Cybercrime Economy: An Analysis of Cybercriminal Communication Strategies

Malicious actors’ widespread preference for encrypted tools and services continues to fuel the ongoing debate over encryption. While jihadist groups such as ISIS first drew public attention to the issue during the high-profile battle between the FBI and Apple over the mobile phone belonging to one of the San Bernardino shooters in 2015, various threat actor groups have long relied on encryption to conceal their illicit activities and conversations. Cybercriminals are one such group. Not only does their ubiquitous usage of encrypted communication tools further perpetuate the “encryption debate”, it presents countless challenges for organizations seeking to gain visibility into the cyber threat landscape and combat cybercrime.

Cybercriminals will always seek to evade third-party detection. Despite the increased adoption of robust cybersecurity and threat intelligence programs, threats ranging from low-level fraud and phishing to large-scale ransomware extortion campaigns and DDoS attacks continue to emerge and yield damage across the enterprise. Although more organizations are recognizing the critical need to safeguard their critical systems, infrastructure, stakeholders, and data from cyber threats, most of these threats remain under-the-radar until they emerge from the exclusive confines of the Deep & Dark Web. These vast, difficult-to-access regions of the Internet encompass illicit marketplaces, invite-only forums, and yes — password-protected communication channels supported by applications that employ varying levels of encryption.

Indeed, Flashpoint’s newest research paper titled, “Cybercrime Economy: An Analysis of Cybercriminal Communication Strategies,” acknowledges that cybercriminals’ use of various encrypted communication tools presents countless challenges for organizations seeking to combat cybercrime. This research examines data collected between 2012 and 2016 from cybercriminal communities spanning seven different languages: Russian, Spanish, French, Arabic, Chinese, Persian/Farsi and English. Flashpoint analyzed trends pertaining to these communities’ use of communication tools including ICQ, Skype, Jabber, PGP, AOL Instant Messenger, Telegram, WeChat, QQ, WhatsApp, and Kik.

The results of this study address the following questions:

• Which nation state is the trendsetter in selecting communication tools, based on prominence and track record, and why?

• The widespread popularity of which application demonstrates that convenience often outweighs both sophistication and operational security?

• Which application was most popular among English-speaking cybercriminals in 2012 and what do those results look like today?

• How can organizations direct intelligence-led initiatives while cultivating an increased understanding of the complex variables driving cybercriminal behavior?

Analyzing cybercriminals’ tactics, tools, and procedures provides necessary context for understanding their communications methods. Especially in today’s day and age of complex and relentless cyber threats, organizations should recognize that effectively bolstering security measures to address these threats requires comprehensive visibility into all factors contributing to their threat landscape. While even the most robust, well-equipped security teams may never be able to detect and protect against each and every threat proactively, Business Risk Intelligence (BRI) derived from the Deep & Dark Web can provide organizations with additional visibility and critical insights that not only shed light on cybercriminals’ communication strategies but also help address cyber threats, inform strategic decisions, and mitigate risk across the enterprise.

For more information regarding cybercriminal communication strategies, download the paper here.