How Does The Cybercrime Industry Work?

With malware or viruses, they adopt different formats and increasingly sophisticated and difficult to identify attacks are carried out. 

The purpose may be to obtain personal data, encrypt files and then ask for a ransom, or simply cause discomfort for a while. 

Smart devices of any kind, such as cell phones, computers, surveillance cameras and connected vehicles, are attacked.

It is estimated that one and a half million people in the world are victims of a computer attack every day. 

According to information released on the Eset Forum specialized in cybersecurity, this year alone, around 49% of companies had a malware infection; 15% were victims of phishing and 16% of ransomware in the Latam region. 

The data comes from a survey of more than 4,000 companies in Latin America. By the way, did you know that cyber attacks can also be measured in economic costs.

Behind these crimes there is not one hacker, not two, not three. There is an entire industry that works in networks. So it is a network that moves on the dark web, where many of the jobs are charged in cryptocurrencies.

At the lowest level of the pyramid is the script kiddie. Hence a derogatory term to describe those who use other people’s programs or scripts to breach systems. 

They do not develop malware, but use files or data obtained from forums or other means to carry out their attacks.

At a more advanced level are hackers with some technical knowledge. 

Some even majored in computer science. They, for example, are tasked with publishing exploits. Which are programs that take advantage of a security hole in an application or system. 

In fact, there are companies like Zerodium that buy exploits to develop security solutions based on this information. 

The illegal way to sell data to cybercriminals who use it to carry out attacks.

The price varies greatly depending on what is offered. On the black market, executables can cost $50. But a source code can be worth as little as $500 or $1,000, according to malware researcher at Eset.

When it comes to the exploit market, it is geared towards zero-days, which are vulnerabilities that go unpatched. 

It’s a smaller market than you might think and usually doesn’t target the average user because a zero day takes time to do.

Antivirus scans cost around $40,000 and Apple OS scans go up to $1.5 million.

Botnets are also rented for between $170 and $350 an hour to send spam or carry out DNS attacks like the one that occurred in late 2016, leaving the world’s top websites without service.

Botnets are usually armed, the market is more for building tools that allow them to infect quickly and with vulnerabilities that are already known.

They are not people who work alone, but in networks, where there is an entire infrastructure, which even includes technical support and marketing, to support this cybercrime industry.

The tool itself can be used for good or ill, I work at a company that develops vulnerabilities.

These are sold and used to perform penetration tests where there are modules to attack and which are used by companies to test their own security.

Which we shouldn’t target developers of vulnerabilities with, but rather those who use them maliciously, the code itself is not the problem.

What is defacement?

Defacement or simply deface, as it is popularly known. It is the act of defacing the appearance of a website, usually with the aim of conveying an activist message. 

Commonly considered a kind of electronic pixação, the practice has become increasingly common among the hacktivist scene. But it is somewhat challenging to identify when such art was born, nor when the term was coined.

In most cases, a deface does not result in the theft of sensitive information, nor does it cause serious disruption to the affected system. Therefore, the person responsible for the victimized page can revert the changes in a few minutes. 

To carry out the defacement, criminals often exploit holes in the website’s coding, taking advantage of vulnerabilities in the web server on which it is hosted. That is, even stealing passwords from systems like WordPress to edit the home manually.

We can divide expert hacker defacers in practice into two large groups. Then the vandals, who simply do it for fun or to make their mark on a high-traffic website. 

Hacktivists, who do so with the aim of protesting government policies or showing support for a very specific social cause.

The practice of deface is so common around the globe that there is even a website dedicated to keeping mirrors of defaced sites. 

Like Zone-H, created in 2002 in Estonia and which compiles defaces by the nickname of the hacker responsible for the graffiti. 

All deeds submitted to the platform are verified by an internal team that, when validating the invasion, adds that domain to the cybercriminal’s curriculum.

Cybercrime: 5 most used attacks

Stay tuned because now you will discover together with me the most used cybercrimes in the world.

phishing attacks

Although it has been a known and used attack for years, recent propagation campaigns introduce new characteristics. For example, phishing sites now use security certificates.

About 35% of recorded phishing attacks were hosted on websites using the HTTPS protocol.

A number that represents a significant increase compared to almost 5% of the cases of spoofed websites with SSL certificates.

One of the possible reasons for this increase is due to recent changes in web browsers. 

Google Chrome, for example, since July of this year has started to identify sites that use HTTP as “Not secure”. 

On the other hand, the initiative of some certificate authorities to issue certificates for free has allowed more websites to have security certificates. So this includes fraudulent websites.

It is important to mention that phishing campaigns have started to use alternative propagation routes to traditional email. Such as messaging apps, in an attempt to reach more potential victims. 

