A Brief History of Distributed Cybercrime

Shannon Ragon Mar 6, 2017

For all the symbols on the picture above, this history could be summed up in one: $

Until 2006, cybercriminals behaved much like thieves in the physical world – trying to reach the “crown jewels” of an organization that held the most profit, then get the money and run.

But that year, something changed. Evgeniy Mikhailovich Bogachev (a.k.a. Slavik) created what initially appeared to be just another interesting malware. It soon solidified his place as one of the top innovators of the cybercrime industry and has become a fundamental milestone in malware evolution.

His invention, Zeus (a.k.a. Zbot), was revolutionary in numerous aspects. First, it was developed as a professional malware kit for criminal groups. Second, and most importantly, it established a new, improved business model for cybercrime. Zeus established a kit for creating banking Trojans, providing malware to be installed on victims’ endpoints, hook to their browsers and try to steal important data that victims entered in website forms – specifically, passwords for online banking accounts.

In September 2013, Slavik released CryptoLocker, the first modern ransomware and another milestone in malware evolution. CryptoLocker is malware that is installed on victims’ endpoints, encrypts their files and demands a ransom in exchange for decrypting the corrupted files. It began the rise of crypto-ransomware we’re still experiencing today.

  • 6 Reasons Why Cybercriminals Love the New Business Model

Both Zeus and CryptoLocker created a new type of business model for cybercriminals: rather than concentrating all their efforts on penetrating high-quality targets, they can steal small amounts of money from numerous victims.

The business model of distributed cybercrime has made some attackers multi-millionaires in a short amount of time due to its many business benefits:

  1. Attacks require less effort as they target “low-hanging fruit” (i.e., individuals or organizations with sub-par security)
  2. Attack skill level is low compared to techniques such as spear-phishing – regular ol’ phishing is good enough for weak targets
  3. Highly coveted zero-day vulnerabilities are no longer required for profitable attacks – mainstream CVE vulnerabilities with known exploits and existing patches will do, as many victims don’t patch regularly
  4. Any standard endpoint is a potential source of revenue, making lateral movement toward the crown jewels irrelevant
  5. When you attack the world, the sky is the limit – the amount of potential revenues is endless
  6. Less effort and more profit means better ROI

And as long as that ROI stays high, you can expect cybercriminals to invest ever-more resources into developing distributed crimeware to unleash on the widest possible range of targets.

Shannon Ragan is the Senior Communications Manager at Skybox Security. Prior to joining Skybox, Ragan was a writer and editor in the legal and STEM fields. She has a passion for the changing world of cyber security and is a self-confessed news junkie. Ragan earned her BA in English at Webster University in St. Louis.

Recent Posts

Functional silos create dysfunctional OT security
Read More
What’s new in the Skybox Security version 11.5 release
Read More
Cryptomining is hottest new malware type, research reveals
Read More
Three ways to modernize your OT security programs
Read More
How to manage third-party cyber risk in banking and financial services
Read More
Vulnerability and Threat Trends Report highlights the importance of cyber exposure analysis that goes beyond CVSS rating
Read More