Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Cybercrime Matures As Hackers Are Forced To Work Smarter

Cybercrime Matures As Hackers Are Forced To Work Smarter

An analysis of 500 hacking incidents across a wide range of industries has revealed trends that characterize a maturity in the way hacking groups operate today.

Researchers at Kaspersky have focused on the Russian cybercrime underground, which is currently one of the most prolific ecosystems, but many elements in their findings are common denominators for all hackers groups worldwide.

Also Read: How To Anonymised The Data: What Are The Importance Of This?

Pursuing new avenues

One key finding of the study is that the level of security on office software, web services, email platforms, etc., is getting better.

As Kaspersky explains, browser vulnerabilities have reduced in numbers, and websites are not as easy to compromise and use as infection vectors today.

This has resulted in making web infections too difficult to pursue for non-sophisticated threat groups.

The case is similar with vulnerabilities, which are fewer and more expensive to discover.

Instead, hacking groups are waiting for a PoC or patch to be released, and then use that information to create their own exploits.

Becoming more efficient

Hacking groups are now optimizing its member structure and providing distinct functional roles to each person.

In modern cybercrime operations, there’s no longer a need for malware authors and testers, because actors are sourcing their tools from central selling points on the dark web.

Moreover, with much of stolen money being transacted in cryptocurrency, actors only need money mules or someone to manage cash withdrawal operations when cashing out into fiat currency.

The same goes for account credentials, webshell access to various organizations, and even DDoS attacks. All of these are bought from providers instead of “employing” an expert in the team.

Also Read: Trusted Data Sharing Framework IMDA Announced In Singapore

Typical cybercrime group structure - 2016 left 2021 right
Cybercrime group structure – 2016 on the left, 2021 on the right
Source: Kaspersky

Another way of optimization for cybercriminals today is to turn to cloud service providers instead of choosing the more costly and risky option of renting or setting up their own physical server infrastructure.

The downside of this is that cloud servers are regulated and service providers are responsive to reports, but threat actors can always hop to other platforms or create new accounts when they’re uncovered.

One of the most striking differences that we see today compared to cybercrime practices from five years ago, is that large banks are no longer vigorously targeted.

Instead, hackers realized that it would be far easier and oftentimes more profitable to target companies with ransomware, RATs, and stealers, diverting payments through BEC attacks or forcing victims to pay a ransom.

“Back in 2016, our primary focus was on big cybergangs that targeted financial institutions, especially banks,” said Ruslan Sabitov, a security expert at Kaspersky.

“These days, the industries attacked are not limited to financial institutions and major attacks such as the ones we investigated in the past are thankfully no longer possible. Yet we can hardly say there is less cybercrime out there. Last year the total number of incidents we investigated was around 200. This year hasn’t concluded yet, but the count is already around 300 and keeps going.”

As the attacks increase in number, actor groups become more volatile and prone to disbanding, as collaborations are now limited to financial gains and not much else. 

Finally, as members scatter and re-mix, so do their methods, and with more groups using the similar toolsets, the separating lines that helped identify each actor has become blurry. 



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us