The globe continues to become more and more connected, and just like legitimate organisations benefit from technological advances, this interconnectedness is allowing criminal and malicious networks to flourish too. Cybercrime is no longer siloed: it involves complex collaborations and coordination between different malicious entities, including state actors, organised crime and even drug and human trafficking networks. What can be done to address this converging threat landscape?
By Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 Africa
When someone told 22-year-old Bridget Motari about job opportunities in customer services in Thailand, she jumped at the chance. Today she realises it was the worst decision of her life.
The young Kenyan woman was lured by a fake agency website to apply for a job, but when she reached South-East Asia, she was forced to work for an online scam centre run by a Chinese cartel in the Golden Triangle – an infamous region between Myanmar, Laos and Cambodia.
Bridget’s story is, unfortunately, not unique. Many Africans and South-East Asians have been trapped by similar schemes and coerced to work either in prostitution or for scam cartels.
According to a recent report by the United Nations Office on Drugs and Crime (UNODC), transnational organised crime is evolving faster than law-enforcement agencies can keep up with it.
The report estimates that cyber-enabled fraud resulted in between $18 billion and $37 billion in financial losses from scams targeting victims from East and South-East Asia in 2023 alone.
Global connectivity fuels cybercrime convergence
The reason why cybercrime convergence is proliferating – not just in Asia, but around the world – is because digital technologies are enabling unprecedented collaboration between different criminal networks. Digital platforms enable seamless communication across borders, allowing criminal networks that used to operate independently in specific niches to now coordinate operations without physical barriers.
Thanks to the Dark Web, these platforms facilitate the exchange of tools, data and expertise between cybercriminals, human traffickers and organised crime groups.
Artificial intelligence has also been a boon for cybercriminals. Tools such as AI-driven deepfake technology, bots and automation streamline processes like phishing, identity theft and fraud, making collaboration between cyber criminals more efficient.
These malicious actors belong to highly sophisticated syndicates and complex networks of money launderers, human traffickers, state actors and other ‘service providers’.
Weaponisation of data
But how do these cartels work? In some cases, cybercriminal groups are state sponsored – China, Russia and North Korea being the biggest culprits.
State actors sometimes fund or collaborate with organised cybercriminal groups to spy on, or attack infrastructure with plausible deniability.
For example, North Korean state-backed hackers are known to collaborate with organised crime for financial fraud, money-laundering, cryptocurrency theft and espionage.
Closer to home, the Yahoo Boys, part of the Black Axe syndicate originating from West Africa but operating all over the continent, combine romance scams with financial fraud, often procuring stolen credentials and tools from other cybercriminals and target vulnerable groups such as teenage boys with their highly automated and effective sextortion scams.
Ransomware as a service (RaaS) operators are cybercriminals that can be contracted to execute cyber extortion attacks at large scale. Often working with a network of partners, also called affiliates, they operate similarly to legitimate ‘as-a-service’ providers, with commissions, subscription services and 24/7 call centres.
These groups work together to steal data or disrupt business operations to extort their victims. According to the threat intelligence group, Analyst1, cybercriminal gangs are increasingly collaborating to infiltrate organisations and perform ransom operations together. After one gang compromises and steals a victim’s data, they then pass it on to another gang who negotiates a ransom based on the leaked data.
As Analyst1 notes, this type of collaboration wouldn’t be possible unless a well-established relationship of trust existed between the various malicious actors.
What can organisations do?
1. Foster Collaboration and Threat Intelligence Sharing
We can’t face this threat alone. So, organisations should actively participate in threat intelligence sharing platforms, public-private partnerships, law enforcement agencies, and industry collaborations to stay ahead of evolving cybercrime tactics. Monitoring the dark web and aligning with global cybersecurity initiatives can provide critical insights into emerging threats and bolster collective defences.
2. Enhance Cyber Resilience Through Advanced Technology and Preparedness
Adopt a Zero Trust approach, implement AI-driven security tools, and strengthen endpoint detection to minimise vulnerabilities. Regularly test and refine incident response plans, segment networks, and maintain secure backups to reduce the impact of ransomware and other multi-vector attacks.
3. Prioritise Human Risk Management and Supply Chain Security
Invest in continuous employee training to build a security culture, increase awareness of latest social engineering, and ransomware tactics while simulating attacks to improve readiness. Assess and monitor third-party vendors to mitigate supply chain risks, and ensure alignment with global cybersecurity frameworks like NIST and ISO 27001 to maintain a strong security posture.
Lastly, by developing proactive rather than reactive defences, security teams can anticipate and adapt to the evolving threats posed by cybercriminal collaboration and the complexities of digital convergence.