Just as legitimate organisations benefit from technological advances, our interconnectedness also opens doors for crafty criminal and malicious networks to flourish. Cybercrime is a tangled web of complex collaborations and coordination between different malicious entities, including state actors, organised crime and even drug and human trafficking networks. How do we address this converging threat landscape?

Anna Collard, Senior Vice President, Content Strategy and Evangelist at KnowBe4 Africa shares her insight.

When someone told 22-year-old Bridget Motari about job opportunities in customer services in Thailand, she jumped at the chance. Today she realises it was the worst decision of her life.

A fake agency website lured the young Kenyan woman to apply for a job, but when she reached Southeast Asia, she was forced to work for an online scam centre run by a Chinese cartel in the Golden Triangle—an infamous region between Myanmar, Laos and Cambodia.

Bridget’s story is, unfortunately, not unique. Many Africans and South-East Asians have been trapped by similar schemes and coerced to work either in prostitution or for scam cartels.

According to a recent report by the United Nations Office on Drugs and Crime (UNODC), transnational organised crime is evolving faster than law-enforcement agencies can keep up with it.

The report estimates that cyber-enabled fraud resulted in between $18 billion and $37 billion in financial losses from scams targeting victims from East and Southeast Asia in 2023 alone.

Global connectivity fuels cybercrime convergence

The reason cybercrime convergence is proliferating—not just in Asia, but around the world—is that digital technologies enable unprecedented collaboration between different criminal networks. Digital platforms power seamless communication across borders, allowing criminal networks that used to operate in specific niches independently to transcend physical barriers and seamlessly coordinate operations regardless of where they are.

Thanks to the Dark Web, illicit tools, data and expertise are exchanged between cybercriminals, human traffickers and organised crime groups. Criminals make a meal of AI with technology like AI-driven deepfakes, bots, and automation, which streamline processes like phishing, identity theft and widespread fraud in a location-agnostic environment.These malicious actors belong to highly sophisticated syndicates and complex networks of money launderers, human traffickers, state actors and other "service providers" in a global industry devoid of ethical standards with its own rogue CEOs and notoriously unpleasant takes on Human Resource Management.

Weaponised data

But how do these cartels work? In some cases, cybercriminal groups are said to be state-sponsored. Theories suggest that China, Russia and North Korea are among the main culprits, with state actors often funding or collaborating with organised cybercriminal groups to spy on, or attack infrastructure with plausible deniability. In one instance, as reported by Forbes, North Korean state-backed hackers allegedly collaborated with organised crime for financial fraud, money-laundering, cryptocurrency theft and espionage.

Closer to home, the Yahoo Boys—part of the notorious Nigerian Black Axe Syndicate operating throughout Africa— add a touch of "romance" to financial fraud scams, often procuring stolen credentials and tools from other cybercriminals and targeting vulnerable groups like the elderly and teenagers with their highly automated and effective "love-bombing" or sextortion scams.

Most of us have heard of Software as a Service (SaaS), but Ransomware as a Service (RaaS) operators are also part of a rapidly-growing industry using contracted workers to execute cyber extortion attacks at scale. Often working with a network of partners, sometimes called affiliates, they operate similarly to legitimate "as-a-service" providers—with commissions, subscription services and 24/7 call centres.

These groups work together to steal data or disrupt business operations to extort their victims. According to the threat intelligence group, Analyst1, cybercriminal gangs are increasingly collaborating to infiltrate organisations and perform ransom operations together. After one gang compromises and steals a victim’s data, they then pass it on to another gang who negotiates a ransom based on the leaked data.

As Analyst1 notes, this type of collaboration wouldn’t be possible unless a well-established relationship of trust existed between the various malicious players.

Gaining the upper hand against cybercriminals

No person or organisation can exist in a vacuum. Cybercrime is often a team effort, and so is cybersecurity. Collaboration and threat Intelligence sharing is vital. Organisations must actively participate in threat intelligence sharing platforms, public-private partnerships, law enforcement initiatives and industry collaborations to stay ahead of evolving cybercrime tactics. Partnering with an organisation that monitors the dark web and aligns with global cybersecurity programmes can provide critical insights into emerging threats and bolster collective defences.

Adopting a Zero Trust approach, implementing AI-driven security tools and strengthening endpoint detection minimises vulnerabilities, ultimately enhancing cyber resilience. Regularly testing and refining incident response plans and segment networks, as well as maintaining secure backups to reduce the impact of ransomware and other multi-vector attacks should be a top priority.

Prioritising human roisk management and supply chain security starts with a sound investment in continuous employee training to build a security culture, increasing awareness of the latest social engineering standards and ransomware tactics while simulating attacks. This improves readiness on the ground. Assessing and monitoring third-party vendors additionally mitigates supply chain risks and ensures alignment with global cybersecurity frameworks like NIST and ISO 27001 to maintain a strong security posture.

Finally, by developing proactive rather than reactive defences, security teams can anticipate and adapt to the evolving threats posed by cybercriminal collaboration and the complexities of digital convergence.

No organisation can afford to treat cybersecurity as an afterthought. With threats evolving constantly, a proactive approach is the only way to protect sensitive data, maintain trust and avoid costly disruptions. Investing in robust security measures isn’t just about compliance—it’s about ensuring business continuity and resilience in an increasingly digital world.

About KnowBe4

KnowBe4 is the world’s first and largest New-school Security Awareness Training and simulated phishing platform that helps organisations manage the ongoing problem of social engineering. It also provides add-on products like PhishER and SecurityCoach to prevent bad actors from getting into company networks and compliance training.