The findings, made by Finjan Software's Malicious Code Research Center (MCRC), show that the “boss” does not commit crimes, rather leaves this to an “underboss” who provides trojans for attacks and also runs command and control functions'.
Next in line are “campaign managers,” who report to the so-called underboss and lead campaigns. They use their own affiliate networks as channels to perform attacks and steal data, which is then sold by individuals who are not directly involved in the attacks.
The MCRC report, which covers trends for Q2 2008, discusses how loosely organized clusters of hackers trading stolen data are being replaced by highly organized cybercrime groups.
“Over the course of the last 18 months we have been watching the profit-driven cybercrime market maturing rapidly. It has evolved into a booming business, operating in a major shadow economy with an organizational structure that closely mimics the real business world,” said Yuval Ben-Itzhak, Finjan's chief technology officer.
He added: “Recent industry reports containing record numbers of malware infections during the first half of 2008 alone underline again the huge impact of cybercrime on today's businesses.”
Businesses should look closely at their security practices, advises Finjan. A layered security approach is recommended as a highly effective way of handling cybercrime threats. Real-time content inspection designed to detect cybercrime is one key protective factor.