Cyber crime featured heavily in security news coverage in 2013, with cyber criminals and cyber law enforcers upping their games with each passing month.
Big and small businesses alike and the banking and financial sector in particular have come under increasing attack this year by cyber criminals primarily motivated by financial profit.
Stealing online credentials with a view to committing fraud emerged as a popular criminal tactic, with Adobe and several other high-profile companies reporting compromises of customer data.
But with cyber crime costing UK business an average of £3m a year, international and local law enforcement has increased efforts to engage with business to tackle this problem.
The UK’s cyber crime fighting capabilities were given a boost in October with the official launch of the National Crime Agency (NCA), incorporating the National Cyber Crime Unit (NCCU).
Since its inauguration, the NCCU has reported several key arrests and convictions.
The UK government increased its focus through the year, with prime minister David Cameron pledging in November that UK and US intelligence agencies will join forces to police the dark web.
Big software suppliers continued their commitment to disruption as a strategy against cyber criminals, with Microsoft announcing the launch of a new cyber crime centre.
Here are Computer Weekly's top 10 cyber crime stories of 2013:
Cyber crime costs UK organisations around £3m a year on average, according to the Ponemon Institute’s second annual Cost of Cyber Crime Study. Of a sample of six countries in the global study, the UK was above only Australia with an annual average cost of £2.27m. The US (£7.18m) was top of the list, followed by Germany (£4.7m), Japan (£4.18m) and France (£3.22m).
The NCA has changed the UK law enforcement landscape, says Andy Archibald, head of the NCA’s National Cyber Crime Unit. According to Archibald, the difference is due to the fact that the NCA is the mandated lead for the UK’s response to serious and organised crime. This means the NCCU is able to work in partnership with all stakeholders to better assess, understand and prioritise cyber threats.
The UK National Cyber Crime unit issues a warning of a mass email-borne malware campaign aimed mainly at SMEs. The emails appear to be from financial institutions, but carry malicious attachment that can install Cryptolocker malware, a type of ransomware.
The UK's National Crime Agency arrests a 28-year-old British man on suspicion of hacking into US military and government system. US prosecutors named the man as Lauri Love, of Stradishall in Suffolk. He was arrested under the Computer Misuse Act (CMA) on 25 October and released on bail until February 2014, having previously been charged in the US.
The new National Crime Agency (NCA) has notched up its first conviction of a phishing offender, following an investigation by the agency’s National Cyber Crime Unit (NCCU). Olukunle Babatunde, 27, of Croydon, south London, was sentenced to five and a half years in prison by the Inner London Crown Court, after pleading guilty to several offences, including conspiracy to defraud UK banks, financial institutions and their customers of up to £751,000.
More than half of the world’s 50 biggest bank websites have been hit by security incidents in the past eight years, a study has revealed. High or critical risks made up 15% of the total incidents discovered, affecting 11 banks, according to research by Swiss IT security services firm High-Tech Bridge.
Prime minister David Cameron says UK and US intelligence agencies will help fight child abuse images on the dark web, which is inaccessible to search engines. Child protection experts have warned that most illegal abuse images cannot be found through normal web searches because they are hidden on encrypted peer-to-peer networks. But Cameron said the dark web can be policed, and that the skills of the intelligence communities in the UK and US will be harnessed to do so.
Enterprise information security needs to go beyond traditional ways of thinking, according to Hewlett Packard. Information security professionals need to recognise their adversaries are organised around a common goal of stealing data and are specialising in each stage of attack said Art Gilliland, global security lead at HP. As a result, adversaries can typically far out-spend and out-innovate individual companies because crime is a profit centre. The only way to compete, said Gilliland, is to focus on disrupting adversaries and the cyber attack marketplace.
Adobe has revealed that a recent cyber attack compromised more than ten times the number of accounts initially reported. Just after the breach, Adobe chief security officer Brad Arkin said in a blog post that 2.9 million accounts had been affected, but the firm now says the figure has around 38 million active accounts.
Microsoft has opened a Cybercrime Center that combines legal and technical expertise, tools and technology, with cross-industry expertise. Based at the company’s main campus in Redmond, the Microsoft Cybercrime Centre is designed to be a centre of excellence for advancing the global fight against cyber crime. Each year, cyber crime takes a personal and financial toll on millions of people around the world, including 58% of UK adults, according to research by Symantec.