Story image

Ludicrous cybercrime profit means Mafia no longer constrained to the streets

12 Dec 2017

Back in the day it was not uncommon for people to ransack stagecoaches and rob armoured trucks, but now they’re robbing servers.

Malwarebytes recently unveiled a report on the new age of organised cybercrime, backed by the ‘New Mafia’ that is accelerating the volume of attacks, sophistication and malice, which have increased 23 percent in 2017 versus 2016.

The cybersecurity provider says this new generation of cybercriminals increasingly resembles traditional Mafia organisations, not just in their professional coordination, but also in their willingness to intimidate and paralyse victims.

One of the most concerning figures surrounds ransomware, with attacks in 2017 through October already surpassing total figures for 2016 by 62 percent.

Furthermore, there was an almost 2,000 percent increase in ransomware detections since 2015. Ransomware detections increased more than tripled from 90,351 in January 2017 to 333,871 in October.

Malwarebytes CEO, Marcin Kleczynski says there are four distinct groups of cybercriminals within the ‘New Mafia’ – traditional gangs, state-sponsored attackers, ideological hackers, and hackers for hire.

“Through greater vigilance and a comprehensive understanding of the cybercrime landscape, businesses can support the efforts of legislators and law enforcement, while also taking action into their own hands,” says Kleczynski.

The problem is that because of the rapid rise of cybercrime and the continued lack of clarity of how to handle it (particularly within policing), victim confidence is at an all-time low with those affected by cybercrime often embarrassed to talk about it.

Malwarebytes says this is true for both consumers and businesses, resulting in dangerous ramifications as firms bury their heads in the sand rather than being open to reduce further incidents.

The answer, according to the report, lies in educating and engaging the C-suite so that CEOs are as likely as IT departments to both recognise an attack and respond appropriately.

“CEOs will soon have little choice but to elevate cybercrime from a technology issue to a business-critical consideration,” says Kleczynski.

“The most damaging cyberattacks to businesses are the ones that go undetected for long stretches of time. In spite of high-profile occurrences over the last year, this report shows that many business executives may still have some knowledge gaps to fill.” 

There is no shortage of excitement and anticipation surrounding the innovation that the Internet of Things (IoT) will bring, but the report asserts there is little information about its risks.

Ironically, the IoT will work to give the ‘New Mafia’ further ammunition and avenues via which they can unleash havoc. For example, the report argues the IoT will enable crime to come full circle, potentially enabling someone to be physically executed by digitally hacking their internet-enabled pacemaker.

Therefore, it’s clear that our understanding of, and legislation against, cybersecurity must “drastically improve.”

According to Malwarebytes, despite the general acknowledgement of the severe reputational and financial risks of cybercrime, many business leaders are still underestimating their vulnerability to such attacks.

The solution, the report affirms, is all about coming together through collaborative awareness, knowledge sharing and proactive defences – which includes a shift from shaming businesses who have been hacked to actually engaging with them.

Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
Online attackers abusing Kiwis' generosity in wake of Chch tragedy
It doesn’t take some people long to abuse people’s kindness and generosity in a time of mourning.
Ransomware’s decline equals cryptomining’s rise
ESET’s Security Days Conference recently took place to go over the current threat environment and what to look out for next.
IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.
ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.
Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."