A website blamed for launching more than four million cyber-attacks around the world has been taken down in a major international investigation. The operation, which involved the UK's National Crime Agency, blocked the illegal ‘DDoS-For-Hire’ website Webstresser.org - which allows criminals to buy attacks on businesses. Mishcon de Reya Partner Hugo Plowman commented:
“Whilst this is a great battle to have won, the war against cybercrime and cyber vandalism requires more police, and better collaboration with the private sector. The UK faces a huge threat from ‘dark web criminals’ and the £9m of funding recently announced by the Home Secretary, Amber Rudd, is too little too late.
“To carry out an attack of this nature all criminals need is a cryptocurrency wallet, a willingness to break the law and a target. An attack can be carried out for less than £20 but the damage to companies’ finances and reputation can be catastrophic.
“However, this attack is different to many we’ve seen in the press recently. This isn’t an attempt by hackers to steal data, but is instead giving people the tools to cause damage to businesses, which can very often be accompanied by ransom demands.
“Global cybercrime is not only hard to police but also extremely costly. Law enforcement tend to pursue sole operators, often children in their bedrooms experimenting with malware, rather than those who write the code in a far-flung jurisdiction and profit from selling it. In this case, six suspected members of the gang have been caught but this has involved over 11 international agencies who would have spent considerable amount of time and money in the operation.
“We need to prioritise how we identify wrongdoers and bring them to justice. In many cases, criminals are hard to trace because they are using highly sophisticated technology to maintain their anonymity across different jurisdictions. However, a lot can be done to disrupt their operations - including attacking those who have unwittingly or knowingly facilitated cybercrime such as domain hosts and crypto exchanges.
“Business cybercrime was up 67% in 2017 according to the Office of National Statistics, and 56% of all fraud incidents were cyber-related. Clearly UK businesses have to take cybercrime more seriously to prevent long-term damage and third party liability. They should have a cyber security plan in place so they know how to respond if an incident happens and be aware of what legal, technical and insurance cover is in place. Raising awareness and training people can also help mitigate against this risk.
"After the attack, the process of investigation begins. The quicker and more effective you are at this, the better the chance of identifying who is behind the attack, how they got in and how to tackle the problem.”