Cybercriminals Are Adopting Corporate Best Practices

← Back to Stories (view on slashdot.org)

Cybercriminals Are Adopting Corporate Best Practices

Posted by msmash on Tuesday April 12, 2016 @07:31AM from the professionalism-in-everything-we-do dept.

Orome1 writes: Cybercriminals are adopting corporate best practices and establishing professional businesses in order to increase the efficiency of their attacks against enterprises and consumers. This new class of professional cybercriminal spans the entire ecosystem of attackers, extending the reach of enterprise and consumer threats and fueling the growth of online crime. Low-level criminal attackers are even creating call center operations to increase the impact of their scams. "Advanced criminal attack groups now echo the skill sets of nation-state attackers. They have extensive resources and a highly-skilled technical staff that operate with such efficiency that they maintain normal business hours and even take the weekends and holidays off," said Kevin Haley, director, Symantec Security Response. "We are even seeing low-level criminal attackers create call center operations to increase the impact of their scams."

42 of 66 comments (clear)

Min score:

Reason:

Sort:

Relief! Finally! by 140Mandak262Jamuna · 2016-04-12 07:35 · Score: 4, Funny

I was very much worried about the cyber criminals. Despaired what/who could stop them.
Finally, relieved. Corporate best practices! If that does not kill their efficiency and agility, nothing will. Hope the also implement agile rally scrum thingies complete with kanban board and daily dissing of waterfall development. Seven layers of managers telling the lone code monkey what to do, quarterly story point estimates, progress reports, burn down charts, ... the works. So much time will be spent in measuring progress and in planning meeting, nothing will ever get done. Great!

--
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
1. Re:Relief! Finally! by Anonymous Coward · 2016-04-12 07:47 · Score: 1
  
  I was very much worried about the cyber criminals. Despaired what/who could stop them.
  Finally, relieved. Corporate best practices!!
  Yes! They will employ ITILv2 experts and Service Delivery managers to "improve" their business models,
  Who could think of more expert types? :-)
2. Re:Relief! Finally! by mlts · 2016-04-12 07:59 · Score: 4, Insightful
  
  I am not surprised. It can be asserted that malware is the best written software in existence today, because it had to be small, work flawlessly, and do its job well. Unlike most shops where "it builds, ship it" is the mantra, malicious software has to fly under the radar, or it will be detected and destroyed pretty quickly.
3. Re:Relief! Finally! by PopeRatzo · 2016-04-12 09:17 · Score: 4, Funny
  
  I am not surprised
  Neither am I. After all, corporations have adopted criminal best practices for decades.
  
  --
  You are welcome on my lawn.
4. Re:Relief! Finally! by Lumpy · 2016-04-12 09:48 · Score: 1
  
  Exactly! soon they will stop being productive and have meetings about meetings trying to decide when the next meeting should be held..
  
  --
  Do not look at laser with remaining good eye.
5. Re:Relief! Finally! by Greyfox · 2016-04-12 10:43 · Score: 3, Funny
  
  Funnily, none of those things on their own will actually kill your productivity. What will is jumping on the bandwagon of the month without giving everyone time to get used to whatever process you put in place. And the thing about organized crime is, if your manager is bad, you just kill them. So I suspect that a lot of organized criminal enterprises might actually end up being nicer workplace environments than many of the companies that I've worked for in the past. And although their retirement packages might suck, they couldn't be any worse than corporate America right now.
  
  --
  I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
6. Re:Relief! Finally! by Barlo_Mung_42 · 2016-04-12 18:20 · Score: 1
  
  Just came in to make sure something like this was the top comment. Right then, carry on.
Difference by Anonymous Coward · 2016-04-12 07:36 · Score: 2, Insightful

As the criminals become more like tech companies and the tech companies become more criminal, we soon can't tell the difference.
1. Re:Difference by TheReaperD · 2016-04-12 08:55 · Score: 1
  
  It'll be easy to tell the difference: Who pays their brib.. er.. campaign contributions to the politicians and who doesn't.
  
  --
  "Be particularly skeptical when presented with evidence confirming what you already believe." -
Question by The-Ixian · 2016-04-12 07:39 · Score: 4, Funny

Do low-level criminal attackers create call center operations to increase the impact of their scams?
I don't think this summary answered that question adequately.

