Speaking at the ATM & Cybersecurity 2019 conference in London, detective superintendent Andrew Gould, National Cybercrime Programme Lead, National Police Chief’s Council, detailed common attackers, attack tactics and the most common ways to prevent them from happening.
Saying that the main attack groups were “no great surprise,” he highlighted the hostile states as having different motives but having “really invested in their capabilities” which he said was the main challenge, as “if a hostile state comes after you as an organization they are probably going to get you” unless you have significantly invested in your protection. “For most people though, that is probably not going to be a significant concern.”
However, a rising threat is from organized crime, which he said has involved a blurring between a hostile state and organized crime, whether it is being franchised or “tasked out,” while there are organized crime groups who do this as a way to make money.
What has also been a major concern over the last couple of years is “more and more high-level sovereign state tools leaked out.” He explained that these may have been the preserve of American intelligence agencies, but are now in the wild and “available for anyone to download and use as part of criminal enterprise.”
As well at attacks such as more DDoS and Business Email Compromise, Gould also said that “the most common type of cyber-dependent crime, where computers are attacking computers” and affecting organizations, is ransomware. While he admitted that detections and infections are down, the trend is towards more targeted ransomware, and recommended businesses protect and test backups.
In terms of sophistication, Gould said that attackers are getting better in how they are targeting organizations, as one in five “are successful with spray and pay” techniques. “Actually a lot of criminals are investing time and effort in their targets, and we make it easy for them by putting our personal information online,” he added.
Moving on to the role of the police, he acknowledged that the attitude of the police toward cybercrime has changed over time; “we know there are millions of offences committed in the country each year, but only 25-26,000 of those get reported to Action Fraud.”
However, that has improved, Gould said, “and now we've got teams dealing with cyber-dependent crime like ransomware in every force in England and Wales, when 18 months ago nothing existed.” He continued that every incident is investigated and every victim is advised “to stop them being a victim again.”
He concluded by highlighting the most common mistakes that businesses make in dealing with cyber-incidents, which were:
- No plan, nothing exercised
- Unmapped and poorly understood networks and endpoints
- Business negotiates with blackmailers
- Slow to ask for police help (if at all)
- Only communicate with police through lawyers
- Media messaging does not consider secondary fraud
- Ineffective back ups
Join our webinar on 24th October where we will be discussing advanced attackers, and how to defend against automated attacks - register here