UK's NCA leads Europol take-down on Ramnit botnet
UK's NCA leads Europol take-down on Ramnit botnet

There is considerable under-reporting of targeted intrusion attacks in the UK, breaches are likely to increase significantly in scale and damage, then worsen once traditional crime groups exploit the availability of skills, while mobile malware will provide new criminal opportunities according to the latest National Crime Agency (NCA) report.

Cyber-crime and cyber-enabled crimes figure highly in the latest annual National Strategic Assessment (NSA), an analysis by the NCA of serious and organised crime threats affecting the UK.

The document ranges from metal theft to money laundering, but among the cyber-related themes highlighted in the 2015 assessment are an expectation that criminals will focus on mobile malware as the use of apps for financial transactions increases; that there is growing complexity in tracing online criminal activity as the next generation of IP addresses rolls out; and that child sexual exploitation and abuse live online is likely to become more widely available as access to 4G and broadband becomes increasingly widespread globally.

As of December 2014, organised crime group mapping had identified around 5,800 organised crime groups and the cost of serious and organised crime to the UK is expected to have increased from a recorded figure of £24 billion per year.  Increasingly they are expected to target government services that go online and private sector transactions as the UK becomes an increasingly cashless society.

Among the report's assessments and findings are that:

The UK is identified by the G20 as the most cyber-dependent economy of its member nations with 74 percent of the adult population buying goods and services online, spending £91 billion in 2013, resulting in increased targeting by cyber-criminals. While the most damaging high-end cyber-crime remains the preserve of the most skilled and technically competent criminals, the maturing criminal marketplace is beginning to provide those with lesser skills with the tools to participate. This is enhanced by several hundred online criminal forums live globally at any one time, suggesting that active cyber-criminals number in the thousands. The most significant threat to the UK, however, is posed by the relatively small number of technically competent criminal groups and individuals with high-end skills, likely to be in the low hundreds.

Competent cyber-criminals introduce new crime-ware products to the marketplace rapidly and intelligence suggests that these criminals work on new products at the same time as deploying existing ones, increasing resilience to disruption efforts. Law enforcement has had to introduce new techniques and practices to tackle this new threat.

Russian-language criminals in Russia and neighbouring states continue to be heavily represented amongst the more competent cyber-criminals, thought to be behind the development of financial Trojans affecting tens of thousands of machines globally. There is also collaboration across ethnic and national groups with low-cost and efficient technical service providers hosting their activity. The criminal, the technical services used and the victim are frequently located in different countries and advanced western economies typically host such providers, making the UK an attractive place for cyber-criminals to host their services.

The cyber-criminal marketplace provides a combination of legitimate services, illegitimate services and a subset of services which can be used for legitimate or illegitimate purposes. Traditional crime groups are not highly active in this marketplace, but there is a threat that they will come to recognise the ready availability of these skills and services and begin to exploit them.

Targeted intrusion attacks, like the November 2013 attack on the US supermarket chain TARGET and the August 2014 breach of JP Morgan Chase, which resulted in the theft of large amounts of data, are likely, to become increasingly significant in scale and damage. The NCA assesses that there is considerable under-reporting of such breaches within the UK.

Bespoke mobile malware is well-established outside the UK and international groups could start to target the UK, while groups currently targeting western markets by other means may adopt mobile malware deployment. The increasing use of apps designed for legitimate financial transactions will, over the next 12 to 18 months, provide new opportunities for criminals. There is a growing threat from multistep, blended attacks (ie a series of attacks by a mix of attack tools). Examples include the use of distributed denial of service (DDoS) attacks as a deliberate tactic to divert a victim organisation's system defences. Under the cover of the diversionary DDoS, a more damaging network intrusion or exfiltration attack is then launched.