惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

B
Blog RSS Feed
V2EX - 技术
V2EX - 技术
P
Privacy & Cybersecurity Law Blog
T
The Exploit Database - CXSecurity.com
美团技术团队
WordPress大学
WordPress大学
博客园 - 司徒正美
S
Securelist
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
博客园 - Franky
Attack and Defense Labs
Attack and Defense Labs
Security Latest
Security Latest
L
LINUX DO - 最新话题
NISL@THU
NISL@THU
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
腾讯CDC
Y
Y Combinator Blog
The Hacker News
The Hacker News
Security Archives - TechRepublic
Security Archives - TechRepublic
IT之家
IT之家
T
Threatpost
Hugging Face - Blog
Hugging Face - Blog
Scott Helme
Scott Helme
S
SegmentFault 最新的问题
Cyberwarzone
Cyberwarzone
C
Cisco Blogs
阮一峰的网络日志
阮一峰的网络日志
U
Unit 42
B
Blog
Microsoft Azure Blog
Microsoft Azure Blog
P
Proofpoint News Feed
小众软件
小众软件
V
Vulnerabilities – Threatpost
J
Java Code Geeks
V
Visual Studio Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
A
Arctic Wolf
博客园 - 【当耐特】
Microsoft Security Blog
Microsoft Security Blog
S
Security @ Cisco Blogs
雷峰网
雷峰网
Help Net Security
Help Net Security
The Last Watchdog
The Last Watchdog
Recent Announcements
Recent Announcements
G
Google Developers Blog
C
CERT Recently Published Vulnerability Notes
T
Troy Hunt's Blog
MyScale Blog
MyScale Blog

Fortinet All Blogs

The TTF Trap: A Global Campaign of a Low-Detection Lua Loader | FortiGuard Labs Helping Law Enforcement Keep Pace with the Future of Cybercrime | Fortinet Blog FortiEndpoint Expands Security for the AI Era | Fortinet Blog Cyber Attacks Leveraging AI Require Behavior-First Security Training, Not Simply Better Awareness | Fortinet Blog The AI Era Needs a New SASE. Here’s What That Actually Looks Like. | Fortinet Blog Analysis of Ongoing Ousaban Attacks Targeting the Iberian Peninsula | FortiGuard Labs Update on Fortinet Use of Frontier AI | CISO Collective Fortinet Supports INTERPOL Operation CyberProtect III Targeting Online Exploitation From CI/CD to Cloud Data: How Shai Hulud Persistence Leads to Redshift Breach | FortiGuard Labs Fortinet Launches Its Product Carbon Footprint Calculator FortiSASE Training Builds Skills for Secure Access Success | Fortinet Blog Analysis of Reported Credential Compromise of FortiGate Devices | Fortinet Blog Teaching Cybersecurity the Way It’s Actually Used | Fortinet Blog Introducing FortiSOC: One Platform, Total Control | Fortinet Blog Public-Private Cooperation Is Critical to AI-Driven Cyber Defense | Fortinet Advancing Threat-Informed Defense through Fortinet’s Collaboration with MITRE CTID | Fortinet Threat Actors Weaponize AI Hype to Deliver AsyncRAT | FortiGuard Labs Fortinet Achieves 1 Million People Trained in Cybersecurity Goal Ahead of Schedule | Fortinet Blog While OT Security Is Maturing, Risk Is Not Slowing Down | Fortinet Blog AI Policy Meets Operational Reality: White House AI Cybersecurity Order Calls for Public-Private Coordination | Fortinet Blog Executive Q&A: Strong Q1 Momentum Driven by Differentiated Innovation and Customer Demand | Fortinet Fortinet Earns AV-Comparatives Certification for EDR Detection Visibility | Fortinet Blog Cybercriminals Are Targeting the FIFA World Cup 2026 | FortiGuard Labs Fortinet Achieves AV-Comparatives Certification for Process Injection Protection | Fortinet Blog Inside the Cross-Platform Propagation of a New Gafgyt Variant C0XMO | FortiGuard Labs Battling AI-Based Threats with FortiNDR | Fortinet Blog Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data Defending Critical Infrastructure: Why OT Security Demands a Threat-Informed Approach | CISO Collective Misconfigured, Enrolled and Dormant: Anatomy of a P2Pinfect Kubernetes Compromise | FortiGuard Labs Fortinet Expands Cybersecurity Investment in the United Arab Emirates | Fortinet Blog PureLogs: Delivery via PawsRunner Steganography | FortiGuard Labs The Future of Connectivity | Fortinet Blog Fortinet at the World Economic Forum: Frontier AI models, AI-Driven Threats, Deepfakes, and the Future of Cyber Defense | Fortinet Blog The Fortinet 2025 Sustainability Report | Fortinet Blog Supercharged Security: Security in the Time of Mythos | CISO Collective Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign | FortiGuard Labs AI Security Is an Architectural Decision | Fortinet Blog Fortinet Training Institute Wins Industry Accolades | Fortinet Blog Shadow AI: The Invisible Risk Growing Inside Your Organization | Fortinet Blog Leading by Example in Sustainability: Fortinet Expands Global EPD Certification | Fortinet Blog When Cybercrime Becomes an Industry | Fortinet Blog FortiOS 8.0: Redefining Secure Networking in the AI and Quantum Era | Fortinet Blog Securing the Physical World as It Comes Online | Fortinet Blog Why the 2026 AI Cybersecurity Summit Matters | Fortinet Blog DPRK-Related Campaigns with LNK and GitHub C2 | FortiGuard Labs AI Is Changing Application Threats Faster Than Teams Can Adapt | Fortinet Blog Announcing the Fortinet Training Institute’s 2026 ATC Award Winners | Fortinet Blog
Disrupting Cybercrime Networks at Scale Requires Sustained Global Collaboration | Fortinet Blog
2026-03-27 · via Fortinet All Blogs

