12 Cyber Threats of Christmas – Cyber Criminals

In our 12 Threats of Christmas feature, we want to look at cyber threats and issues that can impact organisations.

Some may be known to you, whilst others, may seem a little more out of the box.

On the sixth day of Christmas, our cyber threat is:

Cyber Criminals

At any one time there are approximately 1,400 cyber criminals vying to get your personal data.

There are various reasons cyber criminals want your data. Some want to sell it on the dark web for others to buy and exploit for financial purposes.

Whilst others just want to jump straight in, cause havoc and leave with as much money and destruction without being detected as quickly as possible.

Cyber criminals seemingly come and go, with many retiring then re-emerging once their reserves have dropped below a certain threshold.

Earlier this year, researchers at Secureworks claimed infamous Russian hackers GandCrab were behind a new wave of cyber attacks after analysing a new strain of computer virus.

Don Smith, Director of Secureworks Counter Threat Unit, said his team had the group “bang to rights”.

“We weren’t surprised the group resurfaced.

“GandCrab offered a good return for criminal actors. It’s unlikely an existing and proficient group would just walk away from that.”

The justice system came under criticism this year, as it was claimed cyber crime wasn’t being taken seriously by the police and CPS.

This statement was seemingly backed up by data provided by HM Courts and Tribunals Service who revealed that there has been a total of 442 prosecutions brought under the Computer Misuse Act 1990 (of which cyber crime falls) over the past decade.

These numbers seem alarmingly low, when you think of all the data breaches and hacking scandals you hear about in the press. But law enforcement is slowly ramping up the pressure on the cyber criminals.

The Dedicated Card and Payment Crime Unit (DCPU) dismantled 13 organised crime groups in the first half of 2019.

The DCPCU is a unique proactive police unit, with an ongoing brief to seek successful prosecution of offenders responsible for card, cheque, and payment fraud crimes. In 2018 they achieved an estimated saving of £94.5 million from preventing and interrupting fraud.

So far this year, 39 fraudsters have been convicted, serving a combined total of 44 and half years in prison.

The £30,000 seized from these organised crime groups is double that of the same period last year, proving a great success for the DCPCU.

Detective Chief Inspector Gary Robinson commented that:

“These figures are testament to the hard work of the DCPCU officers who are on the front-line in the fight against fraudsters. The criminals involved are becoming increasingly organised and dangerous. We are seeing gangs involved in drug trafficking and firearms offences turning to fraud, targeting victims across the UK.”

Since the DCPCU was set up in 2002, the unit has prevented or disrupted over £600 million of fraud, including £6.8 million in the first half of 2019. Despite the unit’s success, each day more sophisticated techniques are being employed by criminals.

How can I stop cyber criminals from infiltrating my organisation?

Here are some steps you can take to protect your business from cyber criminals:

  • Adopt the Government accredited Cyber Essentials certification, demonstrating that you take cyber security seriously
  • Change your passwords regularly, and ensure these passwords are complex (a mixture of letters – upper and lowercase – numbers and special characters)
  • Ensure your anti-virus software is up to date
  • Ensure your systems have the most recent patches in place
  • Always take a second to think about emails. Don’t respond or open suspicious looking ones. Report anything suspicious to your IT department
  • Adopt a positive cyber culture in the workplace. Encourage reporting and ensure people are all following the same procedure

Take a look at our Cyber Criminal Video for more information.

Missed Day 5 which focused on Domain Name System Attacks? Fear not, you can read it here.