How To Beat The Hackers

Uploaded on 2018-05-09 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Though care is taken to shroud their operations, the sophistication, execution and malice of cyber-criminals  are aligned with those historically practiced by criminal organisations. 

Although the specifics of cybercrime may be unclear to many, we can draw parallels between the approach, structure and malice of these attacks that were historically practiced by traditional mafia gangs.

What is Cyber-Crime?
Cybercrime comes in many forms and advances are being made all the time, criminals are either looking to cause disruption to organisations by bringing down IT systems, or for financial gain.

The Common forms of cybercrime are considered as:

  • Phishing: bogus emails that may look like they come from a trusted source asking for security information and personal details.
  • File hijacker: where criminals hijack files and threaten them as Ransomware.
  • Keylogging: where criminals record what you type on your keyboard and steal passwords and personal information.
  • Screenshot manager: allows criminals to take screenshots of your computer screen.
  • Ad clicker: criminals will create online adverts that direct a victim’s computer to click a specific link.

What are the consequences of a cyber-attack?

  • PR Damage: many businesses do not consider the reputational damage an attack could have on their business, especially if data is stolen.
  • Commercial Down Time: even if you do not pay cyber criminals you may well experience business down time which will lead to financial loss.
  • Lost-time: if you fall victim to a cyber-attack you are more than likely to experience business down time. Could your business operate without data, documents or email?
  • Legal: There may be legal implications, if you do not have the correct security and data protection regulations in place you may be liable for GDPR and the rest.
  • Individually: Over £1bn has been stolen from UK bank accounts through credit and debit card fraud in the past 12 months, our research has shown.

Worryingly, these kinds of online attacks can be as devastating as real-world crime. 
For instance, ILoveYou or Love Bug or Love Letter, is a worm spread via email with an attachment which overwrote random types of files, including Office files, image files, and audio files. It then sent itself to all of the addresses in Windows Address Book, causing it to spread rapidly.

The worm was thought to have caused up to $8.7 billion in damages worldwide and a further $15 billion was required to remove it. An estimated 10% of the world’s internet-connected computers are thought to have been affected. The Petya Attack is another recent example of how dangerous these kinds of attacks can be and how quickly they can spread.

The New Gangs
Crucial to beating these new gangs is understanding their motives and operations. These online operators are comparable to traditional crime families, with four distinct groups emerging. These are:

1. Traditional gangs – Taking the motivations of traditional organised gangs (the theft and sale of goods to the online world) this group is comprised of pre-existing groups and hackers that are co-opting those with the skills to help them remain on top. 

2. State-sponsored attackers – This group is interested in sabotage and corporate theft, with the aim of stealing information and interfering with political activity. Blurring the boundaries of cyber-crime and cyber warfare, their actions may be subtler than others but are no less devastating.

3. Ideological hackers – Often attempting to use the threat of leaking classified information, this gang is renowned for acting on what they deem moral and ethical duty. They can often pressure their victims to act in their favour by seeking to destroy the reputations of high profile organisations.

4. Hackers-for-hire – Comparable to paid guns-for-hire, these individuals operate with an emphasis on the reliability of their service. The most significant change here is the vanishing of the need for technical knowledge. Would-be cyber criminals now no longer need to learn the appropriate skills, but can instead pay to the carry out of their crimes.

The growing sophistication of these emerging groups and the ability to evade detection means that in some cases, businesses may only realise they have been a victim months or years down the line.

The various ways in which they can be targeted, such as IP theft, data breaches and theft of funds can lead to confusion around the size and scope of threats.

Information Age

You Might Also Read:
 

« Hacker Group Targets Healthcare Providers
Senior IT Execs Admit Cyber Threats Are Out Of Control »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Wavestone

Wavestone

Wavestone is a strategy and technology consulting company with areas of expertise including digital transformation and cybersecurity.

Apricorn

Apricorn

Apricorn provides hardware-based 256-bit encrypted external storage products to companies and organizations that require high-level protection for their data at rest.

BeDefended

BeDefended

BeDefended is an Italian company operating in IT Security and specialized in Cloud and Application Security with years of experience in penetration testing, consulting, training, and research.

Infigo IS

Infigo IS

INFIGO IS specializes in information security consulting services. Our employees are leading information security experts in Croatia.

Cyber Intelligence (CI)

Cyber Intelligence (CI)

Cyber Intelligence is an award winning 'MSC status' cyber security education and training company.

Sysdig

Sysdig

With Sysdig teams find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance.

Marlabs

Marlabs

Marlabs is a Digital Technology Solutions company that helps companies adopt digital transformation using a comprehensive framework including Digital Automation, Enterprise Analytics and Security.

Lunio

Lunio

Lunio makes the internet a safer and more reliable place for everyone trying to grow their business by automatically getting rid of fake clicks, traffic, and leads on all ad platforms.

Stratia Cyber

Stratia Cyber

Stratia Cyber is an independent, technology agnostic company providing high quality, pragmatic cyber security consultancy and expertise.

Policy Monitor

Policy Monitor

Policy Monitor is a cyber security company founded by experts with extensive experience in operational and risk management.

Oregon Systems

Oregon Systems

Oregon Systems is a Regional Leader & Distributor with value added services for OT, IoT, IIoT & IT Cybersecurity products, Solutions & professional services throughout the middle-east region.

The CyberWire

The CyberWire

The CyberWire gets people up to speed on cyber quickly and keeps them a step ahead in a continually changing industry.

AnzenSage

AnzenSage

AnzenSage is a cybersecurity advisory consultancy specializing in security risk resilience for the food sector: agriculture, food manufacturing, food supply chain, vineyards, and wineries.

Labaton Sucharow

Labaton Sucharow

Standing on the horizon of law and technology, our Cybersecurity and Data Privacy Practice helps to protect consumers who have been harmed by businesses’ failures to safeguard their customers' data.

Wired Assurance

Wired Assurance

Wired Assurance is a testing and assurance company, specialized in software applications and blockchain smart contracts.

Effectiv

Effectiv

Effectiv is a real-time fraud & risk management platform for Financial Institutions and Fintechs.