Cybercrime today operates less like isolated criminal activity and more like a globalized digital economy in which specialized actors provide services, infrastructure, and expertise that allow attacks to scale efficiently across borders. Ransomware groups rely on initial access brokers to obtain footholds into enterprise networks, malware developers package tools for sale in underground marketplaces, and money-laundering networks specialize in converting illicit gains into financial assets that can move through global financial systems. Taken together, these roles form an industrialized criminal supply chain that mirrors many characteristics of legitimate digital economies. More, the rise of shadow agents is poised to accelerate growth of the cybercriminal ecosystem. 

Understanding cybercrime as an ecosystem rather than a series of individual attacks has important implications for defenders. Security teams can still mitigate incidents and reduce immediate harm, but meaningful progress increasingly depends on disrupting the systems that allow cybercrime operations to function and expand.

That perspective shaped the discussion during our RSAC Conference (RSAC) session, Disrupting Cybercrime Networks, Successfully, Continuously, and at Scale. The panel brought together leaders from the World Economic Forum, Microsoft’s Digital Crimes Unit, INTERPOL, and the Forum’s Cybercrime Atlas initiative to examine how sustained collaboration among industry, international organizations, and law enforcement can shift disruption efforts from episodic takedowns to coordinated campaigns that weaken entire criminal ecosystems.

From Ad Hoc Takedowns to Continuous Disruption

The cybersecurity community has demonstrated the value of collaboration many times over the past two decades. A widely cited example is the Conficker Working Group, which mobilized technology vendors, researchers, and law enforcement agencies to contain one of the largest malware outbreaks of its time. The effort illustrated how shared intelligence and coordinated responses could significantly reduce the global impact of a rapidly spreading threat.

At the same time, however, Conficker also revealed a structural limitation that still affects many disruption efforts today. The collaboration was built around a specific threat and relied heavily on voluntary coordination, which meant that once the immediate crisis subsided, the mechanisms supporting that cooperation gradually dissolved.

Cybercriminal networks do not operate in that episodic way. Infrastructure is rebuilt quickly, affiliates migrate between criminal platforms, and malware toolkits evolve continuously as operators adapt to defensive measures. Because the adversary ecosystem operates without interruption, defenders cannot rely on temporary coalitions assembled in response to individual campaigns. Effectively disrupting cybercrime requires a persistent collaboration model that can analyze and target criminal ecosystems over time.

Mapping the Cybercrime Ecosystem

One initiative designed to support that shift is the Cybercrime Atlas, developed through the World Economic Forum’s Centre for Cybersecurity in collaboration with partners across industry, law enforcement, and academia. The Cybercrime Atlas focuses on mapping the relationships that define cybercrime operations, including the actors involved, the infrastructure they rely on, and the financial systems that enable them to monetize attacks.

By building a shared understanding of these ecosystems, the initiative allows participants to coordinate disruption strategies that target multiple layers of a criminal network rather than focusing on individual operators or isolated incidents. Threat intelligence teams provide visibility into malware campaigns and infrastructure usage patterns; technology companies identify malicious activity across platforms and hosting environments; financial institutions provide insight into the movement of illicit funds; and law enforcement agencies contribute investigative authority and the ability to pursue arrests and prosecutions.

When these perspectives are combined, disruption campaigns can address multiple points within the cybercrime supply chain simultaneously, increasing the likelihood that criminal operations will be meaningfully degraded rather than temporarily interrupted.

