Story image

Ludicrous cybercrime profit means Mafia no longer constrained to the streets

12 Dec 2017

Back in the day it was not uncommon for people to ransack stagecoaches and rob armoured trucks, but now they’re robbing servers.

Malwarebytes recently unveiled a report on the new age of organised cybercrime, backed by the ‘New Mafia’ that is accelerating the volume of attacks, sophistication and malice, which have increased 23 percent in 2017 versus 2016.

The cybersecurity provider says this new generation of cybercriminals increasingly resembles traditional Mafia organisations, not just in their professional coordination, but also in their willingness to intimidate and paralyse victims.

One of the most concerning figures surrounds ransomware, with attacks in 2017 through October already surpassing total figures for 2016 by 62 percent.

Furthermore, there was an almost 2,000 percent increase in ransomware detections since 2015. Ransomware detections increased more than tripled from 90,351 in January 2017 to 333,871 in October.

Malwarebytes CEO, Marcin Kleczynski says there are four distinct groups of cybercriminals within the ‘New Mafia’ – traditional gangs, state-sponsored attackers, ideological hackers, and hackers for hire.

“Through greater vigilance and a comprehensive understanding of the cybercrime landscape, businesses can support the efforts of legislators and law enforcement, while also taking action into their own hands,” says Kleczynski.

The problem is that because of the rapid rise of cybercrime and the continued lack of clarity of how to handle it (particularly within policing), victim confidence is at an all-time low with those affected by cybercrime often embarrassed to talk about it.

Malwarebytes says this is true for both consumers and businesses, resulting in dangerous ramifications as firms bury their heads in the sand rather than being open to reduce further incidents.

The answer, according to the report, lies in educating and engaging the C-suite so that CEOs are as likely as IT departments to both recognise an attack and respond appropriately.

“CEOs will soon have little choice but to elevate cybercrime from a technology issue to a business-critical consideration,” says Kleczynski.

“The most damaging cyberattacks to businesses are the ones that go undetected for long stretches of time. In spite of high-profile occurrences over the last year, this report shows that many business executives may still have some knowledge gaps to fill.” 

There is no shortage of excitement and anticipation surrounding the innovation that the Internet of Things (IoT) will bring, but the report asserts there is little information about its risks.

Ironically, the IoT will work to give the ‘New Mafia’ further ammunition and avenues via which they can unleash havoc. For example, the report argues the IoT will enable crime to come full circle, potentially enabling someone to be physically executed by digitally hacking their internet-enabled pacemaker.

Therefore, it’s clear that our understanding of, and legislation against, cybersecurity must “drastically improve.”

According to Malwarebytes, despite the general acknowledgement of the severe reputational and financial risks of cybercrime, many business leaders are still underestimating their vulnerability to such attacks.

The solution, the report affirms, is all about coming together through collaborative awareness, knowledge sharing and proactive defences – which includes a shift from shaming businesses who have been hacked to actually engaging with them.

Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.