International effort to disrupt cybercrime moves into operational phase

Will the WEF experiment work?

The Cybercrime Atlas, a massive undertaking that aims to disrupt cybercriminals across the globe, enters its operational phase in 2024, two years after organizers laid the groundwork at the RSA Conference.

At the time, the public-private collaboration was still in the proof-of-concept stage with one ambitious goal – to map out relationships between criminal groups, their infrastructure, supply chains and other dependencies, and to use this knowledge to break up the entire ecosystem.

The initiative officially launched at the World Economic Forum in July 2023 with founding members Banco Santander, Fortinet, Microsoft, and Paypal.

"One of the main questions was, is it actually possible, with companies stepping in to invest resources in this type of research? And it became very clear that yes, companies can work together, they are very eager to create this type of knowledge base and to be part of such processes," Tal Goldstein, the WEF Centre for Cybersecurity's head of strategy, told The Register.

Its members now include 20-plus law enforcement agencies, private-sector security companies and incident responders, financial institutions, NGOs, and academics.

Over the past year, the investigations group, which now has more than 20 members, meets weekly "to go over intelligence packages, and we're working on profiling for threat actors," said Derek Manky, chief security strategist and global VP of threat intelligence at Fortinet's FortiGuard Labs.

Manky, who is also one of the group's founding members, said this work includes "the open source intelligence, the correlation, identifying choke points, high-confidence points, points of disruption."

"We've been doing a lot of work on the intelligence side," he told The Register. "And now we want to try to get into how can we actually start to make an impact."

This involves seizing gangs' infrastructure, making arrests, and attributing attacks to criminal gangs, Manky added. It also involves lowering the ROI on cybercrime.

"This is part of the idea of disruption: it's not only to make an impact, but to send a message back to the cybercriminals that we mean business, and that we can make it more cost prohibitive for them to operate," Manky said. 

Making life more difficult for criminals

Sean Doyle, Cybercrime Atlas initiative lead, described it thus: "The first part of the experiment: can we create something new, valuable, and actionable?" The answer to this, he told The Register, is yes.

"The second part of the experiment is: can we use that collaboratively to make life more difficult for cyber criminals? That's what we are testing."

It's a big theory to test. Despite some recent high-profile takedowns of major cybercrime organizations, ransomware, cyber espionage, and all other types of electronic crimes are flourishing.

America's healthcare system is still reeling from a nearly month-old ransomware attack against a single company, Change Healthcare.

The breach happened nearly two months after law enforcement seized ALPHV/BlackCat's infrastructure, which apparently didn't stop the ransomware crew from infecting Change and possibly extorting $22 million from the healthcare IT org.

Meanwhile, the British Library is finally beginning its post-ransomware recovery, five months after a Rhysida affiliate shut down nearly all of the library's online services.

In addition to causing chaos and costing victims billions of dollars, however, these gangs have brought cybercrime to the forefront of discussion among CEOs and boards of directors. Cyberthreats are officially on everyone's radars, which is one of the reasons the WEF took on this initiative.

"From the World Economic Forum perspective, this is a very unique project," Goldstein said. "It's really going into a very operational level, which is beyond what the Forum is usually doing."

It also underscored the growing emphasis that the WEF has placed on cybercrime – and cybersecurity – over the past few years.

According to the WEF's Global Risks Report 2024 [PDF] published in January, "misinformation and disinformation" is the top short-term global risk, with "cyber insecurity" coming in at number four.

In addition to combating digital crime, the international org is also taking on the cyber skills gap to help grow the infosec workforce.

At its annual meeting in Davos this year, the WEF hosted a panel on ransomware disruption. "Many members in the audience were not in a cybersecurity role, but they were very interested," Manky said. "And they very much appreciated the problem as well." 

This isn't an isolated event and over time the WEF has received "more requests from our partners, CEOs, chairmen of big companies, saying [the Forum] needs to be involved" in helping organizations improve their cybersecurity posture and resilience," Goldstein added. 

"This is not a challenge that any company or any government or international organization can manage by itself," he added. "This is a topic we need to work together to address." ®

More about


Send us news

Other stories you might like