How to disrupt cybercrime networks
Without a more robust picture of the cybercrime landscape, we can't fully understand it. Image: Unsplash/Markus Spiske
Amy Hogan-Burney
General Manager, Cybersecurity Policy and Protection; Associate General Counsel, MicrosoftListen to the article
- The Cybercrime ATLAS is a collaborative research project which gathers and collates information about the cybercriminal ecosystem and major threat actors operating today.
- Improving visibility into cybercrime operations will benefit legal authorities in investigations, takedowns, prosecutions, and convictions.
- The World Economic Forum's Partnership Against Cybercrime (PAC) is preparing to implement the joint effort for targeted threat-mapping and collaborative action against cybercrime.
In a speech, engineer and inventor Charles F. Kettering once pointed out, "There is a great difference between knowing a thing and understanding it. You can know a lot and not really understand anything."
This statement certainly applies to cybercrime.
Globally, businesses, individuals, critical infrastructure, and government organizations have suffered, with increasing frequency, from various cyber intrusions and attacks. One outcome of this is that digital mountains of data are continuously being collected and updated about the activities and movements of cybercriminals. But this information is disjointed, and out of the hands of the appropriate law enforcement actors, it is not especially useful. Without a more robust picture of the cybercrime landscape, including cybercrime operations, business structures, networks, and environments, we can't fully understand it. And unless we understand it, we cannot fight it effectively.
Linking experts through the Cybercrime ATLAS project
In an effort to improve the understanding and ability to analyze this landscape, the World Economic Forum's Partnership Against Cybercrime (PAC) members have launched a project to better understand the cybercriminal ecosystem and the major threat actors operating today. Launched in September 2021, the Cybercrime ATLAS project has the following goals:
- Provide information to help senior executives make effective resourcing and targeting decisions about cyberthreats.
- Support legal authorities with high-quality, actionable intelligence to increase the efficiency of cybercrime investigations.
- Support disruptive efforts against cyber criminal networks.
- Help public and private cybercrime investigators identify common targets of concern.
- Map the cybercriminal ecosystem, including connections between cybercrime groups.
Ultimately, ATLAS community aims to fill existing gaps by creating a respected international community built on the expertise of public and private sector partnerships. That community can work to understand and disrupt the cybercriminal ecosystem through raising and powering a collaborative platform and engine. The Cybercrime ATLAS project aims to become a hub that links cybersecurity experts and encourages and supports sharing knowledge on analysis techniques, new tools, new adversary behavior, and strategic insights.
Operating collaboratively, the community will work to understand and disrupt the cybercriminal ecosystem and mitigate the negative impact of attacks. In this vision, the Cybercrime ATLAS will become an “intelligence pool” for understanding cybercriminal group operations, such as tactics, techniques, and processes (TTPs) over time, threat actor infrastructures, corrupt or unwitting syndicate financial support systems, and the identities of the criminals and then an operational platform. The plan is to share the results with public sector law enforcement agencies and criminal justice systems.
Demonstrating the power of collaboration
The Cybercrime ATLAS project exemplifies how working together can yield great results. Following the World Economic Forum's recommendations for public-private partnership against cybercrime, PAC is working appropriately to bridge the perceived barriers between private companies, non-profit organizations, and public agencies. Since combating a problem requires understanding it, the PAC set an ambitious goal of mapping the major global cybercrime syndicates.
Providing visibility is a critical first step in efforts to help disrupt cybercriminal ecosystems and infrastructures. Enhanced visibility will assist legal authorities in achieving more successful cybercrime investigations, takedowns, prosecutions, and convictions. It will also provide an opportunity to strategically identify and target vulnerabilities in the criminal ecosystem.
Considering the scale and sophistication of the current threat landscape, making a significant difference in the battle against cybercrime may seem like an insurmountable task – but the consortium of industry leaders that make up PAC are equipped to take up this mantle. Among the partners contributing directly to this effort are Accenture, Bank of America, Coinbase, Fortinet, Microsoft, Check Point, SpyCloud and the Cyber Threat Alliance.
The Cybercrime ATLAS has brought together the cyber threat experts within these organizations, who volunteer to design and build a “working map” for understanding the cybercriminal ecosystem’s components, interfaces, and connections. With the information collected, PAC, legal authorities, and other stakeholders can leverage this data to obstruct the nefarious efforts of cybercriminal gangs and reduce the impact of their activities.
Sharing insights on cybercrime
PAC partners have been encouraged by the project’s success to date. For the past year, PAC members have been conducting threat research and gaining an understanding of the cybercriminal ecosystem and some of the major threat actors. This “proof of concept” research has provided increased clarity and pointed toward some basic taxonomies, enabling the project to move to the next stage. The founding members are developing plans for how to expand and sustain this effort over the long term now.
Spending dedicated time following increasingly malignant cyberattacks and performing under-the-radar tracking of cybercriminal organizations, the partnership is preparing to share some of its work to date, including some detailed, specific threat-mapping and cybercrime examples at the 2022 RSA Conference. These insights will help identify new opportunities for cooperation between digital security experts and law enforcement, as well as assist in disarming the most sinister cybercriminal gangs, who have been capitalizing on vulnerabilities, escalating their attacks, and leaving chaos in the wake.
Don't miss any update on this topic
Create a free account and access your personalized content collection with our latest publications and analyses.
License and Republishing
World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.
The views expressed in this article are those of the author alone and not the World Economic Forum.
Stay up to date:
Cybersecurity
Related topics:
The Agenda Weekly
A weekly update of the most important issues driving the global agenda
You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.
More on Forum InstitutionalSee all
Emma Charlton
November 22, 2024