Cyber crime activity is growing fast and evolving at pace, becoming both more aggressive and technically advanced.
The Office of National Statistics (ONS) estimated that in 2015 there were 2.46 million cyber incidents. With 2016 figures published next month, the ONS expect figures to have risen in 2016 and predict the number to carry on growing into 2017.
Cyber crime activity is now a major threat to all UK businesses and individuals, but little is known about how cyber criminals operate. Matt Carey, Head of London Operations Team and National Cyber Security Centre (NCSC) explains “very few people are aware of the extent of the online criminal ecosystem that supports and enables cyber attacks, and the business model behind it”.
On 10th April 2017, the NCSC published a report outlining how cyber criminal methods, how they organise themselves and how their activities are monetised. The report explains that the internet has enabled Organised Criminal Groups (OCG) to not only conduct such activities, but also share techniques and services. OCG’s are usually made up of individuals with unique skillsets that form the following roles:
- A team leader – manages the team and ensures the group are ahead of local and international law enforcement.
- Coders – malware developers who will write and update new code, or plagiarise or modify publicly available malware.
- Network administrator – responsible for hijacking large networks.
- Intrusion specialist – ensures the malware presence is enduring and that the network can be exploited.
- Data miner – identifies the data of value and presents in a way that can be used to make money.
- Money specialist – identifies the best way to make money from each type of dataset – could be selling in bulk to trusted criminal contacts, or by using specialist online services.
How criminals get access to your network
The most common way for criminals to get access to machines or networks and steal data is through malicious links or attachments in phishing scams. Phishing scams are usually easy to identify:
- The sender’s email address doesn’t tally with the trusted organisation’s address.
- There’s a suspicious display name that doesn’t match the email address.
- The email contains spelling and grammatical errors.
- The entire text of the email is contained within an image rather than plain text.
- The content indicates urgent action is required.
- Check the website is legit by hovering your mouse over the link but not clicking – usually the link is different to the written text.
Smoothwall recommended that if the message looks remotely suspicious, it should not be opened, and similarly do not open any attachments you aren’t expecting. If in doubt, always contact the company prior to taking action to confirm the email is legitimate (search for the contact details online – don’t use the contact details provided in the email!).
Other common ways include visiting genuine websites that have been compromised with malicious code (known as watering hole attack) or adverts that redirect you to a malicious server that will serve up advertisements to computers (known as malvertising). The NCSC state that it is vital organisations and individuals have up-to-date antivirus software present on all machines, as it can prevent malware succeeding.