Story image

Ludicrous cybercrime profit means Mafia no longer constrained to the streets

12 Dec 17

Back in the day it was not uncommon for people to ransack stagecoaches and rob armoured trucks, but now they’re robbing servers.

Malwarebytes recently unveiled a report on the new age of organised cybercrime, backed by the ‘New Mafia’ that is accelerating the volume of attacks, sophistication and malice, which have increased 23 percent in 2017 versus 2016.

The cybersecurity provider says this new generation of cybercriminals increasingly resembles traditional Mafia organisations, not just in their professional coordination, but also in their willingness to intimidate and paralyse victims.

One of the most concerning figures surrounds ransomware, with attacks in 2017 through October already surpassing total figures for 2016 by 62 percent.

Furthermore, there was an almost 2,000 percent increase in ransomware detections since 2015. Ransomware detections increased more than tripled from 90,351 in January 2017 to 333,871 in October.

Malwarebytes CEO, Marcin Kleczynski says there are four distinct groups of cybercriminals within the ‘New Mafia’ – traditional gangs, state-sponsored attackers, ideological hackers, and hackers for hire.

“Through greater vigilance and a comprehensive understanding of the cybercrime landscape, businesses can support the efforts of legislators and law enforcement, while also taking action into their own hands,” says Kleczynski.

The problem is that because of the rapid rise of cybercrime and the continued lack of clarity of how to handle it (particularly within policing), victim confidence is at an all-time low with those affected by cybercrime often embarrassed to talk about it.

Malwarebytes says this is true for both consumers and businesses, resulting in dangerous ramifications as firms bury their heads in the sand rather than being open to reduce further incidents.

The answer, according to the report, lies in educating and engaging the C-suite so that CEOs are as likely as IT departments to both recognise an attack and respond appropriately.

“CEOs will soon have little choice but to elevate cybercrime from a technology issue to a business-critical consideration,” says Kleczynski.

“The most damaging cyberattacks to businesses are the ones that go undetected for long stretches of time. In spite of high-profile occurrences over the last year, this report shows that many business executives may still have some knowledge gaps to fill.” 

There is no shortage of excitement and anticipation surrounding the innovation that the Internet of Things (IoT) will bring, but the report asserts there is little information about its risks.

Ironically, the IoT will work to give the ‘New Mafia’ further ammunition and avenues via which they can unleash havoc. For example, the report argues the IoT will enable crime to come full circle, potentially enabling someone to be physically executed by digitally hacking their internet-enabled pacemaker.

Therefore, it’s clear that our understanding of, and legislation against, cybersecurity must “drastically improve.”

According to Malwarebytes, despite the general acknowledgement of the severe reputational and financial risks of cybercrime, many business leaders are still underestimating their vulnerability to such attacks.

The solution, the report affirms, is all about coming together through collaborative awareness, knowledge sharing and proactive defences – which includes a shift from shaming businesses who have been hacked to actually engaging with them.

Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.