Stories of hacks, pervasive breaches and huge data thefts are still dominating the news. Recent high-profile attacks include Dutch banks ABN Amro, Rabobank and ING where services were extremely slow or rendered completely unavailable by a DDoS attack. Although the specifics of cybercrime may be unclear to many, we can draw parallels between the approach, structure and malice of these attacks that were historically practiced by traditional mafia gangs.
Worryingly, these kinds of online attacks can be as devastating as real-world crime. For instance, ILoveYou, also known as Love Bug or Love Letter, was a worm spread via email with an attachment which overwrote random types of files, including Office files, image files, and audio files. It then sent itself to all of the addresses in Windows Address Book, causing it to spread rapidly.
The worm was thought to have caused up to $8.7 billion in damages worldwide and a further $15 billion was required to remove it. An estimated 10% of the world’s internet-connected computers are thought to have been affected. The Petya attack is another recent example of how dangerous these kinds of attacks can be and how quickly they can spread.
The new gangs
Crucial to beating these new gangs is understanding their motives and operations. These online operators are comparable to traditional crime families, with four distinct groups emerging. These are:
1. Traditional gangs – Taking the motivations of traditional organised gangs (the theft and sale of goods to the online world) this group is comprised of pre-existing groups and hackers that are co-opting those with the skills to help them remain on top, without being affected by the disruption brought by the internet.
2. State-sponsored attackers – This group is interested in sabotage and corporate theft, with the aim of stealing information and interfering with political activity. Blurring the boundaries of cybercrime and cyber warfare, their actions may be subtler than others but are no less devastating.
>See also: 2017 was the year that defined cybercrime
3. Ideological hackers – Often attempting to use the threat of leaking classified information, this gang is renowned for acting on what they deem moral and ethical duty. They can often pressure their victims to act in their favour by seeking to destroy the reputations of high profile organisations and individuals.
4. Hackers-for-hire – Comparable to paid guns-for-hire, these individuals operate with an emphasis on the reliability of their service. The most significant change here is the vanishing of the need for technical knowledge. Would-be cyber criminals now no longer need to learn the appropriate skills, but can instead pay to the carry out of their crimes.
The growing sophistication of these emerging groups and the ability to evade detection means that in some cases, businesses may only realise they have been a victim months or years down the line. The various ways in which they can be targeted, such as IP theft, data breaches and theft of funds can lead to confusion around the size and scope of threats.
A business, not an IT issue
This variety should force business leaders into considering some hard truths about cybercrime. More often than not, it is considered the domain of CIOs and IT departments, with technologists more likely to be honest about the potential threats being faced. This is a flawed approach as the strategies needed to combat these complex attacks should to be central to general business plans – making it the domain of chief executives.
From reception desks to external vendors, there is an endless array of potential vulnerability points within any organisation. The idea of a CEO championing cybersecurity will evoke a bigger shift towards recognising that knowledge of security practices have permeate across a business and from the top down.
These new gangs may seem far reaching and impossible to bring out of the shadows, but individuals and businesses have a chance to be the vigilantes in this fight. Pooling collective knowledge and building awareness will not only shed light on the nefarious activity being carried out by these elusive gangs. It will also foster a ‘no fear’ attitude when it comes to sharing how you have been affected – and learn for each others experiences.
However, because cybercrime is relatively emergent in comparison to traditional crime, there is still some resistance among legislators to recognise its financial and emotional toll. This will lead to an underreporting of this kind of crime and further add to the feeling of helplessness of the victim.
Public shaming is a mistake as no one is immune to a cyber attack. If treated as a learning experience where there is no fear of punishment or reprisal, we will create an environment where confidence is built and the flow of information is encouraged. Creating a network were the risks are better communicated will enable businesses and individuals alike to better identify and avert threats as soon as possible.
Without accepting, sharing and learning from our experiences, these groups will continue to operate underground, much like their historical counterparts. Rather than minimising the blow and covering up the damage of cybercrime, businesses now have the opportunity to fight back. So let’s start today.
Sourced by Marcin Kleczynski, CEO and founder at Malwarebytes