--
My eyes reflect the stars and a smile lights up my face.
1. Re:Question by wardrich86 · 2016-04-12 07:54 · Score: 4, Funny
  
  It'd still be better than calling Comcast
2. Re:Question by TheReaperD · 2016-04-12 08:56 · Score: 2
  
  Yea, they actually wan't to provide good service to their "customers," unlike Comcast.
  
  --
  "Be particularly skeptical when presented with evidence confirming what you already believe." -
3. Re:Question by Pseudonym · 2016-04-12 11:20 · Score: 1
  
  Female cybercriminals still only get 77% of the loot that male cybercriminals do. Equal takings for equal crimes, I say!
  
  --
  sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
4. Re:Question by Krishnoid · 2016-04-12 12:11 · Score: 1
  
  High-quality call-center based customer support? That should trivially distinguish them from the legitimate businesses.
5. Re:Question by rs1n · 2016-04-13 03:20 · Score: 1
  
  It'd still be better than calling Comcast
  I'm pretty sure a significant number of people would put Comcast in the same category as criminals.
6. Re:Question by wardrich86 · 2016-04-13 04:16 · Score: 1
  
  wa't
7. Re:Question by TheReaperD · 2016-04-13 09:27 · Score: 1
  
  That's what I get for typing on no sleep. *sigh*
  
  --
  "Be particularly skeptical when presented with evidence confirming what you already believe." -
Great, now even cybercriminals file TPS reports by Irick · 2016-04-12 07:41 · Score: 4, Funny

Where am I going to fantasize about escaping the mediocrity of corporate existence now?
As they say.. by Virtucon · 2016-04-12 07:43 · Score: 2

When the going gets weird, the weird turn pro.

--
Harrison's Postulate - "For every action there is an equal and opposite criticism"
that's why it's called Organized Crime by turkeydance · 2016-04-12 07:43 · Score: 3, Funny

and the boss still sucks.
1. Re:that's why it's called Organized Crime by Tablizer · 2016-04-12 08:25 · Score: 1
  
  There must be some interesting forms at such orgs:
  Strike Category:
  1. (_) Intimidation Only:
  1.1 (_) Fake horse head in bed
  1.2 (_) Real horse head in bed (high budget only)
  1.3 (_) Install Windows 10 on home PC
  1.4 (_) Smash car:
  . . . . [_] Windshield [_] Body [_] Tire pop
  2. (_) Injury:
  2.1 (_) Strike to Knee: # of strikes: _____
  2.2 (_) Gut hit: # of hits: _____
  3. (_) Finish Off:
  3.1 (_) Cement galoshes
  3.2 (_) Swimmin' with d' fishies
  3.3 (_) Car "accident"
  3.4 (_) Other: ____________________
  
  --
  Table-ized A.I.
2. Re:that's why it's called Organized Crime by ole_timer · 2016-04-13 01:11 · Score: 1
  
  Yes, but he has a bat in his hand.
  
  --
  nothing to see here - move along
Since when do noisy call centers full of by Nutria · 2016-04-12 07:56 · Score: 1

Indians speaking horrible English "increase the impact of their scams"?
Unless by "increase the impact" they mean, "make it an obvious scam"...

--
"I don't know, therefore Aliens" Wafflebox1
1. Re:Since when do noisy call centers full of by duke_cheetah2003 · 2016-04-12 08:06 · Score: 5, Insightful
  
  Indians speaking horrible English "increase the impact of their scams"?
  Unless by "increase the impact" they mean, "make it an obvious scam"...
  Oh I dunno, having Indians being their call center goons would legitimize them even more, since they'd be on par with actual legitimate businesses.
2. Re:Since when do noisy call centers full of by Nutria · 2016-04-12 08:37 · Score: 1
  
  The legitimate Indian call center employees that I have spoken to have pretty good command of English with a -- while noticeable -- mild accent.
  The Indian scammers who call me are definite rejects based on their strong accents and inability to do anything but poorly follow a script.
  
  --
  "I don't know, therefore Aliens" Wafflebox1
3. Re:Since when do noisy call centers full of by Nutria · 2016-04-12 09:35 · Score: 1
  
  "James Ellis from the Dish Network" (he just called me) does not have a strong Indian accent.
  
  --
  "I don't know, therefore Aliens" Wafflebox1
But what will low-level criminal attackers do? by blind+biker · 2016-04-12 08:01 · Score: 1

Will they create call center operations to increase the impact of their scams?
I mean, will they create call center operations to increase the impact of their scams?

