[BreachExchange] Cybercriminals loot billions from the UK, but no one reports it

[Audrey McNeil]

http://www.cso.com.au/article/603087/cybercriminals-loot-billions-from-uk-no-one-reports-it/

The UK is spending billions of pounds on cybersecurity to combat what the
government believes is a multi-billion cost each year, but few individuals
and businesses report cybercrime incidents.

The UK’s National Crime Agency (NCA) is worried about the
professionalisation of cybercrime and its impact on Britain’s multi-billion
pound online economy, but it can’t size up the because most affected
businesses and individuals don’t report it, it said in a report published
on Thursday.

The Office of National Statistics estimated there were 2.46 million “cyber
incidents” in 2015 — ranging from distributed denial of service (DDoS)
website flooding attacks to ransomware — and 2.11 million victims
cyber-crime. Official reporting channels however recorded just 700,000
“cyber-enabled incidents” that year, according to the NCA.

Meanwhile, the UK’s data protection watchdog, the Information
Commissioner’s Office, received just 200 data breach reports in 2015.

The NCA believes the vast majority of cybercriminals aren’t skilled, and
that just a few hundred individuals residing outside the UK constitute the
most serious threat to the nation. The more sophisticated attackers are
adopting industrial processes to scale their operations, it warned.

The groups on the agency’s radar are behind some of the most troublesome
banking malware globally, such as Dridex, which has more recently been
linked with file-encrypting ransomware such as Cerber and Locky.

The agency also warned that “technically competent” UK-based cybercriminals
engage in DDoS attacks and extortion threats in the form of publishing a
target’s sensitive data online or by encrypting valuable data.

The NCA report doesn’t expose any major new trends in cybercrime, but
appears instead to be an appeal to the public and business leaders to be
more vigilant about online attacks, both in awareness and reporting when an
incident is noticed.

It also doesn’t mention the breach of ISP Talk Talk in 2015, the UK’s most
high profile recent corporate cyberattack, which affected over 100,000
customers, cost the firm tens of millions pounds, and damaged its stock. A
select committee in June recommended that CEO pay be cut if the firm they
lead has lax security.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160708/c27b1616/attachment.html>