lolloj - Fotolia
The new generation of cyber criminals increasingly resembles traditional mafia organisations, requiring a new approach to dealing with it, according to a report by security firm Malwarebytes.
Cyber criminals have the same professional organisation as mafia gangs of the 1930s, but they also share a willingness to intimidate and paralyse victims, the report shows.
Malwarebytes’ analysis also shows that, in spite of acknowledging the severe reputational and financial risks of cyber crime, many business leaders greatly underestimate their vulnerability to such attacks.
The report calls for businesses and consumers to fight back by acting as “vigilantes” through greater collective awareness, knowledge sharing and proactive defenses. This includes a shift from shaming businesses that have been hacked to engaging with them and working together to fix the problem.
Businesses must also heighten their awareness of cyber crime, and take a realistic view towards the likelihood of attack. The vast impacts of these attacks, the report said, mean that cyber crime must be elevated from a tech issue to a business-critical consideration.
Malwarebytes’ data demonstrates the urgent need for such a shift in approach by highlighting the capacity of these fast-maturing gangs to inflict greater damage on businesses.
The new cyber mafia, the report said, is accelerating the volume of attacks, with the average monthly volume of attacks in 2017, up 23% compared with 2016. In the UK, the report said 28% of businesses had experienced a “serious” cyber attack in the past 12 months.
Ransomware attacks detected by Malwarebytes show that the number of attacks in 2017 from January to October was 62% greater than the total for 2016.
In addition, detections are up 1,989% since 2015, reaching hundreds of thousands of detections in September 2017, compared with fewer than 16,000 in September 2015. In 2017, ransomware detections rose from 90,351 in January to 333,871 in October.
“The new mafia, identified by our report, is characterised by the emergence of four distinct groups of cyber criminals: traditional gangs, state-sponsored attackers, ideological hackers and hackers-for-hire,” said Marcin Kleczynski, CEO of Malwarebytes.
“Through greater vigilance and a comprehensive understanding of the cyber crime landscape, businesses can support the efforts of legislators and law enforcement, while also taking matters into their own hands.”
Crime comes ‘full circle’
Malwarebytes argues that the growth of cyber crime and a lack of clarity over how best to police it is damaging victim confidence, with those affected by cyber crime often too embarrassed to speak out.
This is true for consumers and businesses alike, the report said, and can have dangerous ramifications as firms bury their heads in the sand instead of working to reduce future incidents.
The report suggests that the answer lies in engaging and educating the C-suite so that CEOs are as likely as IT departments to recognise the signs of an attack and be able to respond appropriately.
“The most damaging cyber attacks to businesses are the ones that go undetected for long stretches of time. In spite of high-profile occurrences over the past year, this report shows that many business executives may still have some knowledge gaps to fill,” said Kleczynski.
“CEOs will soon have little choice but to elevate cyber crime from a technology issue to a business-critical consideration,” he said.
The report concludes by looking at the future of cyber crime, arguing that the internet of things (IoT) will enable crime to come full circle, so that rather than a downtown shooting, executions can be enacted digitally – for instance, by hacking an internet-enabled pacemaker.
However, Malwarebytes believes that if such attacks can be foreseen, governments should be able to legislate against them.
The report concludes that knowledge, awareness and intelligence are the best weapons against the new gangs of cyber crime, and that individuals and businesses have to play an important role alongside law enforcement agencies governments and other bodies.
“Rather than sit back and minimise the blow from cyber crime, individuals and businesses must take the same actions that previous generations of vigilantes once did against the fearsome syndicates of their day: fight back,” the report said.
The report, The new mafia: gangs and vigilantes – a guide to cybercrime for CEOs, features original data and insight taken from a global panel of experts from a variety of disciplines including PricewaterhouseCoopers (PwC), Leeds University, University of Sussex, the Centre for Cyber Victim Counselling in India and the University of North Carolina.