High-profile attacks include Dutch banks ABN Amro, Rabobank and ING where services were extremely slow or rendered completely unavailable by a DDoS attack. Although the specifics of cybercrime may be unclear to many, we can draw parallels between the approach, structure and malice of these attacks that were historically practiced by traditional mafia gangs.
ILoveYou, also known as Love Bug or Love Letter, was a worm spread via email with an attachment which overwrote random types of files, including Office files, image files, and audio files. It then sent itself to all of the addresses in Windows Address Book, causing it to spread rapidly.
The worm was thought to have caused up to $8.7 billion in damages worldwide and a further $15 billion was required to remove it. An estimated 10% of the world’s internet-connected computers are thought to have been affected. The Petya attack is another recent example of how dangerous these kinds of attacks can be and how quickly they can spread.
Types of Mafia Gangs
- State-sponsored attackers – This group is interested in sabotage and corporate theft, with the aim of stealing information and interfering with political activity. Blurring the boundaries of cybercrime and cyber warfare, their actions may be subtler than others but are no less devastating.
- Ideological hackers – Often attempting to use the threat of leaking classified information, this gang is renowned for acting on what they deem moral and ethical duty. They can often pressure their victims to act in their favour by seeking to destroy the reputations of high profile organisations and individuals.
- Hackers-for-hire – Comparable to paid guns-for-hire, these individuals operate with an emphasis on the reliability of their service. The most significant change here is the vanishing of the need for technical knowledge. Would-be cyber criminals now no longer need to learn the appropriate skills, but can instead pay to the carry out of their crimes.
It is considered the domain of CIOs and IT departments, with technologists more likely to be honest about the potential threats being faced. This is a flawed approach as the strategies needed to combat these complex attacks should to be central to general business plans – making it the domain of chief executives.
From reception desks to external vendors, there is an endless array of potential vulnerability points within any organisation. The idea of a CEO championing cybersecurity will evoke a bigger shift towards recognising that knowledge of security practices have permeate across a business and from the top down.
These new gangs may seem far reaching and impossible to bring out of the shadows, but individuals and businesses have a chance to be the vigilantes in this fight. Pooling collective knowledge and building awareness will not only shed light on the nefarious activity being carried out by these elusive gangs. It will also foster a ‘no fear’ attitude when it comes to sharing how you have been affected – and learn for each others experiences.
Without accepting, sharing and learning from our experiences, these groups will continue to operate underground, much like their historical counterparts. Rather than minimising the blow and covering up the damage of cybercrime, businesses now have the opportunity to fight back.