Security vendor Malwarebytes has unveiled a report looking at organised cybercrime. It claims that cyber-attacks on businesses increased by an average of 23 percent per month in 2017 compared to the previous year. In some areas such as ransomware, the increase is more than 20 times that of 2016.
At the heart of this increase is a ‘New Mafia’ that has embraced technology and is exploiting poor security. The report entitled ‘The New Mafia: Gangs and Vigilantes, A Guide to Cybercrime for CEOs’ can be downloaded here (registration required)
According to Marcin Kleczynski, CEO of Malwarebytes: “The ‘New Mafia’, identified by our report, is characterized by the emergence of four distinct groups of cybercriminals: traditional gangs, state-sponsored attackers, ideological hackers and hackers-for-hire. Through greater vigilance and a comprehensive understanding of the cybercrime landscape, businesses can support the efforts of legislators and law enforcement, while also taking action into their own hands.”
Kleczynski went on to say: “CEOs will soon have little choice but to elevate cybercrime from a technology issue to a business-critical consideration. The most damaging cyberattacks to businesses are the ones that go undetected for long stretches of time. In spite of high-profile occurrences over the last year, this report shows that many business executives may still have some knowledge gaps to fill.”
A New Mafia much like the old Mafia
There should be no surprise that organised crime sees cybercrime as a lucrative business opportunity. It has long relied on burglary (data theft/breaches), intimidation (DDoS), kidnapping (ransomware), theft (CEO fraud) and black market activities (dark web). Cybercrime offers these organisations an opportunity to carry out these activities from afar. This, they believe, affords them greater protection. In this they are seemingly correct. Law enforcement around the world has a woeful record when it comes to bringing cybercriminals to justice.
Malwarebytes refers to four ‘new’ grouping of gangs. They are:
- Traditional Gangs: This represents groups of hackers who have formed their own criminal enterprises. They operate in a similar way to the traditional crime families and there is evidence of some even being employed by those families.
- State Sponsored Attackers: People think of spies as a military thing. This is wrong. Spies have been key to many countries economic success through the theft of intellectual property and goods. The rise of the state-sponsored hacking group spans everything from military to paramilitary operations, probing the critical national infrastructure of other nations and the theft of sensitive government, military and commercial data.
- Ideological Hackers: Hacktivism has grown out of the protest movements around the world. It allows them to have a greater impact on their targets and has moved on from simply defacing websites. Today it includes DDoS attacks and even data thefts as they look to expose embarrassing data about the organisations and even countries they are targeting.
- Hackers-for-Hire: Gangs of hackers, generally with no scruples or morals. Hacking is their business and they are happy to work for whoever pays them. This is a huge market and many rely on the tools they can buy or rent from the dark net. The skills entry point for this group is very low but its biggest impact is volume rather than necessarily advanced skills.
Is the solution vigilantes?
The word vigilante is always emotive. It brings to mind images of gangs of people roaming town, cities and the countryside handing out their own personal brand of justice. In the US, this is something that could be seen in cyberspace. The Active Cyber Defense Certainty Act, if approved, would give organisations a right to act against hackers.
However, what Malwarebytes is focusing on is the sharing of intelligence on cybercrimes. Part of that comes from the intelligence and cybersecurity industry. However, it also believes that there is more to be done by organisations and individuals. Better reporting mechanisms and removing the shame of being a victim are part of this. Interestingly, it is not the only security company who believes that pillorying companies for data breaches is counter productive.
Walking around Black Hat Europe this week we asked vendors should we ‘out’ companies over breaches? The majority agreed with Malwarebytes that the current headlines were not helpful and many suggested that they knew of clients who would pay to make the situation go away. None, of course, was willing to talk on a podcast about the issue.
What does this mean?
Cybercrime is rising faster than any other crime at any other point in history. It is seen by many who carry it out as victimless because they often have little to no contact with their victims. Crimes such as identity theft can have a long term impact on the victims that can last years.
Other crimes, such as ransomware which has grown three-fold since January 2017, can shutdown companies. Those companies support hundreds, sometimes thousands of workers and their dependants. As with the attacks against the NHS, it can also cause the risk of death when hospitals have to cancel operations and treatment.
Regulatory moves such as GDPR seek to improve how data is protected. The challenge for companies is that they will feel they are a squeezed middle. They have cybercriminals on one side seeking to steal their data and put them out of business. On the other side are regulators who are also threatening fines that could be business ending.
Can regulators, law enforcement and the cybersecurity industry really help organisations and individuals stay safe? In some parts of the world the mafia are still very powerful but their power has diminished over time. In cyberspace, they are the new kings but for how much longer?