A year ago, a series of document leaks from the Conti ransomware gang offered a rare glimpse into the inner workings of cybercriminal organizations. However, Conti, as one of the largest and most prolific cybercriminal groups in 2021, is just a single representation of a vast range of underground businesses, each with their own unique structure and operating strategies.
To fully comprehend the complexities of the business, Trend Micro’s study “Inside the Halls of a Cybercrime Business” sheds light on the importance of defining and understanding the size of these organizations.
“Size matters,” said Jon Clay, vice president of threat intelligence at Trend Micro. “Like any other legitimate businesses, cybercriminals tend to develop their business models based on how large their organizations are. Therefore, understanding the size allows defenders to gain a better sense of their operational flow and ultimately infiltrate or take down the groups.”
The traditional size classification used for legitimate companies, however, cannot be applied to cybercriminal organizations, as they are generally smaller in size.
In the study, researchers developed their own guidelines to define criminal business scale based on their observed employee counts, annual revenue, and hierarchical structures over time. Furthermore, researchers provided a detailed example of organizations that fall under each of the small, medium, and large categories, along with estimations of their quarterly financial reports based on insider information and law enforcement arrests.
Guidelines for determining cybercriminal business size (credit: Trend Micro)
“These size guidelines are not rigid numbers, just like the
Read more