The National Crime Agency (NCA) and its subset, the National Cyber Crime Unit (NCCU), have safeguarded more than 1m victims from cyber crime, according to official figures.
The data, published in the NCA’s annual report and accounts for the financial year of 2020-21, has been analysed by litigation practice Griffin Law.
It found the NCA had coordinated 490 ‘prevent’ interventions against individuals at risk of becoming future cyber offenders, and taken down or suspended 270 criminally controlled websites.
In addition to this, the NCCU’s operational activity surged in the last financial year as the report found the unit had actively pursued 34 per cent of all cyber ‘disruptions’ in 2020-21, compared with just 13 per cent in 2019-20 – a nearly three-fold increase year-on-year.
A large quantity of the operational activity recorded this year was in relation to a five-week NCCU-led and nationwide investigation into WeLeakInfo[DOT]com.
This resulted in the arrests of 21 cyber criminals who had paid to access WeLeakInfo, which hosted 12bn stolen credentials, in order to download personal data for use in further offences. As well as the arrests, Cyber Prevent Officers visited a further 60 individuals to warn them to cease and desist from criminal activity.
Edward Blake, cyber expert and area vice president EMEA for Absolute Software, said: “The NCA is doing a fantastic job in the fight against cyber crime, providing significant support to organisations at a time when cyber threats are surging due to the chaos of the pandemic.
“However, the figures in this report underline the very risk cyber criminals pose to businesses, particularly with hybrid working models on the rise.”
He added: “In this new era of remote and flexible working, it’s inevitable that organisations will see a rise in lost or stolen devices, which will contain critical data. It’s therefore vital to ensure the right systems are in place to track, freeze and wipe items like laptops, to keep data out of the hands of fraudsters.”
Last month, a freedom of information request by Griffin Law revealed the Financial Conduct Authority misplaced a total of 323 electronic devices estimated to be worth £310,600 over the past three years, raising questions about data protection.
Meanwhile, during the height of the pandemic in April 2020, the NCA launched a high-priority investigation into an email sent to NHS England, demanding £10m by a set deadline, or an explosive package would be left at one of its hospitals.
The investigation led to the arrest of an Italian national for attempted extortion, and he was sentenced to three years’ imprisonment in February 2021.
The agency also increased audience exposure to prevent messaging around cyber crime, more than doubling this relative to 2019-20.
This was achieved through a range of cyber ‘prevent’ campaigns, including a four-stranded Google AdWords campaign and the popular online game CyberLand, designed to introduce key cyber security concepts to children.
Cyber prevention methods against attacks targeting the NCA itself had also improved in the most recent financial year, and in 2020-21, seven Distributed Denial of Service (DDoS) attacks were prevented, resulting in zero downtime, compared with 39 attacks and around 3 and a half minutes of downtime in 2019-20.
Tim Sadler, chief executive officer at Tessian, said: “This report highlights the harsh reality that cybercrime continues to boom. Credential theft, in particular, is revealed as a lucrative business for cybercriminals today, given that these pieces of data can open the door to further crime.
“It's therefore so important that people are using strong passwords and two-factor authentication to access their accounts and are aware of the ways their data and credentials could be stolen and used against them in phishing or social engineering attacks, for example. These are simple preventative steps to help avoid falling victim to cyber crime.”
Chris Ross, SVP International for Barracuda Networks, added the NCA was playing a “critical role” in the fight against cyber crime, providing education, awareness and pursuing online attackers in an effort to bring them to justice.
“Whilst this report demonstrates that huge progress is being made, the fact is that sophisticated ransomware attacks on businesses and public sector organisations are on the rise,” he said.
“Failure to have these systems in place and train employees to spot potential threats, could lead to cyber criminals obtaining and encrypting data, paralysing businesses and critical national infrastructure.”
sonia.rach@ft.com
What do you think about the issues raised by this story? Email us on FTAletters@ft.com to let us know
