WannaCry exploited a Windows networking protocol, which allowed the ransomware to spread within networks. Source: Shutterstock

How cybercriminals became ‘The New Mafia’

RANSOMWARE is emerging as the latest tool of choice for cybercriminals amid a rising trend of cybercrime attacks in recent years, data from the cybersecurity solutions provider Malwarebytes revealed recently.

The company said between September 2015 and September 2017, the number of ransomware attacks detected had increased by a whopping 1,988.6 percent. Behind the rise of newer more sophisticated cyber attacks is a rising global threat, one that Malwarebytes has termed “The New Mafia.”

As computer security expert and author Richard Power briefly explains: “In the good old days, people robbed stagecoaches and knocked off armoured trucks. Now they’re knocking off servers.”

In many cases, the new gangs are shifting classic criminal activities into a new medium. However, these groups of cybercriminals have also developed entirely new methods of attack, such as computer viruses, worms, or DDoS attacks, Malwarebytes said in a statement to Tech Wire Asia recently.

“We live in a world run by the New Mafia. This new space for crime is inhabited by the old guard – cybercrime syndicates with hierarchical structures created to generate money as efficiently as possible,” the company said.

The world of cybercrime, according to the company is inhabited by a plethora of different groups; nation-states, ideological hackers, lone hackers selling their expertise as a service in itself, and hacking groups whose activity is mostly mischievous but has serious ramifications.

With that in mind, Tech Wire Asia spoke with Malwarebytes chief security officer & CIO Justin Dolly, to explain this phenomenon. Read the transcript of the e-mail interview in the following:

Shift from physical to digital crimes and types of criminals

In the early 2000s, the impact of expansive global attacks piqued the interest of criminals and nations alike. Four distinct groups of cybercriminals have emerged, serving as the new syndicates of cybercrime: traditional gangs, state-sponsored attackers, ideological hackers and hackers-for-hire. While defined by unique sets of motivations, each syndicate employs a vast, constantly evolving array of tactics to infiltrate, strong-arm and create terror.

Dolly says cybercrime becomes more sophisticated, more individuals and businesses become more vulnerable. Source: Malwarebytes

Similar to the criminal gangs that dominated major cities in the 1930s, these new participants have largely been attracted by the potential for riches and power. Likewise, these newer perpetrators of cybercrime have increasingly resorted to fear, intimidation and a feeling of helplessness to achieve their aims.

Traditional gangs: These groups have taken the motivations and acts of traditional organized crime gangs, theft and the sale of drugs, guns and stolen goods, to the online world. Often coming from organized crime backgrounds, they operate in a structure and manner similar to their street predecessors.

State-sponsored attackers: The last three years have seen a massive rise in attacks by state-sponsored attackers with the aim of stealing information and disrupting political activity. Russian interference in the US election and widespread hacks from North Korea are prominent examples.

Ideological hackers: These gangs are renowned for gathering and leaking classified information on governments and high-profile organizations that can ultimately destroy reputations. These groups act on the basis of moral and ethical duty. Often, they attempt to use the threat of classified leaks to coerce governments and individuals to act in their favour.

Hackers-for-hire: One of the biggest developments in cybercrime is the growth of a highly professional service economy for cybercrime services. The proliferation of the ‘dark web’ has spawned a market for activities such as hacking, malware, and the use of botnets for spam and DDoS attacks.

Among these four gangs, hackers-for-hire are considered the most dangerous since they will provide their skills to the highest bidder. The extent to which businesses, nation-states and others are hiring or co-opting these groups to carry out sophisticated cyberattacks is unclear, thereby making it difficult to understand the size and impact of this market.

Syndicates and actors

The attribution of cyber attacks has always been problematic. Part of the reason for the widespread proliferation of cybercrime is the difficulty in ascertaining who the threat actors truly are and attempting to track them down.

It is safe to say that there are syndicates that are actively conducting cybercrime-related activities, with numerous networks (or syndicates) having been identified over the years; this includes the likes of ShadowCrew, DarkMarket and even ideological hackers such as Anonymous.

Competency of law enforcers

While most law enforcement agencies and regulatory bodies have developed specialized teams devoted to tackling cybercrime, the highly fragmented, global nature of technology makes it much more difficult to identify and thwart these illicit activities. Legislators and law enforcement agencies are ramping up their fight against cybercrime, but perpetrators find ways to remain one step ahead.

