A report from Kaspersky Labs, published on Thursday last week, identifies the emergence of small groups of ‘cyber mercenaries’ that carry out hit-and-run attacks on businesses and other organisations. Once ‘in’, through phishing and malware, the hackers control infected systems, manually stealing very specific data from these systems. Attacks by these groups usually last only a few days or weeks and after obtaining the information they need, the attackers leave the systems, covering their tracks.

This approach is markedly different from the traditional modus operandi of hackers. Typically they seek long-term access, sucking up large amounts of indiscriminate data. By leaving quickly and eliminating the tools they use, the new groups are not only usually un-detected during attacks, many organisations do not even know that they were active after the fact.

These groups are increasingly being used by highly organised criminal gangs. Looking at where they have already attacked it seems that no industry sector is safe. What’s more, Kaspersky Labs predicts that the number of these ‘cyber mercenary’ groups and the frequency of their attacks will increase.

Security is a widely written about area. My colleagues and I have posted several times about it and many reports, including Kaspersky Labs own Global IT Security Risks report, have highlighted the prevalence of both internal and external security risks. However, I believe that last week’s report is one of the first mainstream publications to highlight the growing problem of small groups of cyber mercenaries working for large, global criminal organisations.

This trend is a sharp reminder to CSOs, IT and security directors, and IT managers, that their biggest problem today is an internal risk. It allows hackers to know what files they need before they even start any attack. Now is the time to re-examine your security processes, making sure they are data-centric, and that all your software is developed with security in mind.