The McAfee blog gave an interesting perspective on an area we do not look at too closely normally.
Underground cybercrime profits in China have likely already exceeded US$15.1 billion (100 billion Chinese yuan); caused more than $13.8 billion (91.5 billion yuan) worth of damage relating to data loss, identity theft, and fraud; and will grow at an even faster pace as underground hackers expand international business operations to increasingly target foreign businesses, according to one Chinese report.
Advanced hacking tools such as botnets, control server infrastructure, remote access tools, malware creation and obfuscation services, source-code writing services, and targeted exploitation toolkits are available on underground markets.
The upshot of the report is that the Chinese cybercrime underground mostly targets Chinese citizens and businesses. However, a growing number of criminal groups offer hacking services that target foreign websites or businesses.
These underground criminal groups are stealthy and have gradually grown in sophistication through an institutionalized chain of command, and by setting master-and-apprentice relationships to expand their business operations.
They offer a variety of malicious tools and hacking services through instant messaging networks like Tencent and have established successful surreptitious transaction processes. For example, Tencent QQ, is an instant messaging software service that also offers online social games, music, shopping, microblogging, movies, and group and voice chat software.
Any multinational with an operating company in China would be smart to step their employees through new-school security awareness training so that they are an effective human firewall against criminal hacking attempts.
We strongly recommend to phish your own users to prevent these types of very expensive snafus. If you're wondering how many people in your organization are susceptible to phishing, here is a free phishing security test (PST):