The strategies of cybercriminals and advanced persistent threat (APT) groups are aligning as both sides poach ideas from one another, according to the security vendor FireEye.
Crooks were said to be taking up the customised malware, targeted attack patterns and long-term campaigns that used to be the domain of APT actors, whilst the long term players have started stealing personally identifiable information (PII) usually used to defraud victims.
Writing in a report, FireEye said: "The increasingly blurry lines between cybercriminal and APT tools and tactics further muddies questions of actor intent and the potential fallout.
"Chalk it up to attackers’ denial and deception, uneven law enforcement, and Byzantine ties between corrupt government agents and the criminal underground. In this hazy state of affairs, unravelling attackers’ intents and motives can guide your response."
Online criminals have typically targeted personal and payment data that could be sold on for quick profit, whilst APT groups tend to look for corporate or state secrets, as well as other information of political value, and are often sponsored by governments.
Hackers of all persuasions can often sample one another’s ideas through cybercrime forums, which are found on both the public internet and the Deep Web.
Such venues often facilitate the sale of data through informal trading and official escrow services, with prices influencing which information hackers will seek out in future.
"Judging whether the malware in your network is a possible infection vector for a state-sponsored attack — and not a collateral infection from a nuisance threat — would no doubt change your reaction and response," FireEye said.
"Likewise, stolen personal data in the hands of cyber criminals may require a different response — and have a more immediate impact — than data falling into the hands of a nation-state threat group with other, murkier uses for it."
