Business & Technology

Global Cybersecurity Experts Map Underworld Ecosystem to Help Law Enforcement

By Glenn Maiden | June 09, 2022

Cybercrime impacts everyone from individuals to global corporations and critical infrastructures and governments. It causes immense, though not always visible, damage to economies and societies. As part of our mission to secure people, devices, and data everywhere, Fortinet is proud to be one of the founding members of the World Economic Forum’s (WEF) Centre for Cybersecurity and active contributor as part of its Partnership Against Cybercrime (PAC).

The PAC is a subset of the WEF’s Centre for Cybersecurity and strives to address the global challenge posed by cybercrime by exploring ways to amplify public-private cooperation against this crime and overcome existing barriers to cooperation. Its membership includes experts from private cybersecurity companies like Fortinet, as well as law enforcement agencies, service and platform providers, global corporations, and non-profit alliances.

WEF’s PAC brings together the digital expertise and data of private industry with the public sector’s threat intelligence in its ambitious efforts to combat cybercrime. PAC partners believe that a unified global approach and overcoming communication barriers will make it easier to throw light on the dark digital shadows where attackers hide—and to better defend against their criminal activity.

Introducing the WEF PAC’s Cybercrime Atlas

Today, at RSAC 2022, Fortinet’s FortiGuard Labs was a part of the Mapping the Cybercriminal Ecosystem session keynote, which unveiled strides forward in the group’s ambitious goal to disrupt cybercrime.

In response to the unprecedented growth in cyberattacks during the global pandemic, Fortinet has spent the past several years collaborating with our PAC partners on several important projects.

One initiative was to create a holistic map of the cybercriminal ecosystems to help the security industry more effectively disrupt them; more efficiently allocate resources in the fight against them; and make their unlawful efforts more costly to them. This effort has been named Atlas.

The Cybercrime Atlas initiative is a collaborative effort to organize, centralize, and expand knowledge about the activities and composition of cybercriminal groups worldwide, mapping out relationships between the cybercriminal actor groups and their infrastructure within the related ecosystems.

Atlas aims to support operational collaboration by creating a shared knowledge base, identifying mutual interests and uncovering concrete opportunities to disrupt cybercrime—both on the technical and policy levels. Atlas will also serve as a strategic platform to support decision makers.

Panel at RSAC 2022

Cybercrime Atlas is a joint effort, led by partners who contribute specialized cybercrime investigative analysis to the initiative. By combining the expertise and resources of private companies and public agencies, PAC has been able to make significant progress in mapping major global cybercrime syndicates.

At today’s keynote, along with fellow PAC members engaged in the Cybercrime Atlas, we revealed the initiative and how the holistic map of the cybercriminal ecosystem will benefit the cybersecurity industry and law enforcement. More, the sharing of this endeavor, and insights gleaned from the effort helps identify new opportunities for cooperation on combatting cybercrime.

Cybercrime Atlas is projected to be operational by the WEF’s Annual Meeting in Davos in January 2023. The Centre for Cybersecurity PAC believes acquiring visibility into cybercriminal ecosystems and infrastructures is the vital first step in disrupting them.

In the end, the accumulated knowledge will help law enforcement capture and successfully prosecute cybercrime gang members. Also, this visibility provides an unprecedented opportunity to strategically pinpoint and target vulnerabilities in the criminal ecosystem.

Building a Chain of Disruption

In a piece published on the World Economic Forum site, Derek Manky, chief security strategist and VP of global threat intelligence at FortiGuard Labs wrote, “[The PAC]... has been… breaking down cybercrime groups into different categories, including business email compromise, card fraud, malware, and ransomware. When each category is subdivided into different group types, it is surprising how granular and specific the cybercrime statistics and information required to map these cybercriminals becomes. Combining those insights with law enforcement agencies at the local, national, and international levels could catalyze a game-changing new intensity and effectiveness to cybercrime prosecutions and convictions.”

Ultimately, the PAC envisions the Cybercrime Atlas becoming a platform and expert community for linking experts and the sharing of knowledge on new analysis techniques, tools, adversary behavior, and strategic insights. PAC members would like to see Atlas become a key resource for law enforcement to better understand cybercriminal group identities, tactics, techniques, processes, infrastructures, and financial support systems. And beyond assisting law enforcement, insights from the Cybercrime Atlas are intended to create a chain of disruption that generates benefits beyond arrests. 

Cybersecurity Depends on a Group Effort

Defeating global cybercriminal organizations requires a global group effort with strong, trusted relationships among cybersecurity stakeholders. Criminal enterprises function almost exactly like corporations. They have expenses and bottom lines. If they cannot turn a profit in a timely manner because “the good guys” are disabling their infrastructures and forcing them to continuously start from scratch, then they may start to find a new line of work. Once attackers start to quit out of fear of being exposed and arrested or feel the profits aren’t worth the risks, then cybercrime may begin to recede.   

Fortinet shares actionable threat intelligence with the cybersecurity community because we know the importance of defending against cyberattacks. The PAC is an excellent example of what can be accomplished when organizations work together in the fight against threat actors.

In the coming months, the PAC expects to continue sharing new developments and learnings from its Cybercrime Atlas efforts.

A Driving Force

FortiGuard Labs is Fortinet’s elite cybersecurity threat intelligence and research organization that was founded in 2002—two years after Fortinet was founded. A cybersecurity industry innovator, FortiGuard Labs develops and uses cutting-edge machine learning (ML) and artificial intelligence (AI) technologies to provide our customers and the cybersecurity community with timely, actionable threat intelligence and consistently top-rated protection.

Fortinet is proud to work with law enforcement agencies, government organizations, and security vendor alliances worldwide. We want to continue to be a driving force within the cybersecurity industry to one day make the digital world a place you can always trust.

Learn more about Fortinet’s FortiGuard Labs threat research and intelligence organization and the FortiGuard Security Subscriptions and Services portfolio.

Find out how Fortinet remains a global leader in broad, integrated and automated cybersecurity solutions: Fortinet Innovation series.