Cybercrime Atlas: An Effective Approach to Collaboration in Cybersecurity

As the saying goes, "There is strength in numbers," which holds true when fighting cybercrime. Collaborating across organizations, industries, and borders is one of the most effective actions we can collectively take to address these pressing issues and disrupt threat actor activity. Cultivating relationships and sharing information creates trust, and greater trust among public and private entities paves the way for more intelligence sharing to enable us all to stay ahead of our adversaries.

Fortinet has a long-standing commitment to fostering public-private partnerships, playing a leading role in efforts such as the MITRE Engenuity Center for Threat Informed Defense, the NATO Industry Cyber Partnership, and INTERPOL Gateway, among others. We also collaborate closely with the World Economic Forum on numerous initiatives. Fortinet was a founding member of its Centre for Cybersecurity in 2019 and actively contributed to the Partnership Against Cybercrime (PAC), the AI and Cyber Initiative, and the Strategic Cybersecurity Talent Framework. Fortinet was also one of the four founding members of the Cybercrime Atlas project, working on the proof of concept of the initiative from 2022 to 2023 and operationalizing the project last year.

The Cybercrime Atlas is a collaborative effort to build an action-oriented, global knowledge base​ on cybercrime to power the mitigation and disruption of cybercrime at scale. Building on the expertise of the forum's PAC, the initiative is developing a comprehensive picture of the cybercrime landscape that details criminal operations, shared infrastructure, and networks to help law enforcement and government agencies take down cybercriminals and their infrastructure worldwide.

Now that the Cybercrime Atlas project has been operational for 12 months, the World Economic Forum recently published an impact report detailing the progress made to date through this initiative. As our industry looks to enhance and form new partnerships to disrupt global cybercrime, the success of the Cybercrime Atlas project offers vital insights that can be applied to other similar efforts.

From Project Inception to Cross-Border Disruption Campaigns

Launched in 2023 with Fortinet, Banco Santander, Microsoft, and PayPal support, the Cybercrime Atlas has since expanded to include 23 private sector organizations and individual contributors. These organizations and experts provide deep subject matter expertise, along with leading tools and investigative platforms. As a result, the Cybercrime Atlas continues to scale its efforts, promoting new approaches to and accelerating cybercrime disruption.

In a world where cyber defenders often work alone, the Cybercrime Atlas offers an opportunity to multiply the impact of individual efforts. In the project's first year, Cybercrime Atlas contributors shared over 10,000 community-vetted and actionable data points, created seven comprehensive intelligence packages on emerging threats for distribution to cybersecurity defenders, and supported two cross-border cybercrime disruption campaigns. As the group begins scoping the next phase of the project's evolution, the processes and feedback mechanisms between the Cybercrime Atlas community and public sector partners are already helping to enhance research quality and speed production rates.

Critical Elements of an Effective Public-Private Partnership

Although global, cross-industry collaboration often sounds promising in theory but presents challenges in execution, the Cybercrime Atlas initiative is a strong example of an effective collaboration model.

Typically, there are inherent hurdles associated with threat intelligence sharing, ranging from the need to gather data from disparate sources to adherence to strict compliance requirements. To eliminate these barriers, the Cybercrime Atlas community decided to rely strictly on open-source intelligence (OSINT). Relying on OSINT reduces data-sharing and privacy concerns, includes numerous rich data sources, facilitates easy collaboration between experts in various countries, and helps build a more complete understanding of adversaries and their activities.

The Cybercrime Atlas draws on expertise worldwide and targets cybercrime activity globally. Since many threat groups are transnational and have multiple operation centers, a global approach is vital to effectively disrupting cybercrime.

Finally, the Cybercrime Atlas research findings specifically support the disruption of cybercrime because they pinpoint where threat actors and their operations are the most vulnerable. This gives the defender community actionable insights to identify choke points in the cybercriminal ecosystem so they can target those, resulting in domain takedowns, communications account closures, crypto wallet seizures, bank account freezes, and more.

Coordinated Global Disruption at Scale

The Cybercrime Atlas community takes a unique and impactful approach to public-private collaboration to fight cybercrime. Efforts like these are increasingly crucial as the threat landscape intensifies. Effectively halting cybercrime requires a global and collaborative approach.

Since the program's launch, security teams around the globe have expanded their knowledge of organized cybercrime efforts thanks to the Cybercrime Atlas initiative. By collectively gaining valuable insights, we are working together to operationalize and coordinate disruption at pivotal points proactively. This positions defenders to move beyond the typical reactive game of whack-a-mole that we often engage in with our adversaries.

Looking ahead, we're excited to continue our work with private and public sector leaders through the Cybercrime Atlas initiative. Together, we will find new opportunities to make our digital world safer and more resilient for all.