How to disrupt cybercrime networks

In a speech, engineer and inventor Charles F. Kettering once pointed out, "There is a great difference between knowing a thing and understanding it. You can know a lot and not really understand anything."

This statement certainly applies to cybercrime.

Globally, businesses, individuals, critical infrastructure, and government organizations have suffered, with increasing frequency, from various cyber intrusions and attacks. One outcome of this is that digital mountains of data are continuously being collected and updated about the activities and movements of cybercriminals. But this information is disjointed, and out of the hands of the appropriate law enforcement actors, it is not especially useful. Without a more robust picture of the cybercrime landscape, including cybercrime operations, business structures, networks, and environments, we can't fully understand it. And unless we understand it, we cannot fight it effectively.

In an effort to improve the understanding and ability to analyze this landscape, the World Economic Forum's Partnership Against Cybercrime (PAC) members have launched a project to better understand the cybercriminal ecosystem and the major threat actors operating today. Launched in September 2021, the Cybercrime ATLAS project has the following goals:

Ultimately, ATLAS community aims to fill existing gaps by creating a respected international community built on the expertise of public and private sector partnerships. That community can work to understand and disrupt the cybercriminal ecosystem through raising and powering a collaborative platform and engine. The Cybercrime ATLAS project aims to become a hub that links cybersecurity experts and encourages and supports sharing knowledge on analysis techniques, new tools, new adversary behavior, and strategic insights.

Operating collaboratively, the community will work to understand and disrupt the cybercriminal ecosystem and mitigate the negative impact of attacks. In this vision, the Cybercrime ATLAS will become an “intelligence pool” for understanding cybercriminal group operations, such as tactics, techniques, and processes (TTPs) over time, threat actor infrastructures, corrupt or unwitting syndicate financial support systems, and the identities of the criminals and then an operational platform. The plan is to share the results with public sector law enforcement agencies and criminal justice systems.

The Cybercrime ATLAS project exemplifies how working together can yield great results. Following the World Economic Forum's recommendations for public-private partnership against cybercrime, PAC is working appropriately to bridge the perceived barriers between private companies, non-profit organizations, and public agencies. Since combating a problem requires understanding it, the PAC set an ambitious goal of mapping the major global cybercrime syndicates.

Providing visibility is a critical first step in efforts to help disrupt cybercriminal ecosystems and infrastructures. Enhanced visibility will assist legal authorities in achieving more successful cybercrime investigations, takedowns, prosecutions, and convictions. It will also provide an opportunity to strategically identify and target vulnerabilities in the criminal ecosystem.

Considering the scale and sophistication of the current threat landscape, making a significant difference in the battle against cybercrime may seem like an insurmountable task – but the consortium of industry leaders that make up PAC are equipped to take up this mantle. Among the partners contributing directly to this effort are Accenture, Bank of America, Coinbase, Fortinet, Microsoft, Check Point, SpyCloud and the Cyber Threat Alliance.

The Cybercrime ATLAS has brought together the cyber threat experts within these organizations, who volunteer to design and build a “working map” for understanding the cybercriminal ecosystem’s components, interfaces, and connections. With the information collected, PAC, legal authorities, and other stakeholders can leverage this data to obstruct the nefarious efforts of cybercriminal gangs and reduce the impact of their activities.

PAC partners have been encouraged by the project’s success to date. For the past year, PAC members have been conducting threat research and gaining an understanding of the cybercriminal ecosystem and some of the major threat actors. This “proof of concept” research has provided increased clarity and pointed toward some basic taxonomies, enabling the project to move to the next stage. The founding members are developing plans for how to expand and sustain this effort over the long term now.

Spending dedicated time following increasingly malignant cyberattacks and performing under-the-radar tracking of cybercriminal organizations, the partnership is preparing to share some of its work to date, including some detailed, specific threat-mapping and cybercrime examples at the 2022 RSA Conference. These insights will help identify new opportunities for cooperation between digital security experts and law enforcement, as well as assist in disarming the most sinister cybercriminal gangs, who have been capitalizing on vulnerabilities, escalating their attacks, and leaving chaos in the wake.