Threat No. 2: Small-time cons -- and the money mules and launders supporting them
Not all cyber criminal organizations are syndicates or corporations. Some are simply entrepreneurial in nature, small businesses after one thing: money.
These malicious mom-and-pop operations may steal identities and passwords, or they may cause nefarious redirection to get it. In the end, they want money. They initiate fraudulent credit card or banking transactions and convert their ill-gotten gains into local currency using money mules, electronic cash distribution, e-banking, or some other sort of money laundering.
It's not hard to find money launders. There are dozens to hundreds of entities competing to be the one that gets to take a large percentage cut of the illegally procured loot. In fact, you'd be surprised at the competitive and public nature of all the other people begging to do support business with Internet criminals. They advertise "no questions asked," "bulletproof" hosting in countries far from the reaches of legal subpoenas, and they offer public bulletin boards, software specials, 24/7 telephone support, bidding forums, satisfied customer references, antimalware avoidance skills, and all the servicing that helps others to be better online criminals. Many of these groups make tens of millions of dollars each year.
Many of these groups and the persons behind them have been identified (and arrested) over the past few years. Their social media profiles show happy people with big houses, expensive cars, and content families taking foreign vacations. If they're the slightest bit guilty from stealing money from others, it doesn't show.
Imagine the neighborhood barbeques where they tell neighbors and friends that they run an "Internet marketing business" -- all the while social engineering their way to millions to the consternation of IT security pros who have done just about everything you can to protect users from themselves.
Threat No. 3: Hacktivists
Whereas exploit bragging was not uncommon in the early days, today's cyber criminal seeks to fly under the radar -- with the exception of the growing legions of hacktivists.
These days IT security pros have to contend with an increasing number of loose confederations of individuals dedicated to political activism, like the infamous Anonymous group. Politically motivated hackers have existed since hacking was first born. The big change is that more and more of it is being done in the open, and society is readily acknowledging it as an accepted form of political activism.
Political hacking groups often communicate, either anonymously or not, in open forums announcing their targets and hacking tools ahead of time. They gather more members, take their grievances to the media to drum up public support, and act astonished if they get arrested for their illegal deeds. Their intent is to embarrass and bring negative media attention to the victim as much as possible, whether that includes hacking customer information, committing DDoS (distributed denial of service) attacks, or simply causing the victim company additional strife.
More often than not, political hacktivism is intent on causing monetary pain to its victim in an attempt to change the victim's behavior in some way. Individuals can be collateral damage in this fight, and regardless of whether one believes in the hacktivist's political cause, the intent and methodology remain criminal.