Once a fringe issue, cybercrime has become a key threat to businesses and individuals alike, and is central to UK law-enforcement strategy.
This week the UK's National Crime Agency (NCA), which tackles organised crime affecting the UK, published its annual National Strategic Assessment. The report presents a worrying view of the rise and impact of organised crime in the UK, with the agency itself claiming to be underfunded to deal with it effectively. Here we outline some of the headline findings:
Cyber-enabled fraud is big business
Although the report distinguishes economic crime from cybercrime, the consequences are often the same – fraud. Financial losses from fraud increased by a staggering 32 per cent in six months in 2018, and cyber-enabled fraud continues to be big business. The NCA describes "Mandate Fraud", where fraudsters obtain details of direct debits, standing orders or account transfer details in order to change them and divert the funds to their own accounts. This type of fraud, which can be enabled by email communications, is now the type with the highest reported losses in the private sector (GBP 46m in six months), and the third highest reported losses by individuals (GBP 38 million in the same time-frame).
Simple cyber-security measures can go a long way
The report notes how social engineering - which tricks people into handing over their details - is more prevalent than ever. Cyber-enabled fraud allows perpetrators to commit their crimes from almost anywhere in the world and target the UK, with funds often being transferred overseas. Unfortunately, defences against attacks are often weak. Over the past year, MDR Cyber has seen several instances of high-value frauds being executed, usually through poor configuration of simple security measures applied to cloud email services. Simple cyber security measures, particularly use of two-factor authentication, can help to prevent these kinds of scams.
Ransomware is steady but businesses now more at risk
Ransomware, which blocks access to files and holds them to ransom, is still an issue, although the number of attacks remains steady since 2017. Traditionally these attacks targeted individuals, but increasingly there has been a shift in tactics by attackers towards "enterprise" ransomware attacks. These focus on organisations with systems that are critical to operations, and therefore present a more valuable extortion target. Although they have not paid a ransom, the Norwegian firm Norsk Hydro were targeted by ransomware earlier in the year and sustained 41m USD of costs on mitigating operations which were severely affected.
The NCA presents the threat from Russian-language groups who build and use malware to steal from bank accounts as the number one cyber threat to the UK. While these so-called "banking Trojans" may mean large overall losses to UK banking institutions, the losses felt by the individual customers are sometimes absorbed by the banks. Because the financial impact is not always directly felt by the general public,this threat does not tend to be widely recognised. These groups, however, are still making considerable profits from their endeavours.
The internet is making crime easier than ever
Unsurprisingly, the report also highlights some of the ways that traditional organised crime and cybercrime are moving closer together in terms of the tactics and techniques they use. Techniques which involve the use of internet technologies have increasingly been adopted by groups wishing to preserve anonymity, evade regulation or keep out of reach of law-enforcement.
Encryption, the dark web and cryptocurrencies are now used across a wider range of criminal activities than ever before. In 2018, the NCA estimated that 2.88m new dark web accounts were registered to view or share indecent images of children. Similarly, cryptocurrencies are noted as being used to launder funds, although this remains lower than other methods.
Cybercrime on the rise
What is clear from the report is that cybercrime motivated by profit is now becoming a more professional and lucrative business than ever before. Criminals are gradually changing tactics to improve their profit margins and are exploiting a lack of basic cybersecurity, which would help to prevent a large portion of the attacks.
MDR Cyber works with businesses and individuals affected by cybercrime. We work with our lawyers to pursue the recovery of misappropriated funds and to disrupt criminal infrastructure through lawful takedowns. We also help our clients understand their key cyber risks, build incident response and recovery plans, and develop cyber security strategies to improve their chances of successfully thwarting attacks.