How To Beat The Hackers

Uploaded on 2018-05-09 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Though care is taken to shroud their operations, the sophistication, execution and malice of cyber-criminals  are aligned with those historically practiced by criminal organisations. 

Although the specifics of cybercrime may be unclear to many, we can draw parallels between the approach, structure and malice of these attacks that were historically practiced by traditional mafia gangs.

What is Cyber-Crime?
Cybercrime comes in many forms and advances are being made all the time, criminals are either looking to cause disruption to organisations by bringing down IT systems, or for financial gain.

The Common forms of cybercrime are considered as:

  • Phishing: bogus emails that may look like they come from a trusted source asking for security information and personal details.
  • File hijacker: where criminals hijack files and threaten them as Ransomware.
  • Keylogging: where criminals record what you type on your keyboard and steal passwords and personal information.
  • Screenshot manager: allows criminals to take screenshots of your computer screen.
  • Ad clicker: criminals will create online adverts that direct a victim’s computer to click a specific link.

What are the consequences of a cyber-attack?

  • PR Damage: many businesses do not consider the reputational damage an attack could have on their business, especially if data is stolen.
  • Commercial Down Time: even if you do not pay cyber criminals you may well experience business down time which will lead to financial loss.
  • Lost-time: if you fall victim to a cyber-attack you are more than likely to experience business down time. Could your business operate without data, documents or email?
  • Legal: There may be legal implications, if you do not have the correct security and data protection regulations in place you may be liable for GDPR and the rest.
  • Individually: Over £1bn has been stolen from UK bank accounts through credit and debit card fraud in the past 12 months, our research has shown.

Worryingly, these kinds of online attacks can be as devastating as real-world crime. 
For instance, ILoveYou or Love Bug or Love Letter, is a worm spread via email with an attachment which overwrote random types of files, including Office files, image files, and audio files. It then sent itself to all of the addresses in Windows Address Book, causing it to spread rapidly.

The worm was thought to have caused up to $8.7 billion in damages worldwide and a further $15 billion was required to remove it. An estimated 10% of the world’s internet-connected computers are thought to have been affected. The Petya Attack is another recent example of how dangerous these kinds of attacks can be and how quickly they can spread.

The New Gangs
Crucial to beating these new gangs is understanding their motives and operations. These online operators are comparable to traditional crime families, with four distinct groups emerging. These are:

1. Traditional gangs – Taking the motivations of traditional organised gangs (the theft and sale of goods to the online world) this group is comprised of pre-existing groups and hackers that are co-opting those with the skills to help them remain on top. 

2. State-sponsored attackers – This group is interested in sabotage and corporate theft, with the aim of stealing information and interfering with political activity. Blurring the boundaries of cyber-crime and cyber warfare, their actions may be subtler than others but are no less devastating.

3. Ideological hackers – Often attempting to use the threat of leaking classified information, this gang is renowned for acting on what they deem moral and ethical duty. They can often pressure their victims to act in their favour by seeking to destroy the reputations of high profile organisations.

4. Hackers-for-hire – Comparable to paid guns-for-hire, these individuals operate with an emphasis on the reliability of their service. The most significant change here is the vanishing of the need for technical knowledge. Would-be cyber criminals now no longer need to learn the appropriate skills, but can instead pay to the carry out of their crimes.

The growing sophistication of these emerging groups and the ability to evade detection means that in some cases, businesses may only realise they have been a victim months or years down the line.

The various ways in which they can be targeted, such as IP theft, data breaches and theft of funds can lead to confusion around the size and scope of threats.

Information Age

You Might Also Read:
 

« Hacker Group Targets Healthcare Providers
Senior IT Execs Admit Cyber Threats Are Out Of Control »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Irish Reporting & Information Security Service (IRISS)

Irish Reporting & Information Security Service (IRISS)

IRISS-CERT is Ireland's first CSIRT (Computer Security Incident Response Team) to provide services to all users within Ireland.

DataVisor

DataVisor

DataVisor is a big data fraud detection and anti-money laundering solution.

Competence Center for Applied Security Technology (CAST)

Competence Center for Applied Security Technology (CAST)

CAST offers a range of services in the field of secure modern information technology and a contact point for all questions regarding IT security.

Digiserve

Digiserve

Digiserve by Telkom Indonesia is an end-to-end managed solutions provider committed to empowering enterprises in Indonesia.

Synelixis Solutions

Synelixis Solutions

Synelixis Solutions is a high-tech company founded to provide complete telecommunications, networking, security, control and automation solutions.

SmartCyber

SmartCyber

SmartCyber is a company specializing in custom IT projects and Cybersecurity.

Infosec Train

Infosec Train

Infosec Train provide professional training, certifications & professional services related to all spheres of Information Technology and Cyber Security.

Defendify

Defendify

We built Defendify to help small businesses navigate the cybersecurity landscape with cybersecurity that is dead simple, affordable, and works around the clock.

LevelOps

LevelOps

LevelOps is an industry application security platform that tracks and develops your application security.

WisePlant

WisePlant

WisePlant's portfolio of solutions and services includes process measurement, secure automation, industrial cybersecurity, functional safety and more.

Belcan

Belcan

Belcan is a global supplier of engineering, manufacturing & supply chain, workforce and government IT solutions to customers in the aerospace, defense, automotive, industrial, and private sector.

VISTA InfoSec

VISTA InfoSec

VISTA InfoSec is a global Information Security Consulting firm with offices based in US, UK, Singapore and India.

eaziSecurity

eaziSecurity

eaziSecurity has built an eco-system of technology and services that bring enterprise scale security solutions to the SME marketplace.

AnzenSage

AnzenSage

AnzenSage is a cybersecurity advisory consultancy specializing in security risk resilience for the food sector: agriculture, food manufacturing, food supply chain, vineyards, and wineries.

Readynez

Readynez

Readynez is the digital skills concierge service that helps you ensure your workforce has the tech skills and resources needed to stay ahead of the digital curve.

Piiano

Piiano

Piiano offers developer-friendly privacy and security products. Reduce risk and protect your data by using our specialized security and privacy SaaS tools.