Cybercrime as a Business: Trends 2023

The professionalization of cybercrime as a business already has job vacancies and applicants submitting their CVs.

Sophos released the Sophos Threat Report 2023 on Sophos Day 22. The report provides key insights into the current cyber threat landscape. It shows how cybercrime as a business has reached a professional level of commercialization.

As we previously reported in, John Shier, Sophos security consultant, explained the key issues and trends in cyber threats during the event.

Cybercrime as a business

Today, cybercrime vendors are no longer content to simply advertise their services but are also looking to recruit attackers through job postings that require certain skills from their applicants, who post their CVs with those skills and qualifications for cybercrime. Underground marketplaces such as Genesis have long offered malware-as-a-service to attackers, such as selling stolen credentials and other data wholesale. Much like a LinkedIn or Infojobs for cyber crooks.

In this way, ransomware has become an extremely profitable business, as the operators of this attack have expanded its potential. In fact, they now target platforms using languages such as Rust and Go in order to avoid detection.

Groups such as Lockbit 3.0 are very innovative in creating new ways to extort money from their victims through subscription models or an auction and reward programs in the cybercrime market.

This black market has seen an increase in demand for credential theft. With the global expansion of web services, the theft of credentials, such as cookies, allows attackers multiple ways to gain deeper access to networks. This type of theft is the gateway to underground cybercrime markets for novices looking to build a career in cybercrime.

Key takeaways from Sophos Threat Report 2023

With the outbreak of the Ukrainian war, there was an explosion of financially targeted scams. On the other hand, cybercriminal alliances between Ukrainians and Russians were eroded among ransomware affiliates.

Mobile devices are being targeted by cybercriminals. Fake apps are used to inject malware, spyware, and banking-related malware. “Pig slaughter” is a new trend in cyber fraud in which victims are lured into dating or cryptocurrency apps and redirected to fraudulent sites. This type of crime is already occurring on both Android and iOS.

The devaluation of Monero has led to a decrease in cryptocurrency mining. However, mining malware continues to spread via automated bots, not only on Windows but now also on Linux.

Cybercriminals continue to exploit LOLBins “living off the land binaries” to launch various attacks, including ransomware. These criminals deploy legitimate but vulnerable system drivers in “bring your own driver” attacks in an attempt to disable detection and response solutions on endpoints to evade detection.


John Shier, speaking at the launch of the report, explained: “The most skilled cybercriminals are selling tools and capabilities that were previously only available to the most sophisticated attackers. It is no longer just more common tools such as malware, cyber-scams, or phishing kits. We are now detecting OPSEC-as-a-service advertisements offering to help cyber attackers hide Cobalt Strike infections or help in gaining access to legitimate tools. The commoditization of almost every element necessary for cybercrime is altering the cyber threat landscape and opening up possibilities for any type of attacker with any level of skill.

Ricardo Maté, regional vice president of Southern EMEA and Emerging Markets at Sophos, said: “Businesses have embarked on a digital transformation process that is now unstoppable and cyber security is an essential part of that process. Without the right measures in place, any business, regardless of size and sector, can fall victim to cybercrime. In addition to the increasing complexity of cyber-attacks, cybersecurity solutions are becoming more complex and difficult to manage.”