Ever-evolving, the cyber threat landscape in Scotland, as is the case globally, does not stay the same for long.
Even the most popular attack methods seemingly slip in and out of fashion, although their threat remains ever-present. Looking back at how the landscape has morphed over the past few years, on a UK level it is clear that 2017 was very much the year of ransomware. In fact, at one point it was determined that in 2017 six out of ten one payloads contained ransomware.
WannaCry and Petya/NotPetya, which received a considerable amount of press coverage, were among the most prevalent and damaging. There was even talk within the cybersecurity sector of companies stockpiling bitcoin to be used to pay off potential ransomware attackers, believing it to be a cheaper option than investing more heavily in cyber defences.
Heading into 2018, ransomware cases dropped, and began to be overshadowed by cryptomining cases.
Even by December 2017, ransomware infections were scoring a mere 10% infection rate, while cryptomining malware was rapidly on the rise.
In fact, Q1 of 2018 saw a staggering 629% increase in cryptomining malware compared to Q4 of 2017. Research has found that 59% of UK companies have been hit by some form of cryptojacking – the act of hijacking a user’s CPU to mine for cryptocurrencies. The first half of 2018 saw 47 new families of cryptomining malware unearthed, suggesting that numerous individuals or organisations were utilising such attacks.
There were, of course, also data breaches, with many of the larger ones making the headlines worldwide.
The real biggie involved the data theft of circa 500 million Marriott customers, although the data being snaffled from 380,000 payment cards of British Airways customers, 105,000 at Dixons and 40,000 at Ticketmaster may also stick in the mind.
- Amazon to Appeal JEDI Contract Decision
- Instagram to Make ‘Likes’ Private for Some UK Users
- Women’s Enterprise Scotland Appoints New Male Ambassadors
Card card skimming was to blame for a number of such data breaches, with the finger often pointed firmly at Magecart, which became one of the most common methods of stealing card data towards the end of 2018.
Throughout 2019, we have seen many more of these cases – not necessarily due to an increase in attacks, but possibly down to how long it often takes companies to realise they have been breached.
Tougher regulation of personal data has also had plenty of news coverage, with the introduction of the General Data Protection Regulation (GDPR) in May 2018 via the UK Data Protection Act 2018.
This new regulation, combined with the big data breaches, has surely helped to raise awareness of cybersecurity among individuals, as well as companies.
The UK Government’s Cyber Security Breaches Survey 2019 found that four in ten businesses (40%) and around a third of charities (35%) believe that cybersecurity is a very high priority for their organisation’s senior management.
About three-quarters of businesses (78%) and charities (75%) say that it is a high priority. These proportions of ‘high priority’ are higher than in 2018 (when it was 74% of businesses and 53% of charities). For businesses, there is a longer-term upwards trend going back to 2016 (when it was 69%).
Alongside this change in attitudes since 2018, the survey revealed there have also been various shifts in behaviour and action taken:
- More businesses (57%, vs. 51% in 2018) and charities (43%, vs. 27% in 2018) update their senior management on actions taken around cybersecurity at least once a quarter.
- Written cybersecurity policies are more common both among businesses (33%, vs. 27% in 2018) and charities (36%, vs. 21% in 2018).
- Both businesses (27%, vs. 20% in 2018) and charities (29%, vs. 15% in 2018) are more likely to have had staff attend any kind of cybersecurity training in the last 12 months.
- Over half of all businesses (56%, vs. 51% in 2018) and two-fifths of charities (41%, vs. 29% in 2018) say they have implemented controls in all the five technical areas listed under the Government’s Cyber Essentials scheme.5
- More charities have taken actions to identify cyber risks, such as health checks, audits or risk assessments (60%, vs. 46% in 2018), bringing them in line with businesses (62%).
- More medium businesses (31%, vs. 19% in 2018) and large businesses (35%, vs. 24% in 2018) have cyber insurance, though the proportion of all businesses (11%) and charities (6%) that have this remains relatively low.
