Cyber criminals are becoming more clever as each day goes by, adopting new technology techniques never seen before. How can users fight against those who cannot be tracked, traced or exploited?
Most of you will have watched American Gangster. If you haven’t, you should. In the film you’ve got mobsters at the top of the chain – like Frank Lucas – who intimidate victims into getting what they want, whether that’s rent from businesses or money for drugs, using guns and muscle as their weapons.
Now picture the film in today’s world. Instead of American Gangster, it would be called American Hacker, all Frank Lucas would need is a piece of code (bought or written himself), a laptop and semi-decent internet connection. Instead of hiring thugs on the streets he could sell his ‘produce’ on the dark web. All from the comfort of his home. And instead of hiding wads of cash in his family home, his currency would instead, of course, be bitcoin.
The terrifying part of this hypothetical scenario is these cybercriminals, unlike previous Mafiosos – leave little to no trace behind. And this is why they are the New Mafia of today’s world.
If you consider the first computer worm that wasn’t intentionally malicious. However, it manifested itself and caused between $100,0000 and $10,000,000 worth of damage. The WannaCry attack is another example of how dangerous cyberthreats are and how they can quickly spread like wildfire. In the wrong hands, these weapons are much more lethal than a gun.
Looking at how these gangs operate now is important in understanding and beating them. Our recent in-depth research revealed the New Mafia operates in four different types of groups. These are:
- Traditional gangs:
This group has the motivations and acts like traditional organised gangs: theft, the sale of drugs, guns and stolen goods to the online world. It’s made up of hackers and pre-existing gangs that have been able to harness those with the skills to help maintain their position, despite the disruption brought by the internet.
- State-sponsored attackers:
There has been a steep rise in attacks by state-sponsored hackers with the goal of stealing information and disrupting political activity. The alleged Russian interference in the US election and widespread hacks from North Korea are recent examples. Unlike other groups. their activity is a lot subtler – yet they can have a similarly damaging effect. These hackers are interested in corporate theft and sabotage, blurring the difference between cybercrime and cyberwarfare.
- Ideological hackers:
Notorious for gathering and leaking classified information about governments and high-profile organisations that can destroy reputations due to moral and ethical duty. Generally, they attempt to use the threat of classified leaks to coerce their victim to act in their favour. One example of this is the Sony data breach.
A big progressing in cybercrime is the rise of professional hackers’ services. Similar to paid guns-for-hire, this service operates with an emphasis on 24/7 customer service – in some instances – and reliability. The difference here is the removal of technical knowledge as a barrier to cybercrime. The appropriate skills no longer have to be learned, instead, budding criminals can outsource the technical execution of their schemes making it accessible to anyone. For instance, the boom of ‘Ransomware-as-a-service’ has led to ransomware detections increasing by 94% on average per month this year in comparison to 2016, according to Malwarebytes’ propriety data.
These four gangs can seem quite daunting. However, individuals and businesses have a key role to play in bringing these cyber miscreants down by sharing their collective experiences. In order to understand threats and tackle them, we must create an environment where we communicate risks, data breaches and attacks. Instead of, what businesses currently do, desperately try to cover them up.
The problem with doing so is these complex attacks are only set to become more invasive and personal. For instance, connected devices implanted in humans – like artificial limbs or aortal valves – may possess the same vulnerabilities to control and exploit as the Iranian nuclear reactors did to Stuxnet and as the Spectre and Meltdown vulnerabilities did to Intel.
We know that confident internet users are more likely to identify and pre-empt attacks. Therefore, an environment where confidence is created rather than subjugated will ultimately help build esteem, awareness and preparedness towards more types of cybercrime.
Of course, in American Gangster the detective Richie Roberts is the one to bring the Lucas down. But with today’s far knottier cybergangs, it’s a collective effort that will be triumphant.
No more sitting back and minimising the blow from a cyber-attack, its time businesses and individuals speak up and change mindsets.
Will you join us on this mission?