Crime stats show switch in focus by cyber criminals

The latest crime survey for England and Wales from the Office for National Statistics (ONS) for the 12 months to September 2018 shows cyber crime is more likely than physical violence or robbery.

The survey found that 1.83% of adults experienced a computer misuse crime, making it more likely than violence (1.75%), theft (0.8%) or robbery (0.3%).

Overall, there was a 33% decrease in computer misuse offences estimated by survey, which is attributed to a 45% decrease in crimes involving malware. However, stats contributed by Action Fraud – which include businesses in their data – found reported compute misuse increased by 12%.

This correlates with the finding of a report from the Parliament Street think tank published in December 2018, which said police investigations into cyber crime were up 14% in a year, with officers forced to follow up over 2,500 complaints of Instagram, Facebook, email and website hacking, and bitcoin ransom, despite a rise in violent crime.

Action Fraud also logged a drop of 25% in reported malware, but saw a significant rise in social media and email hijacking, which increased by 35% in the 12 months under review.

The findings suggest hackers are switching tactics to become more covert, attempting to hijack social media and email accounts and profiteer through spying on organisations and impersonating victims, according to Fraser Kyne, CTO for Europe at malware protection firm Bromium.

“Once again we’ve seen a drop in computer misuse, but what’s particularly interesting is that Action Fraud – which collects data from businesses – saw a 12% overall rise in reported cases, driven by an increase in email and social accounts being compromised,” he said.

The results support what Bromium has seen in the past few years. “As hackers have become much more resourceful, changing their tactics to get the best results,” said Kyne.

The statistic show that while there was a 145% rise in malware in 2017, that dropped by 25% in 2018 as hackers switched tactics to hijack email and social media accounts.

“The risk here for organisations is that hackers are still exploiting the weakest link in security – people. Business email compromise can be particularly effective for spying on organisations or impersonating users to gain funds, hijack further accounts or attempt to gain access to critical IP [intellectual property],” said Kyne.

It is also worth noting, he said, that Action Fraud’s stats reflect only reported crime. “These detected events prove that hackers are still bypassing defences. But we must also assume that malware is breaking through and remaining undetected.

“This is why we need tools that can protect us from the things that we can’t see or detect, particularly as hackers are constantly changing tactics,” he said.

According to Kyne, organisations in the UK need to stay vigilant, adopting layered defences that utilise application isolation to take the responsibility of security away from users. “Keep critical IP protected and ensuring they can stay one step ahead of resourceful cyber criminals,” he added.

At the International Security Expo 2018 in London, detective chief superintendent Pete O’Doherty, lead of cyber and head of economic crime at the City of London Police, described cyber crime as the “most significant harm” in the UK facing police, but said cyber crime is still “significantly under-reported”, which is a big problem.

“We want every victim of crime, which includes businesses, to report those crimes – because if we know what the true scale of the problem is, we can start to develop an intelligence-led, coordinated response,” he said.