Cybercrime and violent crime are converging: here’s how to deal with it

In August 2023, the UN reported that at least 220,000 people had been trafficked in Southeast Asia and been forced to run online scams. Criminals are taking advantage of the poor job opportunities available to young graduates and professionals in many countries. The criminals convince people to travel abroad with promises of high-quality work and then threaten them and physically coerce them into working as online fraudsters. They are forced to work on online scam farms run by cybercriminals in Southeast Asia.

These victims of cyber-slavery mainly came from Myanmar and Cambodia but others had been lured in from as far away as Africa and Latin America. The victims of their scams, similarly, were based across the world.

Cyber-enabled fraud and extortion is bad enough but we’re seeing an increasing number of criminal cyber-attacks that have physical consequences. Whether it’s the double victimisation that happens when victims of human trafficking in one country are chained to laptops and forced to defraud citizens in another, or the consequences of a ransomware attack on a hospital, the changing shape of the cybercriminal market has made it easier for traditional organised crime to expand their reach from the online world into our real lives.

Cybercrime has expanded for the same reasons that drove the mega growth of legal online businesses. The internet allows criminals to operate seamlessly across borders, accessing a marketplace of victims anywhere, anytime and at scale. The internet also helps criminals to conceal their own identity, location and size.

At the same time, criminals copy what they see in the legal markets. Think about the advent of subscription model ‘software-as-a-service’ offerings that give businesses access to user-friendly products ranging from video calls to project management and customer service tools. Equally, criminals have their own ‘cybercrime-as-a-service’ where experienced cybercriminals sell accessible tools and knowledge to help others carry out cybercrimes. This brings more criminals into the cybercrime market by lowering the cost and level of skill needed to be an effective online fraudster and deliver ransomware attacks that can bankrupt businesses and destroy livelihoods.

The difficulty in countering cybercrime isn’t just its growth rate. Cybercrime is almost always a cross-border event, with criminals targeting victims in foreign countries to reduce the risk of arrest.

Cross-border attacks make cybercrime difficult for law enforcement to deal with, constrained as they are by national boundaries. Adding to the problem, many countries are only at the start of building their police force’s capacity to counter cybercrime.

Companies can act across borders and many of them have significant expertise in cybersecurity and investigations. The enormous volumes of data created by the internet, however, make it difficult for many companies to separate malicious activity from the noise of big data.

As a rule, organizations normally work within their own corporate boundaries. So any one part of the private sector lacks systemic knowledge and insight into the wider activities of the criminals that prey on them. If we can’t see the full extent of cybercriminal activities then this makes it difficult to counteract them.

Cybercriminals increasingly operate in loosely networked chains of service providers, developers, intermediaries, financiers and end users. After all, it is difficult to be an expert in everything from coding to money-laundering. As cybercrime becomes interesting to larger numbers of criminals, it is rare for a single group to conduct an entire operation independently of an entire supply-chain of third-party tools, experts, services and infrastructure.

These networks of criminal end-users and cybercrime service providers create dark efficiencies that make our connected world less predictable and more hostile. But they also open opportunities for cyber-defenders. Just like any business with a complex supply-chain, small disruptions at the right point in the criminal network have the potential to be highly disruptive.

To squeeze the space in which cybercriminals operate we need to understand the criminal habitat and the way in which the criminal ecosystem creates dependencies across different types of activity. We quite literally need to map things out.

In an effort to improve the understanding and ability to analyze the cybercrime landscape, the World Economic Forum's Partnership Against Cybercrime members launched the Cybercrime Atlas initiative to better understand the cybercriminal ecosystem in January 2023.

The World Economic Forum is hosting the secretariat for the project, supported by Fortinet, Microsoft, Paypal and Banco Santander. Other organizations will also support the initiative through in-kind donations of time, expertise and capabilities.

Derek Manky, Chief Security Strategist and Global Vice President of Threat Intelligence at Fortinet’s FortiGuard Labs sums up the thinking behind the Cybercrime Atlas: "Disrupting global cybercriminal organizations requires a global effort with strong, trusted relationships and collaboration across public and private organizations and industries. Broad international collaborations that are based on trust emphasize the two-way exchange of expertise and information and hands-on projects are crucial for influencing change and behaviour.

"It’s key to concentrate on surrounding cybercrime actors, identifying holistic and coordinated disruption opportunities at as many locations in their ecosystem as possible. The Cybercrime Atlas initiative is about driving real impact and is a coordinated effort to create a chain of disruption in the world of cybercrime, enabling the entire cybersecurity community to become more resilient and effective at stopping cybercrime on a global scale.”

At its heart, the Cybercrime Atlas initiative is a database about cybercrime. The word ‘database’ rarely has the power to make hearts beat faster, but the insights that might be drawn by correlating and combining information could support the steady erosion of cybercriminal capabilities and the collaboration that is built on it could be the groundwork for actions with a more seismic impact.

To support collaboration between members, the Atlas is focusing on building a shared knowledge base, beginning with open-source research and publicly available materials — anything the analysts can identify that might be relevant to understanding the entirety of the criminal ecosystem.

Operating collaboratively, the Cybercrime Atlas community can then use this to understand and disrupt the cybercriminal ecosystem and mitigate the negative impact of attacks. In this vision, the Cybercrime Atlas will become a source of pooled knowledge for understanding cybercriminal group operations over time, such as criminal tactics, techniques and processes, threat actor infrastructures, money-laundering systems and the identities of criminals.

The Cybercrime Atlas project exemplifies how working together can yield great results. Providing visibility is a critical first step in efforts to help disrupt cybercriminal ecosystems and infrastructure. Enhanced visibility will assist in more successful cybercrime investigations, takedowns, prosecutions and convictions. It will also provide an opportunity to strategically identify and target vulnerabilities in the criminal ecosystem.