printer friendly version

As technology converges, so does cybercrime

When someone told 22-year-old Bridget Motari about job opportunities in customer services in Thailand, she jumped at the chance. Today, she realises it was the worst decision of her life.

A fake agency website lured the young Kenyan woman to apply for a job, but when she reached South-East Asia, she was forced to work for an online scam centre run by a Chinese cartel in the Golden Triangle – an infamous region between Myanmar, Laos, and Cambodia.

Anna Collard

Bridget’s story¹ is, unfortunately, not unique. Many Africans and Southeast Asians have been trapped by similar schemes and coerced to work either in prostitution or for scam cartels. According to a recent report by the United Nations Office on Drugs and Crime (UNODC)², transnational organised crime is evolving faster than law-enforcement agencies can keep up with it.

The report estimates that cyber-enabled fraud resulted in between $18 billion and $37 billion in financial losses from scams targeting victims from East and Southeast Asia in 2023 alone.

Global connectivity fuels cybercrime convergence

Cybercrime convergence is proliferating – not just in Asia, but around the world – because digital technologies are enabling unprecedented collaboration between different criminal networks. Digital platforms enable seamless communication across borders, allowing criminal networks that used to operate independently in specific niches to coordinate operations without physical barriers.

Thanks to the Dark Web, these platforms facilitate the exchange of tools, data and expertise between cybercriminals, human traffickers and organised crime groups.

Artificial intelligence has also been a boon for cybercriminals. Tools such as AI-driven deepfake technology, bots, and automation streamline processes like phishing, identity theft, and fraud, making collaboration between cybercriminals more efficient.

These malicious actors belong to highly sophisticated syndicates and complex networks of money launderers, human traffickers, state actors and other ‘service providers’.

Weaponisation of data

But how do these cartels work? In some cases, cybercriminal groups are state-sponsored – China, Russia, and North Korea are the biggest culprits. State actors sometimes fund or collaborate with organised cybercriminal groups to spy on or attack infrastructure with plausible deniability.

For example, North Korean state-backed hackers are known to collaborate with organised crime for financial fraud, money laundering, cryptocurrency theft and espionage.

Closer to home, the Yahoo Boys³, part of the Black Axe syndicate originating from West Africa, but operating all over the continent, combine romance scams with financial fraud, often procuring stolen credentials and tools from other cybercriminals and targeting vulnerable groups such as teenage boys with their highly automated and effective sextortion scams.

Ransomware as a service (RaaS) operators are cybercriminals who can be contracted to execute large-scale cyber extortion attacks. Often working with a network of partners, also called affiliates, they operate similarly to legitimate ‘as-a-service’ providers, with commissions, subscription services, and 24/7 call centres.

These groups work together to steal data or disrupt business operations to extort their victims. According to the threat intelligence group Analyst1⁴, cybercriminal gangs are increasingly collaborating to infiltrate organisations and perform ransom operations together. After one gang compromises and steals a victim’s data, it passes it on to another gang, which negotiates a ransom based on the leaked data.

As Analyst1 notes, this type of collaboration would not be possible unless a well-established relationship of trust existed between the various malicious actors.

What can organisations do?

1. Foster collaboration and threat intelligence sharing. We cannot face this threat alone. So, organisations should actively participate in threat intelligence sharing platforms, public-private partnerships, law enforcement agencies, and industry collaborations to stay ahead of evolving cybercrime tactics. Monitoring the dark web and aligning with global cybersecurity initiatives can provide critical insights into emerging threats and bolster collective defences.

2. Enhance cyber resilience through advanced technology and preparedness. Adopt a Zero Trust approach, implement AI-driven security tools, and strengthen endpoint detection to minimise vulnerabilities. Regularly test and refine incident response plans, segment networks, and maintain secure backups to reduce the impact of ransomware and other multi-vector attacks.

3. Prioritise human risk management and supply chain security. Invest in continuous employee training to build a security culture and increase awareness of the latest social engineering and ransomware tactics, while simulating attacks to improve readiness. Assess and monitor third-party vendors to mitigate supply chain risks, and ensure alignment with global cybersecurity frameworks like NIST and ISO 27001 to maintain a strong security posture.

Lastly, by developing proactive rather than reactive defences, security teams can anticipate and adapt to the evolving threats posed by cybercriminal collaboration and the complexities of digital convergence.

^[1] https://tinyurl.com/3tpspzsz (redirects to https://www.lemonde.fr/en/le-monde-africa/article/2024/10/28/how-the-chinese-mafia-kidnaps-africans-to-swindle-westerners_6730781_124.html).

^[2] https://tinyurl.com/h9aphn45 (redirects to https://www.unodc.org/roseap/uploads/documents/Publications/2024/TOC_Convergence_Report_2024.pdf).

^[3] https://tinyurl.com/3my9cb7k (redirects to https://www.bbc.com/news/articles/cr7rxpdyz9yo).

^[4] https://tinyurl.com/2a7y8vww (redirects to https://analyst1.com/ransomware-centric-collection-and-threat-profiling/).

Share this article:

Further reading: