Curbing the For-Profit Cybercrime Food Chain

msm1267 writes: A new report coauthored by Google researchers and a host of academics explains that firewalls, two-factor authentication and other traditional defensive capabilities put security teams in a constant dogfight against cybercrime. Instead, the focus, they says, should be on attacking the criminal infrastructure. The report outs a number of soft spots and inter-dependencies in the criminal underground that could be leveraged to cut into the efficacy of cybercrime. "Commoditization directly influences the kinds of business structures and labor agreements that drive recent cybercrime," the researchers write. While shutting down the black market is easier said than done, the paper notes a few ways to deter the behavior of attackers, if not fully break the chain.

Follow the money

[JustAnotherOldGuy]

Follow the money.

Seriously, how hard is that? These criminals use credit cards and bank accounts...and the card companies KNOW that they're processing fraudulent transactions but they make money from each transaction so in the end they turn a blind eye.

Same goes for the banks- most of them KNOW they have criminals passing money through their institutions. But hey, who's gonna turn down a "customer" with 10 million dollars to deposit? No one, that's who.

Yes, I know it's not that simple, but my point stands: choke off their ability to use the financial system and this stuff will get much much harder for them. I mean, fuck, when ransomware demands a credit card for payment, there's your first lead. Yes, some of them want a Western Union transfer, but even so...follow the money. FOLLOW THE FUCKING MONEY.