The new generation of cyber-criminals resemble traditional Mafia organizations, not just in their professional coordination, but also in their willingness to intimidate and paralyze victims.
A new report from Malwarebytes The New Mafia: Gangs and Vigilantes determines that there are four distinct groups of cyber-criminals: traditional gangs, state-sponsored attackers, ideological hackers and hackers-for-hire. The report said that the entrance of new participants has transformed cybercrime from isolated and individualized acts into pervasive, savage practices run by distinct groups of individuals.
“Similar to the criminal gangs that dominated major cities like New York in the 1930s, these new participants have largely been attracted by the potential for riches and power. Likewise, these newer perpetrators of cybercrime have increasingly resorted to fear, intimidation and a feeling of helplessness to achieve their aims. Similar to the mobsters who would muscle their way into a business and make demands, cyber-criminals are taking command of computers and sensitive personal information to threaten victims.”
Research from Malwarebytes determined that the number of attacks recorded in the first 10 months of 2017 surpassed the total for all of 2016.
“The average number of monthly attacks has also increased by 23% in 2017,” the report said. “2016 itself saw a spectacular rise in business-targeted cybercrime, with a 96% increase in attacks compared to the previous year.”
The report calls for businesses and consumers to fight back by acting as ‘vigilantes’ through greater collective awareness, knowledge sharing and proactive defenses. This includes a shift from shaming businesses who have been hacked and instead engaging with them – working together to fix the problem.
Speaking to Infosecurity, Marcin Kleczynski, CEO of Malwarebytes said that old gang-style organized crime has evolved into cybercrime, in a style of “old versus new mafia through technology advances.”
He added: “The game has shifted to corporate espionage, and it is undetectable at this point as you don’t need to manipulate the blueprints, you’re just copying them without leaving a trace behind. The idea that Boeing puts together a plan for a new plane and you can skip that stage and go straight to manufacturing.”
Kleczynski said that the most damaging cyber-attacks to businesses are the ones that go undetected for long stretches of time. “In spite of high-profile occurrences over the last year, this report shows that many business executives may still have some knowledge gaps to fill. CEOs will soon have little choice but to elevate cybercrime from a technology issue to a business-critical consideration.”