There is considerable under-reporting of targeted intrusion attacks in the UK, breaches are likely to increase significantly in scale and damage, then worsen once traditional crime groups exploit the availability of skills, while mobile malware will provide new criminal opportunities according to the latest National Crime Agency (NCA) report.
The document ranges from metal theft to money laundering, but among the cyber-related themes highlighted in the 2015 assessment are an expectation that criminals will focus on mobile malware as the use of apps for financial transactions increases; that there is growing complexity in tracing online criminal activity as the next generation of IP addresses rolls out; and that child sexual exploitation and abuse live online is likely to become more widely available as access to 4G and broadband becomes increasingly widespread globally.
As of December 2014, organised crime group mapping had identified around 5,800 organised crime groups and the cost of serious and organised crime to the UK is expected to have increased from a recorded figure of £24 billion per year. Increasingly they are expected to target government services that go online and private sector transactions as the UK becomes an increasingly cashless society.
Among the report's assessments and findings are that:
The UK is identified by the G20 as the most cyber-dependent economy of its member nations with 74 percent of the adult population buying goods and services online, spending £91 billion in 2013, resulting in increased targeting by cyber-criminals. While the most damaging high-end cyber-crime remains the preserve of the most skilled and technically competent criminals, the maturing criminal marketplace is beginning to provide those with lesser skills with the tools to participate. This is enhanced by several hundred online criminal forums live globally at any one time, suggesting that active cyber-criminals number in the thousands. The most significant threat to the UK, however, is posed by the relatively small number of technically competent criminal groups and individuals with high-end skills, likely to be in the low hundreds.
Competent cyber-criminals introduce new crime-ware products to the marketplace rapidly and intelligence suggests that these criminals work on new products at the same time as deploying existing ones, increasing resilience to disruption efforts. Law enforcement has had to introduce new techniques and practices to tackle this new threat.
Russian-language criminals in Russia and neighbouring states continue to be heavily represented amongst the more competent cyber-criminals, thought to be behind the development of financial Trojans affecting tens of thousands of machines globally. There is also collaboration across ethnic and national groups with low-cost and efficient technical service providers hosting their activity. The criminal, the technical services used and the victim are frequently located in different countries and advanced western economies typically host such providers, making the UK an attractive place for cyber-criminals to host their services.
The cyber-criminal marketplace provides a combination of legitimate services, illegitimate services and a subset of services which can be used for legitimate or illegitimate purposes. Traditional crime groups are not highly active in this marketplace, but there is a threat that they will come to recognise the ready availability of these skills and services and begin to exploit them.
Targeted intrusion attacks, like the November 2013 attack on the US supermarket chain TARGET and the August 2014 breach of JP Morgan Chase, which resulted in the theft of large amounts of data, are likely, to become increasingly significant in scale and damage. The NCA assesses that there is considerable under-reporting of such breaches within the UK.
Bespoke mobile malware is well-established outside the UK and international groups could start to target the UK, while groups currently targeting western markets by other means may adopt mobile malware deployment. The increasing use of apps designed for legitimate financial transactions will, over the next 12 to 18 months, provide new opportunities for criminals. There is a growing threat from multistep, blended attacks (ie a series of attacks by a mix of attack tools). Examples include the use of distributed denial of service (DDoS) attacks as a deliberate tactic to divert a victim organisation's system defences. Under the cover of the diversionary DDoS, a more damaging network intrusion or exfiltration attack is then launched.
Online fraud losses are difficult to gage (but likely to exceed the £1.73 billion offline fraud recorded in the year to August 2014). Cyber-enabled banking and card fraud in the UK are widespread due to the high volume of online banking and retail transactions, high card limits, similar security methods by the UK's few large banks and ease of opening accounts. Reported fraud losses on UK cards and remote banking between January and June 2014 totalled £247.6 million, up 15 percent from 2013. Research in 2013 suggested one in four UK businesses were a victim of fraud, losing an estimated £15.9 billion. Abuse of identity documents continues to be a key enabler.
Using the internet offers criminals the advantage of no physical risk, greater anonymity and a wider range of targets. This presents law enforcement with increasing challenges, which require new investigative and evidential skills and capabilities. Both the surface and hidden internet are used with the latter offering platforms/tools such as The Onion Router (TOR) and other anonymisation programs, such as The Invisible Internet Project (I2P) and the Free Network (Freenet), to enable users to maintain anonymity. A search engine called Grams has been launched on TOR which is specifically designed to search for illicit commodities across a range of online marketplaces and there are other search engines being developed for this purpose.
Traffickers involved in labour and sexual exploitation are increasingly using social networking to recruit potential victims in addition to traditional methods, such as websites and newspapers. Virtual currency systems provide a cheap, quick, unregulated and almost anonymous method of transferring value between individuals or groups anywhere in the world. They have rapidly become the payment system of choice for a large number of individuals and organisations engaged in cyber-dependent and some areas of cyber-enabled crime, though as yet there has been limited take-up of virtual currencies as a medium for moving large quantities of money across the broader criminal community.
The increasing use of encrypted communication devices and apps poses a growing challenge to UK law enforcement as their adoption by criminal groups can enable attempts to evade law enforcement detection. The ongoing rollout of IPv6, the next generation of IP addresses, will offer added complexity and an exponential increase in the number of unique addresses, presenting a threat to law enforcement's ability to trace offenders' online activity.
In the report's preface, NCA director general Keith Bristow says: “Serious and organised crime affects us all. It is a pervasive national security threat with far-reaching effects on the UK's social and economic well-being and international reputation. Its perpetrators are highly innovative and tenacious in pursuing their goals; our response must be resourceful and relentless.
“To inform that response, we need a comprehensive understanding of the risk. A collaborative approach remains vital across policing and law enforcement. Partnerships, both domestic and international, bringing together the public and private sectors, academia, charities and society as a whole, are crucial to delivering a lasting detrimental effect on serious and organised crime impacting on the UK.”