Do cybercriminals collaborate and build community?

When we interviewed Isabelle Meyer (Co-Founder and Co-CEO at ZENDATA Cybersecurity), we asked why she thinks events like Black Hat MEA are so valuable. She said: 

“The community! It makes us grow, gather, and create. Being surrounded by the best minds in the world gives you so much energy and so many new ideas. Black Hat is different, it’s technical, the subjects are great and inspiring. We need this.” 

And this got us wondering; what about cybercriminals and crime groups? Do they collaborate and build community with each other too – and what does that mean for the field of cybersecurity? 

Yes – cybercriminals do collaborate 

Threat actors, and particularly criminal organisations, do share knowledge and skills. They work together (as well as competing against each other) much like legitimate businesses do; and as a community, those pose a bigger threat than they could individually. 

Cybercriminal groups often exhibit hierarchies that are similar to those you’ll find in the corporate world. According to research by IBM and Google, they have leadership structures, with senior leadership teams overseeing specialised operational teams that handle various different elements of a cyber attack; such as malware development, data exfiltration, and email fraud. 

And as well as being well structured internally, these criminal groups also collaborate with each other. Some of them offer services to others, for example; while hiring skilled workers from other crime groups to execute tasks that are beyond the scope of their in-house teams. 

This doesn’t mean they’re all good friends. There’s as much competition as there is collaboration, and cybercriminal groups sometimes hijack one another’s infrastructure. Breach is inevitable – even if you’re a criminal. 

The dark web is a hub for cybercrime community 

Just as ethical hackers get together at cybersecurity events and share knowledge on open-source platforms and forums, cybercriminals collaborate on the dark web. It’s become a hub for crime groups to share their tactics, information about vulnerabilities, expose breached data, and distribute intelligence on prime targets. 

Crime groups use the dark web to buy and sell stolen data, as well as hacking tools – and to illicit services from other groups. And it works; because while it’s largely unregulated, the dark web is not disorganised. It houses sophisticated, efficient marketplaces that facilitate exchanges of information, products and services between cybercriminals and crime groups; and user communities that enable knowledge-sharing, training, and collaboration. 

The fact that law enforcement agencies including INTERPOL have developed secure platforms to help them share information about dark web activity and transnational collaboration between cybercriminals is a clear sign that criminal community-building is a real concern. 

What does this mean for cybersecurity? 

Community matters in cybercrime. And that means that community really matters in cybersecurity. 

Virtual forums and IRL events provide a platform for cybersecurity professionals to build their networks, forge valuable partnerships, and learn from each other. And they give you the opportunity to gather information you wouldn’t necessarily come across on your own. 

Rana Khalil (Application Security Team Lead at C3SA) said:

“Beyond the networking aspect, conferences serve as a forum for cybersecurity experts to share their latest research and insights. I had the opportunity to attend various presentations and contribute to a panel discussion on how to get into the mindset of a hacker.” 

And for Stephen Bennett (Global CISO at Domino’s), getting together as a community also serves to build your personal resilience – so you can keep working confidently, efficiently, and persevere in the face of immense challenges.

“Regardless of whether you're an extrovert or introvert,” he said, “we're social creatures at heart, and these events are crucial for reconnecting and building relationships. Black Hat MEA, in particular, has been fantastic for this. It’s not just about hearing different viewpoints but also about forming your own, making connections, and realising that even though cybersecurity can feel isolating, you're definitely not alone. Our field is incredibly tight-knit, and there’s a whole community out there ready to offer support when you reach out.”

Just like cybersecurity, cybercrime is enhanced and strengthened when strategies are shared between groups and across borders. So we have to keep growing our own communities and strengthening global knowledge-sharing across the cybersecurity sector; in order to protect organisations, individuals, and countries from threat actors and criminal collaboration.

Register now to attend Black Hat MEA 2024.