At the same time, these malicious campaigns also include homographic attack capabilities. Therefore, which adds more difficulties for users to identify the apocryphal sites.

Therefore, the security practices that were previously recommended in relation to phishing remain valid. Although they are no longer enough, due to the new characteristics of attacks of this type. 

Now it’s not enough to check the URL, the security lock or the use of HTTPS. It would also be convenient to check the common name of the website in the security certificates, to compare with the domain of the website in question.

crypto jacking

It is a threat that we started to identify at the beginning of August 2017 and whose principle is the hijacking of the processing capacity of a third party computer. Anyway, all this to make money from cryptocurrency mining. 

One of the ways to infect devices is through scripts that run in the user’s browser. In other words, it is enough for the user to visit a website that contains the code of their processor to be used to mine a cryptocurrency. 

Crypto jacking illegality occurs when user processing resources are used without their consent.


Malicious codes continue to be one of the main threats, although they are also used to carry out attacks. In addition, according to Security Reports, malware infections are the leading cause of incidents in Latin American companies.

ESET Research Labs receive over 300,000 unique malware samples every day. Which shows an overview of the problem?

Especially when we consider that threats of this type are developed for virtually every operating system used today.

To take another example, ESET labs identify, on average, around 300 Android malware samples per month.

cyber extortion

Several scams have appeared circulating via email with the aim of deceiving users, allegedly obtaining information that compromises them. 

In several of these campaigns there was a specific element, such as specific information, that made the user believe that it was not a joke.

An example is the campaign where cybercriminals sent an email with the user’s password as part of the message subject. In fact, all in an attempt to prove that they had your personal data and that the extortion detailed in the text of the email was real. 

This particular campaign is estimated to have raised around half a million dollars.

Another example of this type of scam had the peculiarity that the email reached the user from his own account. Especially what led to the assumption that the attacker had access to the potential victim’s account. 

Through an intimidating message, the attacker tricked the user into believing that they owned their data. And he requested a payment in Bitcoins in order not to reveal the data he allegedly possessed.

Recently, more campaigns with the same mode of operation have been identified, and although it seems hard to believe, they continue to be effective for attackers.

Exploitation of vulnerabilities

Finally, the last type of attack considered in this presentation is related to vulnerability exploitation. Therefore, a method commonly used by attackers, with some interesting data to review, such as those presented below.

In this context, the exploitation of some vulnerabilities is also on the rise. For example, detection of Eternal Blue, an exploit used during the spread of Wanna Cry, is increasing.

Ransomware and other malware try to take advantage of vulnerabilities in outdated systems. So always stay alert.

If you are interested and enjoy the hacker theme you can’t miss our indications about the best Hacker Films so then run there to check it out.

New attacks and new features in known attacks

After reviewing some of the attack characteristics and data that have been identified frequently in recent months, it is important to clarify two points. 

First, it’s just a small number of attacks in a wide range.

The second issue to consider is that in neither case were the terms threat and attack used synonymously. However, in some of the points reviewed in this publication it is possible to identify that they can play both roles.

Both threat and attack. 

An attack is an attempt to destroy, expose, alter, disable, steal or gain unauthorized access to an asset. While a threat is defined as the potential cause of an unwanted incident, which could result in damage to a system or organization. 

In this sense, the previously exposed elements can be classified as threats, but they can also be used as a form of attack.

Finally, it is important to highlight the way in which computer threats and the various attacks that seek to compromise assets evolve. 

Which is why, from a security point of view, the use of protection technologies and the application of good practices. Finally, the constant task of being informed about what is happening in the field of cybersecurity.

how to prevent

The privacy risks that arise when proper precautions are not taken are often unknown. Therefore, awareness and education on this subject is essential. 

According to studies, 21% of tested users ignored active phishing warnings in their browsers. 

In turn, a study by Microsoft Research estimates that 0.4% of Internet users enter their passwords on verified phishing sites. 

As a basic precaution, it is advisable to have an antivirus and firewall installed and to make regular backups. However, only half of Latin American companies have these three solutions in place.

And if you want to have more knowledge to prevent yourself or act in the area of ​​cybersecurity, you can start with the CSCU. 


What did you think of knowing a little more about cybercrime? We need to guard against this. And therein lies a great opportunity to develop a highly profitable profession.

With this knowledge you will be a professional who earns thousands of Dollar per month and your linkedin will be bursting with opportunities because cybersecurity is the fastest growing area in the world. 

So conquering your high professional and financial performance, it will change your life!

And if you want to be part of the elite of the cybersecurity market, join us

Leave a Reply

Your email address will not be published. Required fields are marked *