Security Experts:

Fighting Back Against the Cyber Mafia

Four distinct groups of cybercriminals have emerged, serving as the new syndicates of cybercrime: traditional gangs, state-sponsored attackers, ideological hackers and hackers-for-hire. This is the central thesis of a new report titled 'The New Mafia: Gangs and Vigilantes'. In this report, the gangs are the criminals and the vigilantes are consumers and businesses -- and the vigilantes are urged to 'fight back'.

The report (PDF) is compiled by endpoint protection firm Malwarebytes. It is designed to explain the evolution of cybercrime from its earliest, almost innocuous, beginnings to the currently dangerous 'endemic global phenomenon'; and to suggest to consumers and businesses they don't need to simply accept the current state. They can fight back.

Fighting back, however, is not hacking back -- or in the more politically acceptable euphemism, active defense.

"This is not what was meant in our report," Jerome Segura, Malwarebytes' lead malware intelligence analyst told SecurityWeek. "Fighting back means being proactive and reporting scams or malware in order to help out the community at large. We need users to leverage their experiences in order to gain insights into the criminal rings operating with impunity."

The report explains the evolution and operational context of the four 'mafia' gangs. It should be noted, however, that this is a broad brush view -- the lines of distinction between the different groups is often and increasingly blurred.

Traditional gangs co-opt hackers-for-for hire and are behind cybercrime-as-a-service. State actors can sub-contract traditional gangs to hide behind plausible deniability. And state actors and law enforcement are not beyond using hacktivists for their own ends; for example, the FBI's alleged use of Hector Monsegur (aka Sabu) to convict Jeremy Hammond for and following the LulzSec hack of Stratfor in 2011.

Traditional gangs "have taken the motivations and acts of traditional organized crime gangs, theft and the sale of drugs, guns and stolen goods, to the online world." This is organized cybercrime: organized street crime co-opting tech savvy hackers. "The people at the top may be the same individuals leading drug cartels or pre-existing gangs," suggests the report; "or new kingpins that have risen to the top of organizations as the internet has grown." These people remain invisible -- if anything, it is the hackers who get caught.

State-sponsored attackers are not new, but have become more active, more subtle and more destructive in recent years. "Russian interference in the US Election and widespread hacks from North Korea are prominent examples," says the report. But it is not limited to 'rogue' states. Stuxnet "was deployed by Western nations to cause Iran's nuclear centrifuges to spin too quickly, destroying the centrifuges, and infecting 200,000 computers." The effect of state-sponsored hacking could "suggest a potential blurring of the distinction between cybercrime and cyberwarfare."

Ideological hackers are more commonly called hacktivists -- and perhaps Anonymous is the best known instance. But it is a much wider concern. Russian President Vladimir Putin suggested that Russian ideological hackers could have been behind the DNC hacks. Edward Snowden would be classified as an ideological hacker. "In this context," warn the reports authors, "groups at political extremes are more likely to firstly, disagree ideologically with political and business developments and secondly, attack the online presences of those they disagree with."

The fourth 'gang', hackers-for-hire, is in part the personification of the evolving service economy for cybercrime services. Ransomware-as-a-service is a visible and virulent example. "Interestingly," say the authors, hackers-for-hire "operate in a highly retail-oriented manner with an emphasis on customer service and reliability." Interestingly, this is the area of cybercrime that particularly worries Steve Durbin, managing director of the Information Security Forum. His concern is that cybercrime-as-a-service is introducing a large-scale unpredictable element of almost script kiddie wannabees -- the opposite, in fact, of 'organized crime'.

The Malwarebytes authors hope that by understanding the nature of cybercrime and cybercriminals, the fear-factor can be removed from consumers and businesses. Just as the criminals have become very organized in their sharing of information on the dark web, Malwarebytes believes that law-abiding citizens can fight back "by sharing their collective experiences to build knowledge and awareness. Creating an environment where the risks are better communicated and understood will enable individuals and businesses alike to better identify and ward off threats."

This proposal is not, however, limited to sharing information between businesses, and between business and government. The key is a better communication of risk within each organization. Underlying this is the need for business leaders to recognize that cybercrime is also a business, and not just a technological issue. This does not yet seem to be happening.

The report's authors point to the disparity between business leaders' perception of cybercrime, and their technologists' perception. According to PwC's global economic crime survey, say the authors, 74% of surveyed business stakeholders reported that they were not, or did not know if they were, victims of cybercrime. Malwarebytes' own research concentrating on technologists, however, indicated that less than 35% had not experienced cybercrime. The implication is that business leaders are still unaware of the extent of cybercrime even within their own organizations, and therefore unaware of the need to more proactively defend their business.

Malwarebytes believes that with better business understanding of the threat posed by cybercrime, and better sharing of threat information within and between businesses, consumers and government, the fight against cybercrime and cybercriminals will be strengthened.

"Knowledge, awareness and intelligence are our best weapons against the new gangs of cybercrime," says the report. "Given the fragmented, global nature of cybercrime, individuals and businesses have to play an important role alongside law enforcement agencies governments and other bodies in thwarting this activity."

Marcin Kleczynski, CEO of Malwarebytes, summarizes, "Through greater vigilance and a comprehensive understanding of the cybercrime landscape, businesses can support the efforts of legislators and law enforcement, while also taking action into their own hands."

Malwarebytes raised $50 million in a Series B funding round from Fidelity Management and Research Company in January 2016.

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.