HiddenText Ltd

We are now well away from my first blog on this topic 7 Levels of Hackers and since then it’s been quoted all over the place (including KnowBe4¹, Bank Info Security² and Air War College³).

I suspect back in 2012, we knew about different types of cyber criminals but I spotted the rising threat of “The Automated Tool”. We were starting with the news cycles around cybercrime; Anonymous and Lulzsec were dusting down their keyboards and gearing up for action but out there were new worm-enabled variants that I thought needed some attention.

The last blog I wrote on this topic was in 2018. These are the previous years’ blogs:

I feel there has been a huge change in some base technologies, and cybercriminals have definitely changed their ways of working. So let’s have a look at the list from 2018 and think about what it now looks like in 2024…

The 2018 List

1. App Kiddies
2. Small Criminal Groups
3. Hacktivists
4. Black Hat Professionals
5. Organised Criminal Gangs
6. Nation States
7. The Automated Tool

The last 6 years

So what has changed and what changes do we need to make to the list?

1. App Kiddies

These script kiddies have essentially upgraded from doing the hard work of making code and tools work to point-and-click crime. Over the last 6 years, we’ve seen the tools they use change from DDoS-as-a-service (DaaS) to now easily accessible Ransomware-as-a-service (RaaS) tools. Revil was particularly effective⁴. This is of course where the line blurs through because although they are still App Kiddies, the real winners here are the people behind the ‘as-a-service’ tools. However, we should definitely not discount this group for their footprint on cybercrime.

Where will they go next? Wherever the available tools take them. I expect Deepfake⁵ and AI crime toolkits to be readily available by the end to 2025

2. Small Criminal Groups

I believe that we are seeing a growth in solo App Kiddies teaming up through forums⁶ to share information. through these forums small collectives are gathering to take on bigger targets. Four to five person groups can be very effective against larger targets. They again start to blur the lines with Hackivist groups as their targets often live within specific sectors e.g. education and finance.

There is some aspiration here t make money and then get out of the game and I think we will see a rise globally in Law Enforcement creating schemes⁷ to encourage youths away from a life in cybercrime.

3. Hacktivists

As the world becomes more polarised with opinions, and as politics becomes more fractious so we are seeing the rise in Hacktivism again. Not the extent of the Anonymous days, although Anon are still out there wreaking havoc⁸ when they can. We have seen in the US the use of a lot of kinetic weaponry in the split happening there, but little cyber. However, where it does come to the fore is when we look at the rise in global conflicts eg. Russia/Ukraine, Israel/Palestine. With these conflicts though has become a new kind of weaponry though – mis/disinformation⁹. These are proving very effective and this can link to 6 below too.

4. Black Hat Professionals

The lone star hacker? The guy in the hoodie who single-handedly took over organisations for their own personal agenda… where are they now? We rarely hear about these people and I do wonder if that is because, due to the global issues with the cost-of-living crisis, they’ve had to take legit jobs doing cybersecurity? Poacher turned gamekeeper maybe? We used to see the big names at Black Hat¹⁰ and DEFCon conferences but they now seem to be wearing corporate polo shirts instead? Is this finally the year to drop the Black Hat Professional?

5. Organised Criminal Gangs

This for me is the one over the last 6 years that has become the one to watch¹¹. they have become very well organised often resembling regular IT businesses with customer service and technical support services. They are also helping to drive the Cybercrime-as-a-Service marketplace and creating a marketplace for trading data and information. As a result of this, some cybercriminals are becoming known for finding exploits to sell to data brokers¹².

6. Nation States

Certainly Nation States have become more and more public¹³ due to the nature of their activities. As more wars and conflicts across the globe happen, so the need for nation states to find any advantage over their adversaries. We have also seen this spreading from strictly computer crime, attacking other computer systems to cyber-physical¹⁴ with attacks focussing on water, gas, telecoms and other utilities.

7. Automated Tools

I know you were expecting me to talk about AI here, but in the last 6 years, this has not been the case. Only this year have we seen the use of AI in attacks. However, we have seen automated scans becoming easier to run looking for exploits in organisations. However, running on their own? Not so much. We are seeing the tools being run by Nation States and Organised Criminals to great effect. Interestingly we have seen great success when collaborations between Global Agencies to take down these networks¹⁵. So what about AI? There are indeed some AI criminal tools : DarkGPT, EvilGPT¹⁶ etc. These are still quite basic and we have yet to see them being used in mass attacks. We are seeing AI-enabled crime though, but this would not come under “Automated Tools”.

The Updated 2024 List

So here’s the question, do we need to change anything for the 2024 list? And if so, where and what and why?

