Cyber-attacks up 23% as the ‘New Mafia’ hit town

| January 2, 2018

Malwarebytes, one of the world’s most popular anti-malware companies, has revealed that cyber-attacks climbed by almost a quarter in 2017.

The growth in the sophistication and malice of organised online criminal activity matched its increase in sheer volume and the firm blames a ‘new mafia’ akin to the infamous American crime gangs of the 1920s and 30s.  

This new generation of cyber-criminals resembles traditional Mafia organisations in their professional coordination, brazen activities and willingness to intimidate and paralyse their victims.

The ‘New Mafia’ identified by the report comprise four distinct groups of cybercriminals: traditional gangs, state-sponsored attackers, ideological hackers and hackers-for-hire.

Active mitigation measures are now required to protect systems and data, given the impotence of law enforcement and the failure of passive measures to maintain security.

The escalating scale of assault

The average monthly volume of attacks on businesses around the world increased by 23% in 2017 compared to the previous year, with ransomware attacks from January to October surpassing the total figure for the whole of 2016 by 62%.

Ransomware detections have increased a staggering 2,000% since 2015, with hundreds of thousands of detections recorded in September 2017, for example, compared to less than 16,000 in the same month two years ago.  The rate of increase continues to increase, with ransomware infections growing more than three-fold from 90,351 in January 2017 to 333,871 in October.

The growth of cybercrime and weak or uncertain advice about how to tackle it is undermining business confidence.  Citizens’ instinctive trust that the authorities are willing and able to handle the threat is undermined by the long standing powerlessness of national law enforcement to tackle international crime.

The fight against online crime is also hampered by the reluctance of corporate victims to admit data breaches, particularly if sensitive data has been lost or lax security measures were factors in the incident.  This silence can have dangerous ramifications in the commercial sphere as customer information can be compromised without their knowledge and lead to additional breaches of security.

Turning the tide

Marcin Kleczynski, the CEO of Malwarebytes, urges firms to fight back, rather than succumb to fatalism or hide behind secrecy, ignorance or apathy. He remains confident that “through greater vigilance and a comprehensive understanding of the cybercrime landscape, businesses can support the efforts of legislators and law enforcement, while also taking action into their own hands.”

Greater corporate involvement will require the engagement and education of the ‘C-suite‘ to ensure that CEOs as well as IT departments understand the importance of cyber-security to every facet of their operations and invest in proper training and IT countermeasures.

It should not be left to a handful of experts to recognize the signs of an attack and respond appropriately, just as every employee must now become responsible for guarding against socially engineered intrusions.

“CEOs will soon have little choice but to elevate cybercrime from a technology issue to a business-critical consideration,” said Kleczynski. “The most damaging cyberattacks to businesses are the ones that go undetected for long stretches of time. In spite of high-profile occurrences over the last year, this report shows that many business executives may still have some knowledge gaps to fill.”

Despite acknowledging the severe reputational and financial risks of cybercrime as a concept, many businesses continue to underestimate their own vulnerability to such activities or pass the risk to their customers. The report urges businesses and consumers to unite and fight back by acting as ‘vigilantes’ through greater collective awareness, knowledge sharing and proactive defenses.

This new approach should include a shift from shaming businesses which have been hacked to engaging them to improve mutual defences. Only when such issues are openly acknowledged and discussed can society unite to tackle the rampant economic and increasingly political threat that they pose.

The future of Cyber-Crime

The report also considers the implications of developing technological trends.  The increasing use of Internet of Things (IoT) devices may allow physical locks to be hacked and opened, for example, or security cameras compromised. 

In a worst case scenario, future autonomous vehicles could be diverted or stolen and even murder could be committed by the malicious disruption of internet-enabled heart pacemakers or other embedded medical devices.

The breakneck pace of technological innovation will always be matched by the ingenuity of criminals to exploit it for their own ends.  While public understanding of cyber-security, and legislation against cyber-crime, must improve, software developers and hardware manufacturers should also take much greater steps to embed security into their designs.

End to end cyber-security must become as pervasive as the use of technology itself if the rising tide of criminal exploitation is to be turned in 2018.