igor - Fotolia
Skype is the most popular communication platform for cyber criminals, and appears in the top five for the seven language groups analysed by business risk intelligence firm Flashpoint.
Skype use was highest across the English language criminal underground from 2012 to 2016, but more recently it has ceded ground to Jabber, ICQ and Kik Messenger.
Other messaging services evaluated in the study include AOL Instant Messenger, Telegram, WeChat, QQ, WhatsApp and Kik. The study also looked at PGP, an encryption protocol often used across different messaging services.
The study attributes the popularity of Skype partly to the fact that it is bundled with Microsoft software and devices, and notes that this trend shows that, in some respects, convenience outweighs sophistication.
The study looked at the evolution of criminal communications strategies, tactics and tools, tracking the communications strategies and preferences of cyber criminals across multiple regions and actors from 2012 to 2016.
According to the study report, cyber criminals are much more collaborative than the organisations they are targeting – and Russia is a cyber crime trendsetter.
The study found that, based on prominence and track record, actors from other language groups emulate Russian cyber criminals in an attempt to raise their own levels of competency.
Cyber criminal groups, regardless of their language, skills, location or affiliation, tend to share a strong desire to reap the benefits of cross-community collaboration, information sharing and even mentorship, the study found.
Read more about threat intelligence
- Threat intelligence tools are a growing market and enterprises need to be able to see through the hype to get the best product for them.
- Learn how threat intelligence services benefit enterprise security and how to subscribe to the right threat intelligence service.
- Threat intelligence is quickly becoming an essential ingredient for protecting corporate systems and data.
Criminal communities provide a place for actors to collaborate by sharing tips and tricks that help them defeat security measures and evade detection, the report said, with each member of the community able to learn from the successes and failures of other members.
The research also confirmed that cyber criminal communities allow for the division of labour and, consequently, economies of scale because many cyber crime schemes depend on the actions of a number of actors working together, including malware developers, crypto writers, spammers, botnet masters, payment card specialists and cashers.
Collaboration allows them to reach higher levels of proficiency and efficiency than would be possible if each acted alone, the report said.
Taken together, the results highlight the evolving nature of cyber criminal communications and emphasises the need for organisations to make use of all the intelligence they can in order to protect their reputations and minimise the risks they face, the report said.
It is crucial to recognise that for some organisations, cyber criminals’ use of digital communication tools may have bigger implications depending on how much an organisation and its stakeholders engage with and support such tools, the report said.
To evaluate the risks posed by cyber criminals’ use of certain communication tools, organisations should consider whether:
- An acceptable use policy addresses employee usage of third-party communication tools such as those outlined in the report.
- Employee usage of such tools within internal networks is monitored and/or regulated.
- Internal network traffic is monitored for personal application usage, abnormal downloads and other behaviours that diverge from what would be expected within a business environment.
- The organisation has ample visibility into the deep and dark web to monitor for and address emerging cyber crime threats and trends.