Turning Collaboration into Operational Capability

Although collaboration is widely recognized as essential in cybersecurity, operationalizing collaboration requires more than shared intent. Organizations must have mechanisms that enable intelligence to move securely across sectors and jurisdictions, and those mechanisms must support coordinated action rather than merely produce shared analysis.

Participants also need clearly defined operational roles so that once malicious infrastructure or actors are identified, organizations understand how and when to act. Technology providers may disable infrastructure used by threat actors, financial institutions may investigate suspicious transaction patterns, and law enforcement agencies may initiate investigations that lead to arrests and prosecutions.

Equally important, collaboration must be repeatable. Effective disruption cannot depend on a unique group of individuals or a one-time alignment of circumstances. Instead, it requires governance structures, operational processes, and trusted partnerships that allow coordinated campaigns to occur regularly and at scale.

The Cybercrime Atlas represents one attempt to provide this type of institutional framework, enabling partners to coordinate intelligence, investigations, and enforcement actions more consistently across the global cybersecurity community.

Shifting the Economics of Cybercrime

Cybercrime persists because it remains economically attractive. Criminal groups invest in attack infrastructure because the financial returns from ransomware, fraud, and data theft continue to outweigh the risks and operational costs associated with those activities.

For disruption efforts to have a lasting impact, they must focus on changing the economic model that sustains cybercrime. Repeated infrastructure takedowns force attackers to spend time and resources rebuilding their operational environments. Financial investigations and transaction monitoring can make monetizing attacks more difficult, particularly when illicit flows are traced across multiple jurisdictions. Arrests and prosecutions introduce uncertainty and erode trust within criminal networks that depend heavily on reputation and reliability.

Each of these outcomes introduces friction into the cybercrime supply chain. Over time, sustained disruption campaigns can raise the cost of operating criminal enterprises while reducing the reliability of the services those enterprises depend on.

Accountability Across the Digital Ecosystem

Achieving meaningful disruption requires participation from multiple sectors, each contributing capabilities that others cannot easily replicate. Technology providers often have the earliest visibility into malicious infrastructure and platform abuse, while threat intelligence teams track adversary tactics and infrastructure relationships across campaigns. Financial institutions provide insight into illicit financial flows, and law enforcement agencies translate those insights into investigations and legal consequences.

When these capabilities operate in isolation, their impact is limited. However, when they are aligned through coordinated campaigns, the combined effect can significantly weaken the operational resilience of cybercrime networks.

The partnerships represented in the RSAC session illustrate how these alignments are beginning to mature, with organizations across the private and public sectors contributing intelligence, investigative authority, and operational capability toward a shared objective.

The Importance of International Cooperation

Cybercrime groups intentionally exploit jurisdictional boundaries, often hosting infrastructure in one country, operating from another, and targeting victims worldwide. This global operating model makes international cooperation essential to effective disruption.

Organizations such as INTERPOL play a critical role in coordinating cross-border investigations and enabling national law enforcement agencies to work together on cybercrime cases. At the same time, private-sector organizations frequently possess the technical visibility needed to identify malicious infrastructure and to understand how criminal ecosystems function.

Combining investigative authority with industry intelligence significantly increases the likelihood that disruption campaigns will reach the individuals responsible for operating cybercrime networks rather than merely dismantling pieces of their infrastructure.

Building Regional Disruption Communities

Another important objective is to support the development of regional cybercrime-disruption communities. These groups bring together law enforcement agencies, cybersecurity companies, financial institutions, and academic researchers to address threats that are particularly relevant to their regions.

Regional collaboration allows participants to share intelligence more rapidly, coordinate disruption actions that reflect local threat environments, and build operational playbooks that can later contribute to global disruption campaigns. When these regional communities are connected through a broader international framework, the result is a networked approach to cybercrime disruption that mirrors the distributed structure of the adversary ecosystem.

Toward Sustained Cybercrime Disruption

The broader shift underway in cybersecurity involves moving from a model focused primarily on detection and response toward one that targets the structural foundations of cybercrime itself. Mapping criminal ecosystems, coordinating intelligence across sectors, and conducting sustained disruption campaigns against infrastructure and financial networks allows defenders to weaken the systems that allow cybercrime to scale.

No single organization can achieve this outcome alone. Cybercrime is a global challenge that requires coordination among governments, technology companies, financial institutions, international organizations, and cybersecurity researchers.

Conversations like that at RSAC demonstrate how collaboration can move from informal coordination to structured global action. As these efforts mature and expand, sustained disruption campaigns can gradually shift the economics of cybercrime toward higher risk, lower profitability, and greater accountability for those responsible.