Online is the front line against organised crime, says the National Crime Agency Director General Dame Lynne Owens as the NCA releases its 2021 National Strategic Assessment (NSA) of Serious and Organised Crime. The report covers the smuggling and distribution of guns and drugs; sexual abuse of children; cross border trafficking and smuggling of people; exploitation of people; industrial scale frauds; ransomware attacks and the laundering of dirty money in and through the UK.
As the NCA says, the past year has seen covid-19 change the landscape; the NSA shows that organised criminals have adapted their methods to survive. In particular, offenders have turned to online spaces, increasingly using tech to commit crimes at scale and avoid detection.
Ransomware attacks have increased, in frequency and impact. It is estimated that half of all ransomware attacks included a threat to publish stolen data and over the last year there were £3bn of estimated fraud losses for UK individuals and businesses, but an accurate figure is constrained by significant under-reporting, says the Agency.
The dark web remained a market where offenders traded illegal commodities such as firearms and drugs; offenders have increasingly turned to specialist and commercially available encryption tools to hide their communications. Criminals increasingly used cryptocurrencies to aid their money laundering, at least in part because the pandemic made it harder to move cash.
And criminals continue to use technology to exploit children at scale. Online exploitation has been shown to enable offending in the real world, with the online grooming of children leading to physical abuse and the large scale blackmailing of children to abuse themselves. The assessment concludes that despite significant operational and policy responses, the child sexual abuse threat continues to grow, exacerbated by rising online activity.
You can read the 35-page document at the NCA website.
Dame Lynne Owens said: “The National Crime Agency, together with our operational partners, is disrupting more and more serious and organised criminality.
“But as our latest assessment shows, the threat to the UK from crime groups supplying drugs and firearms, trafficking vulnerable people, defrauding individuals and businesses, and from cyber criminals and child abusers, has proved resilient, including during the pandemic. Covid has shown these criminals for what they are – corrupt and exploitative.
“This year’s NSA shows how criminal exploitation of technology is central to the threat. For law enforcement, the front line must now be online, as well as on our streets.
“Whether in the real world or online, the NCA will continue to identify and pursue the criminals who pose the biggest risks to our families, communities, the integrity of the state, and its prosperity. No one involved in serious and organised crime in the UK should consider themselves beyond our reach.”
Comment
Bindu Sundaresan – Director, AT&T Cybersecurity, said: “Ransomware has evolved beyond the commodity. Widespread attacks are intended to infect a single endpoint, and include more advanced techniques, such as file-less malware and data exfiltration. One of the biggest drivers of ransomware success is the adoption of the Ransomware as a Service (RaaS) distribution model. These new strains of ransomware make prevention and planning more critical than ever to prevent attacks. Concurrently, ransomware authors are increasingly selling access to (RaaS) offerings that increase the number of attackers and malware variants. 2020 was the year of ransomware, with the wide availability of (RaaS) and the shift to double extortion tactics from attackers.
“With the traditional threat of ransomware still front and centre and the added threat of data for sale on underground marketplaces, security leaders must plan for resiliency. Ransomware is not only cheap to purchase and download; it is also easy to spread with every business being a target, considering the current digital lifestyle. The rise of the RaaS distribution model is allowing budding criminals a straightforward way to start a cyber-extortion business with typically no technical expertise required, flooding the market with new ransomware strains. In fact, the growth in RaaS platforms is likely one of the primary reasons behind the massive spike in ransomware attacks.”
