When “GoodFellas” Use Computers

Most of us view Organized Crime through the lens of the most popular gangster films – period pieces from the “Godfather” trilogy through “Goodfellas” and “The Irishman.” However, the reality today is much different – Organized Crime, originating from anywhere in the world, has made cybercrime a major, and successful, undertaking. They’ll use ransomware and other malware to extort big dollars from victimized organizations.

These Organized Crime groups operate just like a structured business, with different “departments” in the “company” specializing in specific roles. One group develops the ransomware or malware tools, while another works on hacking into the target’s systems.

Once inside a network, attackers quietly expand their control, identify valuable data, and position themselves to cause maximum disruption. They then launch the extortion by locking systems, stealing sensitive information, or both. Then they demand payment, typically in cryptocurrency, in exchange for restoring access and not going public with sensitive data.

A third group may handle negotiations and guide victims through the payment process, while a fourth specializes in laundering the proceeds. Overall, it’s a coordinated, profit-driven operation that turns your security gaps into revenue through a well-organized chain of participants.

Guardian CEO Chuck Smith says, “Ransomware. Credential theft. Double extortion. Organized cybercrime runs like a business, and your business is the target. They encrypt your files in minutes, demand payment in hours. Healthcare. Finance. Local governments. If you store sensitive data, they’re coming for it.”

How does Organized Crime do it?

• Phishing and social engineering: These groups get into your systems by tricking employees into clicking a link, opening a file, or logging onto a fake website. When the employee does this, the attacker can install ransomware or malware and hold the company hostage. One highly targeted phishing scam is so prevalent it has its own name – Business Email Compromise (BEC). An attacker impersonates a company executive, employee, or trusted vendor, usually through a hacked or look-alike email account with links or phony documents.

• Stealing or reusing passwords: Organized Crime can get real usernames and passwords from the Dark Web, made available through previous data breaches. Unfortunately, sometimes login credentials come from bribed or blackmailed employees.

• Hacking vendors or partners: Your vendors, third-party IT providers, or suppliers often have levels of access to your systems.If one of those partners is hacked, the attacker may use that connection to reach you.

• Exploiting weaknesses: Attackers love to find that your software and operating systems have missed security updates and patches, are just plain old, or are even no longer supported by the licensor.

• Using an “as-a-service” model. Developers lease ransomware and malware to criminal affiliates – almost like franchises – that carry out the attacks and then share in the profits. Access to hacked systems is also bought and sold on the Dark Web, making these crimes highly collaborative.

What you need to do right now

Start here:

• Analyze your current cybersecurity position. What threats are you currently concentrating on? Where are there possible gaps? Take a step back and look at your cybersecurity through fresh eyes, not just “that’s the way we always do it.” Budget can be a big part of this. Today, most companies spend too much on reactive defenses – once a hacker is already in your system. You should be investing 60 to 70 percent on proactive defenses – identifying and stopping threats before the hackers get in.

• Strictly enforce MFA (Multi-Factor Authentication). This requires your employees to verify their identity using two or more proofs, such as a password plus a code sent to their phone. With MFA, stolen passwords alone can’tgrant access.

• Monitor the “Dark Web” for stolen passwords. Continuously check whether employee usernames and passwords have been exposed or sold online and automatically require password changes if any login information is compromised.

• Ensure backup protection. Keep secure backup copies of your data that hackers cannot alter or lock. Maintain multiple copies of your data in different locations and formats so it can always be recovered. This is known as the “3-2-1-1 backup” strategy: 3 copies, 2 different storage types, 1 offsite, 1 immutable (an unalterable / unmodifiable copy).

• Have a continuity and recovery plan. In case there is a hack, define which parts of your business are most critical and how quickly they need to be back up and running. Regularly test your backups and your ability to restore data, systems, and business operations.
• Get serious about employee awareness and phishing training. The once-a-year watch a security video scenario no longer works. Run realistic, but safe, email “scam” tests to help employees recognize suspicious messages. Provide immediate, simple feedback when employees make mistakes and reward employees who demonstrate good security habits.

The Guardian Difference

Defender and attacker – that’s how Guardian works. Our teams work together as one defense to hunt threats, identify gaps, and stop breaches before they start. We don’t replace your IT provider or MSP agreement; we work alongside them to provide what they can’t. Why? Because cybersecurity is a hard, ever-changing environment. And anyone who tells you it’s simple, or that they already have you covered as part of other managed services, doesn’t understand today’s high-level threat landscape. We do understand, and that’s the Guardian difference.