Digital Threat Actors: Organized Criminals


Whenever there is an opportunity or a racket to run, organized criminals will naturally appear. And appear they have over the last decade. As more people and devices become connected in the wake of the digital transformation, more opportunities to profit emerge. The sad reality is that crime always has and always will pay. In fact, financial related crime is so rampant nowadays that even Nation-State threat actors seem to be monetizing their activities by re-victimizing and extorting their targets for personal profit.

Even the old school criminals who used to hustle on the streets have evolved and learned new ways to profit online. For example, drug dealers have grown past the need to stand on a corner with the advent of encrypted phones, proxies, and darknet marketplaces. Today, dealers have reduced their exposure dramatically and can anonymously sell drugs online for cryptocurrency without fear of being on the streets or even identified by their customers. In fact, the only risk these groups now face is delivering or receiving a package in the mail. And if they want to take out their competition, you ask? A simple DDoS attack can prevent customers from purchasing from other vendors or marketplaces, allowing their group to control the market.

In general, the internet has provided a new outlet for criminal activity, and this group of threat actors is in it for the money. They’ll even work with each other to create a supportive environment for profit. Below are a few examples of the types of cyber-criminal activity found inside this group of threat actors.


Cybercrime-as-a-Service is now a cornerstone of organized crime groups. These are threat actors who develop advanced tools and services they then offer for sale or rent to other criminals. Those criminals who rent and leverage Cybercrime-as-a-Service range from novice users who lack the experience or knowledge to conduct a campaign themselves, to technically organized criminals looking to leverage what already exists for their benefit.

[You may also like: Strengthening Online Applications Against Pass-the-Cookie Attacks]

Crimeware-as-a-Service: The rental or sale of sophisticated exploits and malware.

Infrastructure-as-a-Service: The rental or sale of network infrastructure to host malware, often described as Bulletproof networks.

Hacking-as-a-Service: The outsourcing of cyber-attacks to individuals who do not possess the ability to launch their campaigns.

Corporate Espionage

Corporate espionage is a fascinating and specialized group of threat actors. These actors do not represent nation-state organizations, but instead are part of organized crime groups that leverage espionage techniques for commercial or financial purposes. These groups only target commercial organizations across multiple verticals. Their main goal is to steal confidential corporate documents, such as contracts, financial documents, employee records, and construction documents.

[You may also like: Radware Threat Researchers Live: 2021 Predictions]

For example, in May 2020, court documents revealed that NAAIP, a company that generates life insurance quotes for brokers who sell insurance, hired a hacker to access Compulife’s systems to steal its proprietary data by scraping data from its site. Scraping is a technique for extracting large amounts of data from a website using a bot. The data targeted by the hacker-for-hire was Compulife’s Transformative Database, extracting all insurance quotes related to two zip codes in the United States. Compulife alleges that the defendants, NAAIP, used the scraped data to generate quotes on their own website.


Extortion, the practice of gaining something, especially money, through force or threat, has evolved from the physical world of gangster shakedowns to network hostage-taking for profit. From Ransomware to Ransom Denial of Service (RDoS), these threat actors aim to extort cryptocurrency victims through threats of network degradation or encrypt and block access to a system until a payment is rendered.

Ransomware: A type of malware that renders a computer or mobile device unusable, typically by encrypting data until a ransom payment is made.

Ransom Denial of Service (RDoS): A distributed denial of service (DDoS) attack motivated by financial gain. Attacks typically start with a letter or post threatening to launch an attack at a certain day and time unless a ransom payment is made. In some cases, attackers will launch a mini attack on the victim’s network as evidence that the threat is real.

[You may also like: Bitcoin and Its Likely Impact on the Threat Landscape]


At the end of the list, we have financial-based organized crime. This group’s goal is to obtain financial gain through profit-driven cybercrime. While every group under organized crime could fit in this category, we reserve this classification for the threat actors who are financially motivated and target organizations mainly in the retail, restaurant, hospitality, gaming, and financial verticals by stealing and/or selling user data vs. extorting their victims.

Business Email Compromise (BEC): BEC scams are known as one of the most financially damaging cybercrimes in the threat landscape. By exploiting the everyday need to use email for personal and business-related purposes, criminals will send an email, a phish, to a victim from a spoofed and known source such as a vendor for their company, an executive, or even a home buyer in an attempt to trick the user into conducting an illegitimate transition.

Magecart: Software used by multiple organized crime groups. In general, Magecart attacks are a type of web skimming attack that targets checkout pages of online stores either directly or via 3rd party services to skim and capture customer credit card information. Threat actors in these groups accomplish their goal by gaining access to and injecting malicious JavaScript code into the checkout page of e-commerce sites. Once entered, the credit card information sent back to the criminal’s command and control server.

One might assume that no one would rock the boat with such a good thing going for organized crime. But you’d be mistaken. These crimes are often very noisy and noticeable. The group’s threat actors will even leverage media attention to publicize their attack, putting increased pressure on the victims to comply. When they don’t comply, outages can be massive and personal data can be shared on the darknet to pressure them even further.

[You may also like: Hybrid Warfare: How Cancel Culture Can Fuel a War]

Many see the fight against organized cybercrime as a losing battle; we are outgunned and out-funded by the dark side. There is too much profit involved in the crimes themselves to eliminate the threat. Even worse, education and security are currently lacking, and criminals are incentivized to crack and hack the latest security systems.

One of the only ways to win the war against organized crime may be to devalue their marketplace and the data they steal. An even darker reality is that prevention is almost impossible going forward when the threat actors are exceptionally organized and heavily incentivized. Mitigation is often the only choice when dealing with this group of threat actors.

Download Radware’s DDoS Response Guide to learn more.

Download Now


  1. This post is excellent. This article provides excellent information. Definitely going to research it. These tips are quite helpful. I greatly appreciate it. Continue your wonderful work.


Please enter your comment!
Please enter your name here