--
"The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
Nah by s.petry · 2016-04-12 08:02 · Score: 1

Corporate Practices translated to Crime: Their Lobbying group will ensure that they never ever get prosecuted for stealing your stuff. They are calling it PHUCKU, or Political Harassment Until Crime Kills U.

--
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
Maybe the luddites are right by davidwr · 2016-04-12 08:13 · Score: 1

Maybe there is something to be said for keeping some of your "in house" data only on paper or at least on disconnected computers to make infiltration and ex-filtration harder.
Yes, there is some data that you must have accessible from the outside. For example, if you are a doctor's office your current clients will want to be able to cancel or change future appointments without having to talk to a live human being. But you don't necessarily need all of your former patents' complete medical and payment histories or even their names on an internet-connected computer.
You'll still need off-site backups of your non-Internet-accessible data though: fire destroys both disks and paper, and rogue employees and state-level actors can still compromise your paper and offline records if they care to do so. Heck, even a police raid that takes "all of your computers and papers" is much easier to recover from if you have off-site backups that weren't named in the warrant.

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
No need to worry. by malditaenvidia · 2016-04-12 08:37 · Score: 1

It's okay, John McAfee will keep us safe.
I'm having definite Sneakers flashbacks... by Etcetera · 2016-04-12 08:43 · Score: 1

Cosmo: There I was in prison. And one day I helped a couple of nice older gentlemen make some free telephone calls. They turned out to be, let us say, good family men.
Martin Bishop: Organized crime?
Cosmo: Hah. Don't kid yourself. It's not that organized.

--
Hire a Linux system administrator, systems engineer,
Re:Baloney by TheReaperD · 2016-04-12 08:59 · Score: 1

From what I've read, not all those lapses are on accident. Phishers and money scammers make more money on the stupid and greedy who are willing to overlook glaring logic errors either because they don't understand them or they want a payoff so badly they ignore them. It cuts down the amount of effort wasted on the non-gullible.

--
"Be particularly skeptical when presented with evidence confirming what you already believe." -
Re: How do I apply? by TheReaperD · 2016-04-12 09:01 · Score: 1

I work in software for the marijuana industry, and everyone leaves at 4:20. First tech job I've ever had like that.
FTFY

--
"Be particularly skeptical when presented with evidence confirming what you already believe." -
Re:Who are they recruiting? I suspect... apk by Anonymous Coward · 2016-04-12 09:34 · Score: 1

this can't really be APK, there's no mention of HOSTS files anywhere.
Cybercriminals adopt ITIL by sbjornda · 2016-04-12 09:47 · Score: 1

Cybercriminals adopt ITIL. What could possibly go wrong?? Or do I mean, what could possibly go right?? I'm so confused.
--
.nosig
Cybercriminals adopting corporate best practices? by khz6955 · 2016-04-12 11:22 · Score: 1

Dear slashdot, whenever I see 'cyber' in a sentence I always wonder what technically clueless idiot got paid to type it up.
Seven layers of managers? by khz6955 · 2016-04-12 11:27 · Score: 1

"Seven layers of managers telling the lone code monkey what to do" ref

Haaa, that got me laughing, I only had the three managers myself :)
Not really a surprise. by idbeholda · 2016-04-12 11:29 · Score: 1

If you're doing something illegal, you'll take every measure to avoid being caught in the act.
Methodologies by suupaabaka · 2016-04-12 11:47 · Score: 2

It won't be long til we see PRINCE2 for Cybercrime, with strong focus on ITIL methodologies.
Only PM professionals with 5+ years experience in cybercrime need apply.
Comment removed by account_deleted · 2016-04-12 19:18 · Score: 2

Comment removed based on user account deletion
nothing changes by Anonymous Coward · 2016-04-12 19:22 · Score: 1

My favorite cartoon:
A teenager saying to dad: Dad, i'm gonna make a carrier in organized crime field.
Dad: Government or private sector?
redundant redundancy by Rudisaurus · 2016-04-13 05:33 · Score: 1

Does anyone actually edit Slashdot article summaries anymore? Both the 3rd and 7th sentences of the summary read, "low-level criminal attackers are even creating call center operations to increase the impact of their scams". I think we all got the point the first time it was made. Does anyone actually edit Slashdot article summaries anymore?

--
licet differant, aequabitur