Story image

Ludicrous cybercrime profit means Mafia no longer constrained to the streets

12 Dec 17

Back in the day it was not uncommon for people to ransack stagecoaches and rob armoured trucks, but now they’re robbing servers.

Malwarebytes recently unveiled a report on the new age of organised cybercrime, backed by the ‘New Mafia’ that is accelerating the volume of attacks, sophistication and malice, which have increased 23 percent in 2017 versus 2016.

The cybersecurity provider says this new generation of cybercriminals increasingly resembles traditional Mafia organisations, not just in their professional coordination, but also in their willingness to intimidate and paralyse victims.

One of the most concerning figures surrounds ransomware, with attacks in 2017 through October already surpassing total figures for 2016 by 62 percent.

Furthermore, there was an almost 2,000 percent increase in ransomware detections since 2015. Ransomware detections increased more than tripled from 90,351 in January 2017 to 333,871 in October.

Malwarebytes CEO, Marcin Kleczynski says there are four distinct groups of cybercriminals within the ‘New Mafia’ – traditional gangs, state-sponsored attackers, ideological hackers, and hackers for hire.

“Through greater vigilance and a comprehensive understanding of the cybercrime landscape, businesses can support the efforts of legislators and law enforcement, while also taking action into their own hands,” says Kleczynski.

The problem is that because of the rapid rise of cybercrime and the continued lack of clarity of how to handle it (particularly within policing), victim confidence is at an all-time low with those affected by cybercrime often embarrassed to talk about it.

Malwarebytes says this is true for both consumers and businesses, resulting in dangerous ramifications as firms bury their heads in the sand rather than being open to reduce further incidents.

The answer, according to the report, lies in educating and engaging the C-suite so that CEOs are as likely as IT departments to both recognise an attack and respond appropriately.

“CEOs will soon have little choice but to elevate cybercrime from a technology issue to a business-critical consideration,” says Kleczynski.

“The most damaging cyberattacks to businesses are the ones that go undetected for long stretches of time. In spite of high-profile occurrences over the last year, this report shows that many business executives may still have some knowledge gaps to fill.” 

There is no shortage of excitement and anticipation surrounding the innovation that the Internet of Things (IoT) will bring, but the report asserts there is little information about its risks.

Ironically, the IoT will work to give the ‘New Mafia’ further ammunition and avenues via which they can unleash havoc. For example, the report argues the IoT will enable crime to come full circle, potentially enabling someone to be physically executed by digitally hacking their internet-enabled pacemaker.

Therefore, it’s clear that our understanding of, and legislation against, cybersecurity must “drastically improve.”

According to Malwarebytes, despite the general acknowledgement of the severe reputational and financial risks of cybercrime, many business leaders are still underestimating their vulnerability to such attacks.

The solution, the report affirms, is all about coming together through collaborative awareness, knowledge sharing and proactive defences – which includes a shift from shaming businesses who have been hacked to actually engaging with them.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Verifi takes spot in Deloitte Asia Pacific Fast 500
"An increasing amount of companies captured by New Zealand’s Anti-Money laundering legislation are realising that an electronic identity verification solution can streamline their customer onboarding."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.