper makes several recommendations businesses can take to help protect themselves from cybercriminals, such as employing end-to-end encryption for sensitive data and using application security tools.