Cybercriminal business model vulnerable to intervention
"We've been observing that they've been acting like a business for a while," said Shogo Cottrell, security strategist at Hewlett Packard Enterprise, which produced the report.
The profit motivation accounts for more than three-quarters of all data breaches and has been rising in recent years, according to this year's Verizon data breach report.
But cybercrime also shares many of the vulnerabilities that traditional businesses do, said Cottrell.
For example, a criminal group's reputation is even more important in the underground economy than brand reputation in the legitimate world.
"In the underground space, there is a huge lack of trust and an enormous amount of paranoia," he said. "Everyone is doing nefarious activities. It's hard to trust someone who is at the core untrustworthy."
As a result, reputation counts for a lot among criminals, but it's also hard to build a solid reputation, and easy to lose it. And once the reputation takes a hit, where a legitimate business will try to repair the damage and salvage the brand, the bad guys just throw in the towel.
"They have a tendency to start over," said Cottrell. "And that's a lengthy and costly effort. Having to build a new persona, they have to regain trust, rebuild all of that from the ground up."
Rumors that a group fails to deliver, or has been infiltrated by authorities, can quickly destroy a criminal enterprise.
"You do have to have some credibility as well before you start throwing rocks," he said. "But those pillars of trust are very shaky and do fall very easily."
Trust isn't just important for criminal groups, but for individual hackers, as well.
For example, nobody is going to want to do business with people linked to FBI investigations.
And when it comes to destroying criminal reputations, the authorities have unlikely allies -- other criminals themselves.
Cybercriminal groups are quick to go after each other, and there are no laws or authorities that can protect against unfair business practices.
Hacking tools are also vulnerable to reputational damage. They could, for example, include code from competitors or authorities that tracks activity or deliberately hurts business.
Cybercriminals are also vulnerable to anything that impacts their profit margins.
"We want to limit the financial results they can realize," said Cottrell.
For example, a large corporation could set up a deception grid, filled with fake data, that not only wastes criminals' time and gives the defenders the opportunity to identify them, but also leaves them with worthless information.