Given the fragmented, global nature of cybercrime, aside from the government bodies, individuals and businesses also have an important role to play alongside law enforcement agencies, governments and other bodies in thwarting this activity. Individuals and businesses alike can help the global effort against cybercrime groups by sharing their collective experiences to increase knowledge and awareness of the issue. The success of global efforts to control cybercrime will depend on our ability to create an environment of openness that promotes the understanding, discussion and reporting of cybercrime.

Today, companies that have been hacked are named, shamed, and in some cases even penalised for failing to secure their data. Instead, companies that have been victimised must be encouraged to announce the hack and work to warn others of potential vulnerabilities that could be exploited by cybercriminals. We are also beginning to see disclosure requirements being written into law so that in some circumstances, companies will be forced to disclose when they have experienced a breach.

Popular forms of cyber attacks

These groups of cybercriminals have developed entirely new methods of attack, such as computer viruses, worms, or DDoS attacks, which allowed spammers to commandeer large numbers of computers and carry out repetitive, volume-based scams (rather than targeted scams) in order to maximize revenues.

Nonetheless, ransomware has emerged as the latest tool of choice for cybercriminals. The rate of ransomware attacks, as detected by Malwarebytes, exploded by 289 percent in 2016. In fact, between September 2015 and September 2017, the number of ransomware attacks detected had increased by 1,989 percent. Moreover, as of Nov 1, the number for 2017 has already surpassed the total for 2016 by 62 percent. Ransomware has largely replaced the use of botnets, which decreased by nearly 50  percent in 2017, as of the 31st of October.

Are businesses equipped to deal with the rise of this “New Mafia”?

Attacks on businesses are growing steadily. After all, criminals tend to go where the money is. The number of attacks recorded in the first 10 months of 2017 has surpassed the total for all of 2016. The average monthly volume of attacks is up 23 percent. Businesses underestimate the extent to which they are targeted.

Examples of the various ways that cybercriminals can target businesses are theft of funds, data breaches, and IP theft. Delays in identifying such attacks can lead to some confusion around the size and scope of threats.

The growing sophistication of cybercrime and the ability of bad actors to evade detection mean that businesses often only discover that they are a victim months or even years down the line.

Businesses must heighten their awareness of cybercrime, taking a realistic view of the likelihood of attack. The vast impacts of these attacks mean that cybercrime must be elevated from a tech issue to one of business-critical consideration.

Between September 2015 and September 2017, the number of ransomware attacks detected had increased by a whopping 1,988.6 percent. Source: Shutterstock

Adoption of cyber security solutions

In the last decade, cybercrime has evolved from computer viruses that commandeered a select number of PCs, to spectacular security breaches and cyber attacks that boggle the mind. What is disconcerting is the variety of participants that now engage in cybercrime. Captivated by the potential for financial gain, unprecedented control and the ability to cause widespread panic, criminal organizations, nation states, and ideologists have made cyberspace their new preferred medium for nefarious activity.

As cybercrime becomes more sophisticated, more individuals and businesses become more vulnerable. They are subject to attacks that leverage intimidation, powerlessness and fear as weapons, adopting tactics that criminal gangs once used to control entire neighbourhoods and cities.

Ultimately, it is becoming increasingly clear that fighting malware using a single-layered approach that relies on signature-based technology is no longer sufficient. Given the sheer number of malware classifications and the difficulty in ascertaining a malware’s true nature and scope, detecting malware infections from the onset is quite difficult. Proactive protection through a layered security model is the only way to combat this problem.

Machine learning or “anomaly detection” technologies have become baseline essentials for next-generation security products. These technologies can track the behavioural patterns of viruses as malware writers tend to write programs that behave in certain predictable ways. Machine learning provides one of the most effective security solutions through an integration of a layered approach of detection techniques for both pre- and post-execution.

Current technologies to ward off attacks

The threat landscape is changing every second with new malware variants emerging every day. As security professionals, it is our responsibility to protect businesses from these threats, but most of the anti-malware offerings take a singular approach to the problem that simply cannot keep pace with the rate of evolution of malware. That is why Malwarebytes is equipping businesses and consumers with seven different layers for stopping and remediating the threats of today and the threats of tomorrow. This proactive, multi-layered approach to security from Malwarebytes ensures that these rapidly evolving, new and dangerous cyber threats are caught and remediated before they can negatively impact businesses. We believe in a layered approach to combating malware and provide the right mix of proactive and signature-less technologies to combat modern threats and zero-day malware.