​The 6 ‘usual suspects’ of cybercrime

​The 6 ‘usual suspects’ of cybercrime

BAE's list is based on analysis of thousands of cyber attacks on businesses



IT security firm, BAE Systems, has profiled six types of cyber criminals that it says represent the biggest threats to Australian organisations in the lead up to the government’s cyber security review.

Threat intelligence experts at the organisation developed a list of the ‘usual suspects’ based on an analysis of thousands of cyber attacks on businesses to reveal the motivations and methods of the most common types of cyber criminal.

According to BAE, the six types of cybercriminals include:

  • The professional – career criminals who work ‘9 to 5’ in the digital shadows
  • The insider – disillusioned, blackmailed or possibly over-helpful employees operating from within the walls of their own company
  • The mule – naïve opportunists that may not even realise they work for criminal gangs to launder money
  • The nation state actor – individuals who work directly or indirectly for their government to steal sensitive information and disrupt enemies’ capabilities
  • The activist – motivated to change the world via questionable means
  • The getaway – the youthful teenager who can escape a custodial sentence due to their age.

BAE said its research showed an increasing ‘industrialisation’ of cyber crime.

“Some criminals are becoming even more professional, offering skills and services, such as ‘project management’ to other criminal organisations,” said Dr Rajiv Shah, regional GM, BAE Systems Applied Intelligence, Australia and New Zealand.

“They are writing their own software that comes with service agreement and money-back guarantees if the code gets detected, with the promise of a replacement,” he said.

Sergei Shevchenko, a senior security researcher at BAE Systems, said the organisation anticipates that organised cyber criminals will go to greater lengths to improve their own operational security and increase their use of deception. This means placing false flags to throw off researchers and hamper attribution.

“Researchers will need to tread more carefully to effectively guide the enforcement activities by the relevant authorities,” he said.

Follow CIO Australia on Twitter and Like us on Facebook… Twitter: @CIO_Australia, Facebook: CIO Australia, or take part in the CIO conversation on LinkedIn: CIO Australia

Follow Byron Connolly on Twitter: @ByronConnolly

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags cyber crimecyber criminalscyber attacksBAE SystemsDr Rajiv Shah

More about FacebookTwitter

Show Comments