Most conversations about the Eastern European cybercrime landscape focus heavily on the specific threats originating from this community of actors. For security practitioners and intelligence analysts, this often means in-depth technical analysis on everything from new strains of malware and emerging fraud schemes to zero-day vulnerabilities and large-scale DDoS attacks. While such information is undoubtedly integral in helping to detect and protect against cybercrime, this type of threat-specific, technical focus can overshadow a critical component of each and every threat: the actor.
It can be easy to forget that behind the intricate technical details comprising every new strain of malware or dangerous cyber exploit lies a real person. Indeed, cybercriminals and threat actors are people too — many of whom have the same responsibilities and concerns as security professionals. These people have to earn a living just like we do, they have families and friends just like we do, they make mistakes just like we do, and they are influenced by their environments just like we are. When we neglect to acknowledge the social, cultural, and economic factors driving these individuals, it becomes all the more difficult for us to protect ourselves from the threats they create.
For security and intelligence teams seeking to help their organizations address cyber threats, it’s also important to recognize that many of cybercriminals’ defining characteristics can vary substantially by country, community, and faction. Years ago before cybercrime was as widespread and advanced as much of it is today, cybercriminal groups typically aligned with one another based on language and location. However, the threat landscape has since grown much larger and more complex. Just because a threat actor speaks English, for example, does not mean they share the same motivations, skills, or location with all others who speak English.
While it’s crucial to recognize how various cybercriminal groups perceive the world differently, doing so requires keen expertise and substantial experience. Eastern European cybercriminals in particular operate within the context of many unique social, cultural, and economical factors that can be especially complex and difficult for outsiders to grasp. Not only does such widespread lack of understanding makes it much more difficult for organizations to protect themselves from cybercrime, it can create barriers for law enforcement officials in bringing wrongdoers to justice. As such, public and private-sector organizations seeking to protect themselves from cybercrime should strongly consider working with reputable third-party vendors and subject matter experts in order to understand the critical context and risks surrounding the cyber threat landscape more accurately .
For those attending RSA Conference 2017, Flashpoint’s Director of Research and expert on Eastern European cybercrime, Vitali Kremez, will provide additional insights pertaining to this topic during his speaking session, “Psychology of an Eastern European Cybercriminal: Mindset Drives Behavior”, on February 16, 2017, at 1:30 PM PST. Additional information is available here.