How To Beat The Hackers

Though care is taken to shroud their operations, the sophistication, execution and malice of cyber-criminals  are aligned with those historically practiced by criminal organisations. 

Although the specifics of cybercrime may be unclear to many, we can draw parallels between the approach, structure and malice of these attacks that were historically practiced by traditional mafia gangs.

What is Cyber-Crime?
Cybercrime comes in many forms and advances are being made all the time, criminals are either looking to cause disruption to organisations by bringing down IT systems, or for financial gain.

The Common forms of cybercrime are considered as:

  • Phishing: bogus emails that may look like they come from a trusted source asking for security information and personal details.
  • File hijacker: where criminals hijack files and threaten them as Ransomware.
  • Keylogging: where criminals record what you type on your keyboard and steal passwords and personal information.
  • Screenshot manager: allows criminals to take screenshots of your computer screen.
  • Ad clicker: criminals will create online adverts that direct a victim’s computer to click a specific link.

What are the consequences of a cyber-attack?

  • PR Damage: many businesses do not consider the reputational damage an attack could have on their business, especially if data is stolen.
  • Commercial Down Time: even if you do not pay cyber criminals you may well experience business down time which will lead to financial loss.
  • Lost-time: if you fall victim to a cyber-attack you are more than likely to experience business down time. Could your business operate without data, documents or email?
  • Legal: There may be legal implications, if you do not have the correct security and data protection regulations in place you may be liable for GDPR and the rest.
  • Individually: Over £1bn has been stolen from UK bank accounts through credit and debit card fraud in the past 12 months, our research has shown.

Worryingly, these kinds of online attacks can be as devastating as real-world crime. 
For instance, ILoveYou or Love Bug or Love Letter, is a worm spread via email with an attachment which overwrote random types of files, including Office files, image files, and audio files. It then sent itself to all of the addresses in Windows Address Book, causing it to spread rapidly.

The worm was thought to have caused up to $8.7 billion in damages worldwide and a further $15 billion was required to remove it. An estimated 10% of the world’s internet-connected computers are thought to have been affected. The Petya Attack is another recent example of how dangerous these kinds of attacks can be and how quickly they can spread.

The New Gangs
Crucial to beating these new gangs is understanding their motives and operations. These online operators are comparable to traditional crime families, with four distinct groups emerging. These are:

1. Traditional gangs – Taking the motivations of traditional organised gangs (the theft and sale of goods to the online world) this group is comprised of pre-existing groups and hackers that are co-opting those with the skills to help them remain on top. 

2. State-sponsored attackers – This group is interested in sabotage and corporate theft, with the aim of stealing information and interfering with political activity. Blurring the boundaries of cyber-crime and cyber warfare, their actions may be subtler than others but are no less devastating.

3. Ideological hackers – Often attempting to use the threat of leaking classified information, this gang is renowned for acting on what they deem moral and ethical duty. They can often pressure their victims to act in their favour by seeking to destroy the reputations of high profile organisations.

4. Hackers-for-hire – Comparable to paid guns-for-hire, these individuals operate with an emphasis on the reliability of their service. The most significant change here is the vanishing of the need for technical knowledge. Would-be cyber criminals now no longer need to learn the appropriate skills, but can instead pay to the carry out of their crimes.

The growing sophistication of these emerging groups and the ability to evade detection means that in some cases, businesses may only realise they have been a victim months or years down the line.

The various ways in which they can be targeted, such as IP theft, data breaches and theft of funds can lead to confusion around the size and scope of threats.

Information Age

You Might Also Read:
 

« Hacker Group Targets Healthcare Providers
Senior IT Execs Admit Cyber Threats Are Out Of Control »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

SSL247

SSL247

SSL247 is Europe's leading Web Security Consultancy Firm. We enjoy long-standing partnerships with Certificate Authorities including Symantec, GlobalSign, Entrust Datacard, Comodo, Thales and Qualys.

Cyber Command

Cyber Command

Our Managed IT service allows clients to offload the management of day-to-day computer, server, and networking support to our team of professionals.

Critifence

Critifence

Critifence provides unique Cyber Security solutions designed for Critical Infrastructure, SCADA and Industrial Control Systems.

Information Technology & Cyber ​​Security Service (STISC) - Moldova

Information Technology & Cyber ​​Security Service (STISC) - Moldova

STISC is a public institution whose purpose is to ensure the administration, maintenance and development of the information technology infrastructure in Moldova.

Liquid Intelligent Technologies

Liquid Intelligent Technologies

Liquid Intelligent Technologies is a leading communications solutions provider across Africa, providing reliable connectivity, hosting, co-location, and digital services including cyber security.

MCPc

MCPc

MCPc improves the security and well-being of our clients. We protect data, manage the complexity and sustainability of technology, empower employee performance, and ultimately reduce business risk.

CyberLab

CyberLab

CyberLab (formerly Chess) is a specialist cyber security company that provides a wide range of security solutions and services.

Smoothstack

Smoothstack

Smoothstack is a technology talent incubator whose immersive training program kick starts IT careers and delivers a fresh source of IT talent.

Quad9 Foundation

Quad9 Foundation

Quad9 is a free security solution that uses DNS to protect your system against the most common cyber threats. It improves your system's performance, plus, it preserves and protects your privacy.

Purism

Purism

Purism works with hardware component manufactures and the free software community to build high quality hardware that respects your digital life.

Akto

Akto

Akto, the plug & play API security platform. Discover your APIs, run tests and find business logic vulnerabilities at ludicrous speed.

Match Systems

Match Systems

Match Systems provides blockchain investigations, KYC, KYT, AML, Due Diligence and compliance services.

SHI International

SHI International

SHI International deliver against your IT and business needs, helping you build strategies and solutions that will drive innovation, collaboration and security.

StepSecurity

StepSecurity

StepSecurity provides a comprehensive security platform for GitHub Actions.

Cyber Brain Academy

Cyber Brain Academy

At Cyber Brain Academy, our mission is to provide high-quality IT certification training for the cyber security workforce.

Karthik Consulting (KC)

Karthik Consulting (KC)

Karthik Consulting is a technology service provider specializing in IT services for the U.S. federal government.