Cybercrime continues to boom, compounded by a growing cybercrime as a service (CaaS) portfolio that is a catalyst to routine attacks we are observing at FortiGuard Labs and through FortiRecon. This includes the usual suspects from combo list sales, DDoS and Ransom as a Service – but also prevalent new models such as Initial Access Brokers which are high risk, high reward in nature. While threat actors continue to focus on Reconnaissance for strategic attacks, it’s imperative that we shine the light back on them through solutions including SecOps & External Attack Surface Management. This talk will unveil research examples of modern cybercrime services, marketplace & ecosystem on the darkweb, and try to answer the golden question of who is behind these attacks? Industry initiatives to disrupt this growing ecosystem will be discussed, including Cybercrime Atlas under the World Economic Forum.