A review into cybercrime in Scotland was conducted in 2018, which drew attention to the increase in the number of people in Scotland using the internet and the potential for criminals to exploit this growth, under the banner of cybercrime.
While this review found that incidents of cybercrime recorded in Scotland tend to be concentrated around sexual crimes, fraud and computer misuse, a number of different types of crime can, and likely do, involve the use of the internet and cyber technologies either as a precursor to a crime or in the committing of a crime itself.
The review highlighted four key ways in which cyber technology is influencing crime:
- Cybercrime is forming a large proportion of certain crime types. For example, evidence from the Crime Survey for England and Wales (CSEW) for the year ending September 2017 estimates that over half (56%) of fraud incidents (which is one of the most numerous crimes) were cybercrimes. This amounts to 1.8 million incidents during this time period.
- The internet and cyber technologies are changing the volume of certain crime types. This is perhaps most evident among sexual crimes. Detailed evidence shows that both the number and proportion of police recorded ‘other sexual crimes’ in Scotland, which were cyber-enabled, increased. Consequently, such incidents contributed to the growth in all ‘other sexual crimes’ and sexual crimes as a whole recorded by the police.
- The internet and cyber technologies are changing the nature and victimisation of certain crimes. The police recorded ‘other sexual crimes’ research found that when the specific crimes of ‘communicating indecently’ and ’cause to view sexual activity or images’ were cyber-enabled the age and relationship profile of victims and offenders changed. When incidents were cyber-enabled, both tended to be younger with median ages of 14 and 18 respectively, and victims and offenders were more likely to know of one another.
- Cyber-technologies have given rise to the introduction of an entirely new and high volume category of crime – computer misuse. Without the internet, these crimes (including computer viruses, hacking etc.) would not be possible. Evidence from the CSEW for the year ending September 2017 shows there were 1.5 million incidents of computer misuse, making it one of the numerous crimes.
“However, we are operating in a complex landscape,” the report states. “The review has drawn attention to the challenges faced by authorities to investigate and take action against online risks. These include inconsistent terminology and the spectrum of possible internet involvement in crimes. Such situations also challenge the capability of research and statistics to accurately capture the scale, nature and impact of cyber-crime.”
The review also identified gaps in the knowledge of Government Ministers. “We still need to know more about cybercrime in Scotland, such as the prevalence of different types of cybercrime, the extent of underreporting, the cost and the harm of cyber-crime,” it states. “Furthermore, little evidence is available which allows for the comparison between cyber and non-cyber incidents of the same crime, meaning that it is difficult to ascertain how such crimes differ. This review has also drawn attention to gaps around cybercrime offenders, in particular, the extent to which different kinds of individuals and groups account for cyber-crime offences in Scotland.”
The review found evidence that cybercrime is underreported to the police and other authorities. Figures from the victimisation surveys are consistently higher than in police data – most notably for instances of fraud, computer misuse, abusive/threatening behaviour, stalking and harassment. This suggests these occurrences are often not being reported to the police.
Moving forward, this review highlighted an important first step in collating and assessing the existing available evidence on cybercrime in Scotland. In addition to this review, a number of analytical workstreams have been conducted across numerous organisations, including:
Police Scotland Cyber Capability Review – a long term piece of work to ensure Police Scotland has a strategic understanding of the cyber-crime threat, and ensure policing is equipped to investigate and respond.
Scottish Institute of Policing Research ( SIPR) qualitative research which looks at policing practices from six different countries around the world. This is due to be completed in Spring 2018.
HMICS Thematic Inspection of Police Scotland response to Cyber-crime – scheduled to be carried out in 2018-19.
It is also likely that private companies and businesses, including banks, hold useful information on cybersecurity and incidents where they have been the victim of a crime, which occurred online or via cyber technology. The Scottish Government’s Justice Analytical Services division is looking to explore this further.
In the coming years, it is hoped that these developments, combined with the aforementioned analytical work, will contribute to a more complete picture about the influence cyber-technology is having on crime in Scotland. In turn, this will help Scotland to galvanise its cybersecurity and better protect its businesses and citizens.