I believe that we should look at swapping out Black Hat Professionals to have a new category of AI-Enabled Criminals. Over the next 5 years, I believe that we will see a developing group, they will be more intellectual than the App Kiddies, developing tools for them and others but equally becoming an important threat actor for mis/disinformation as well as more complex attacks where AI can data crunch to get to the end goal. I also think as part of this will be the rise of the middle-man, the Data Broker and I believe that this network of people will become more important in the future. These people are already here but are not significant enough in the cybercrime world, but a growing role nonetheless.

I therefore propose the 2024 List of Cyber Criminals looks like this:

1. App Kiddies – there will always be the tinkerers and lone wolves trying to make a quick buck out of the world. To minimise their impact, there would need to be a significant change in international law enforcement, working together, skills and punishments to deter these lower-level criminals.
2. Small Criminal Groups – Similar to App Kiddies, these groups will continue to be a future nuisance. As tools become easier to use and more prolific, so their attacks will be increasingly effective. Previously, this layer was a nuisance but now I think they could actually become a one-to-watch in the cybercrime landscape.
3. Hacktivists – the world is changing and Hacktivists always fight for their cause. With the global tensions currently, I think this is going to be a group that will grow in the next 5 years with many stories to look back on. I believe this group is going to be led by tooling from the new AI-Enabled Criminal group as well as coerced through ideologies.
4. AI-Enabled Criminals – this new group is an intellectual powerhouse of research into new methods of attacks. they will be responsible for new attacks that will be hard for current EDR and XDR systems to detect. This will give this group a distinct advantage and I believe we will see large successful attacks from this group.
5. Organised Criminal Gangs – This well-funded level of criminals will continue to grow. I think fueled by cryptocurrencies they will continue to money-launder and convert their assets back into cash on a global stage. This will be hard to detect and will require significant collaboration year-to-year to prevent them from being a dominant player.
6. Nation States – This level is going to be a very large player over the next few years specifically. I believe that their way of working will change though. Instead of trying to attack computer systems, they will instead focus on mis/disinformation as well as attacking more cyber-physical environments. I do wonder if Stuxnet 2.0 is lurking out there right now.
7. The Automated Tool – I think this level will be overtaken by the AI-Enabled Criminals. That said, I believe it should stay for now as the old botnets and worms die out in favour of AI-enabled and potentially quantum-enabled cyber criminals.

Conclusion

Another 5/6 years of cybercrime with only limited success in reducing the impact of this method. Only through collaboration with other countries and agencies have we been able to reduce cybercrime. However, that is still not good enough in reducing cybercrime. With tools and tactics changing, the defence layers are not adapting fast enough. As new technologies come onstream such as AR and VR, quantum and beyond, we need to have significant investment into how we can stop this becoming a runaway problem.

Cybercrime continues to grow year-on-year and now is significant percentage points of overall crime.

Links and attributions

Thanks should be given to the excellent reporting and analysis of cybercrime with thanks to these sources used in this article.

1. KnowBe4 (https://blog.knowbe4.com/the-7-levels-of-hackers) ↩︎
2. Bank Info Security (https://www.bankinfosecurity.com/blogs/7-levels-hackers-p-1206) ↩︎
3. US Military Air War College (https://apps.dtic.mil/sti/tr/pdf/AD1019238.pdf) ↩︎
4. RaaS explained by Crowdstroke (https://www.crowdstrike.com/cybersecurity-101/ransomware/ransomware-as-a-service-raas/)
   ↩︎
5. The Register https://www.theregister.com/2023/04/28/tencent_digital_humans/ ↩︎
6. National Crime Agency https://www.nationalcrimeagency.gov.uk/news/suspected-head-of-prolific-cybercrime-groups-arrested-and-extradited ↩︎
7. National Crime Agency https://www.nationalcrimeagency.gov.uk/cyber-choices ↩︎
8. Nova News https://www.agenzianova.com/en/news/venezuela-the-government-reports-new-cyber-attacks-by-anonymous/ ↩︎
9. New York Times https://www.nytimes.com/2024/08/16/technology/openai-chatgpt-iran-misinformation.html ↩︎
10. TechCrunch https://techcrunch.com/2024/08/12/best-hacks-security-research-black-hat-def-con-2024/ ↩︎
11. Christian Espinosa https://christianespinosa.com/blog/top-10-organized-cybercrime-syndicates/ ↩︎
12. Exploit Brokers https://open.spotify.com/episode/6lECsW29uqeZItIlZmLaeP ↩︎
13. Security Magazine https://www.securitymagazine.com/articles/100616-experts-weigh-in-on-the-mitre-nation-state-cyberattack ↩︎
14. CISA https://www.cisa.gov/topics/cyber-threats-and-advisories/nation-state-cyber-actors/china ↩︎
15. SC Media https://www.scmagazine.com/news/volt-typhoon-fails-to-revive-botnet-after-fbi-takedown ↩︎
16. Le Monde https://www.lemonde.fr/en/science/article/2024/02/22/the-dark-side-of-ai-chatbots-developed-by-cyber-criminals_6550302_10.html ↩︎