spoke with Check Point Research Director of Threat Intelligence Research Maya Horowitz, who highlighted a rising trend of cybercriminal groups joining forces and bolstering the underground cybercriminal economy through their coordinated activities. “In some cases, it’s just an as-a-service model, so the groups don’t necessarily have to know each other. But in many cases, the cooperation is so tight, that we have to assume that there’s something there behind the scenes, that these groups actually communicate and complete each other’s gaps in the attack chain,” Horowitz said. Actors would likely split the profit after a successful attack or provide payment for services. Their reasons could range from capitalizing on some groups’ expertise in certain parts of the attack chain, or as a smokescreen to confound researchers looking into their methods and tools, Horowitz said. Horowitz also touched on the top malware families expected to emerge after the dismantling of Emotet, naming Phorpiex, Dridex and QBot as potential top malwares for 2021.