SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Ludicrous cybercrime profit means Mafia no longer constrained to the streets
Tue, 12th Dec 2017
FYI, this story is more than a year old

Back in the day it was not uncommon for people to ransack stagecoaches and rob armoured trucks, but now they're robbing servers.

Malwarebytes recently unveiled a report on the new age of organised cybercrime, backed by the ‘New Mafia' that is accelerating the volume of attacks, sophistication and malice, which have increased 23 percent in 2017 versus 2016.

The cybersecurity provider says this new generation of cybercriminals increasingly resembles traditional Mafia organisations, not just in their professional coordination, but also in their willingness to intimidate and paralyse victims.

One of the most concerning figures surrounds ransomware, with attacks in 2017 through October already surpassing total figures for 2016 by 62 percent.

Furthermore, there was an almost 2,000 percent increase in ransomware detections since 2015. Ransomware detections increased more than tripled from 90,351 in January 2017 to 333,871 in October.

Malwarebytes CEO, Marcin Kleczynski says there are four distinct groups of cybercriminals within the ‘New Mafia' – traditional gangs, state-sponsored attackers, ideological hackers, and hackers for hire.

“Through greater vigilance and a comprehensive understanding of the cybercrime landscape, businesses can support the efforts of legislators and law enforcement, while also taking action into their own hands,” says Kleczynski.

The problem is that because of the rapid rise of cybercrime and the continued lack of clarity of how to handle it (particularly within policing), victim confidence is at an all-time low with those affected by cybercrime often embarrassed to talk about it.

Malwarebytes says this is true for both consumers and businesses, resulting in dangerous ramifications as firms bury their heads in the sand rather than being open to reduce further incidents.

The answer, according to the report, lies in educating and engaging the C-suite so that CEOs are as likely as IT departments to both recognise an attack and respond appropriately.

“CEOs will soon have little choice but to elevate cybercrime from a technology issue to a business-critical consideration,” says Kleczynski.

“The most damaging cyberattacks to businesses are the ones that go undetected for long stretches of time. In spite of high-profile occurrences over the last year, this report shows that many business executives may still have some knowledge gaps to fill.”

There is no shortage of excitement and anticipation surrounding the innovation that the Internet of Things (IoT) will bring, but the report asserts there is little information about its risks.

Ironically, the IoT will work to give the ‘New Mafia' further ammunition and avenues via which they can unleash havoc. For example, the report argues the IoT will enable crime to come full circle, potentially enabling someone to be physically executed by digitally hacking their internet-enabled pacemaker.

Therefore, it's clear that our understanding of, and legislation against, cybersecurity must “drastically improve.

According to Malwarebytes, despite the general acknowledgement of the severe reputational and financial risks of cybercrime, many business leaders are still underestimating their vulnerability to such attacks.

The solution, the report affirms, is all about coming together through collaborative awareness, knowledge sharing and proactive defences – which includes a shift from shaming businesses who have been hacked to actually engaging with them.