Cybercrime cartels: Dray Agha, senior security operations manager at managed detection and response services firm Huntress, said the analysis illustrates that the “Hollywood image of a teenage lone wolf hacking for bragging rights” is vastly outdated since the threat landscape is dominated by “highly organised, profit-driven syndicates.””While young people may still engage in digital vandalism or act as low-level affiliates, the architects orchestrating large-scale extortion and malware campaigns are mature adults operating what are essentially illicit technology companies,” Agha said.Agha argued that the 35-44 age group aligns perfectly with the skills required to run modern cybercrime operations, such as ransomware-as-a-service (RaaS). These professionally run campaigns require project management, software development lifecycles, human resources (recruiting affiliates), and customer service (negotiating with victims).”This level of operational maturity is rarely found in teenagers; it requires the business acumen typical of midcareer professionals,” Agha said.While it might be relatively easy to breach a vulnerable system, successfully cashing in on illicit access is a tricky process that requires experience.”The prominence of cyber extortion and money laundering in the 35-44 demographic highlights the need for a deep understanding of corporate pressure points, cryptocurrency tumbling, and illicit financial networks,” Huntress’ Agha added. “Older offenders have the real-world experience necessary to navigate these complex financial logistics and turn stolen data into usable cash.”While younger offenders often act as “initial access brokers”, finding the initial way into a network, this access is typically sold onto older, more experienced threat actors who execute the high-stakes extortion and espionage.”The young ‘pick the locks,’ while the adults ‘run the syndicate,’” Agha said.
Career ladder: Andra Zaharia, cybersecurity community lead at Pentest-Tools.com, said that many cybercrime operations look “less like solo activity and more like organised networks with roles, handoffs, and repeatable processes.””That structure naturally skews older because it rewards operational discipline and trust networks that take time to build,” Zaharia told CSO. “Technical skill matters, but so does reliability and consistency over months and years.”Zaharia added: “Profit motive also reshapes the ‘career path.’”Extortion and malware campaigns often involve different people for different jobs: access, tooling, infrastructure, negotiation, and moving money.”Reputation becomes a form of currency in those environments,” Zaharia concluded. “Actors build it, protect it, and use it to climb into higher-earning roles.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4141523/teenage-hacker-myth-primed-for-a-middle-age-criminal-makeover.html
