UK businesses see highest level of ransomware attacks
The UK reached its highest level of ransomware attacks in 2022 according to figures available from the Information Commission’s Office (IOC) – at 34% of all reported cybercrime.
Criminals compromised data on potentially more than 5.3 million people from more than 700 organisations according to the Data security incident trends report released by the ICO, covering the period up to Q3 2023.
The ICO’s data found ransomware incidents accounted for 20% of all incidents in 2020 before rising to 28% the next year. They then continued to increase to 34% in 2022.
Fraud continues to be one of the most significant threats facing UK businesses and citizens. In 2021, more than 80% of all reported UK fraud was cyber-enabled, but only 32% of UK citizens thought they were likely to become a victim according to the National Cyber Security Centre (NCSC).
A joint blog post from NCSC and ICO earlier this year aimed to dispel common misconceptions that can discourage organisations from reporting a cyber attack in the hope that it would increase transparency around cybercrime.
With cyber attacks continuing to cause significant disruption, the NCSC and ICO are concerned about incidents which go unreported because every ‘hushed up’ case that isn’t shared or fully investigated makes other attacks more likely as no one can learn from them.
The blog emphasised the mistaken belief that reporting cyber attacks to the authorities makes it more likely the incident will become public, and that paying a ransom automatically makes the incident go away.
Over in the US, Jen Easterly, the Director of the Cybersecurity and Infrastructure Security Agency, issued a similar statement, saying a reluctance to report to Government “creates a race to the bottom.”
Verizon’s 2022 Data Breach Investigations Report noted an alarming rise in ransomware breaches, which increased by 13 percent in a single year – representing a jump greater than the past five years combined.
This continued with the 2023 report showing ransomware as one of the top action types present in breaches. It remained steady at 24% of all incidents and is ubiquitous among organisations of all sizes and in all industries.
This year’s Verizon Report also highlights Business Email Compromise (BEC) attacks, (which are in essence Pretexting attacks), as a particular vulnerability, with an increase of almost double across its dataset, now representing more than 50% of all incidents falling within the Social engineering pattern.
NCSC warns of enduring and significant threat
The NCSC’s seventh Annual Review has also raised awareness of the increasingly unpredictable threat landscape to the UK’s critical infrastructure.
Oliver Dowden, in the Foreword for the Annual Review, said: “We live in a dangerous, volatile world.
“The events of the last year have demonstrated the extent to which geopolitical crises and technological change impact us all, threatening not just our traditional security but our economic security.”
The NSCS warned that the UK needs to accelerate work to keep pace with the changing threat, particularly in relation to enhancing cyber resilience in the nation’s most critical sectors.
These sectors include those that provide the country with safe drinking water, electricity, communications, its transport and financial networks, and internet connectivity.
In the past 12 months the NCSC said it had observed a new class of cyber adversary – which it describes as “state aligned actors”, who it believes are ideologically, rather than financially, motivated.
In May this year, the NCSC issued a joint advisory revealing details of ‘Snake’ malware, which has been a core component in Russian espionage operations carried out by Russia’s Federal Security Service (FSB) for nearly two decades.
The Annual Review also highlights a new trend of malicious actors targeting the personal email accounts of high-profile and influential individuals involved in politics.
Rather than a mass campaign against the public, the NCSC warns that there is a “persistent effort” by attackers to specifically target people who they think hold information of interest.
It believes this is taking place in part because corporate accounts are more likely to have cybersecurity protocols in place to help prevent against phishing and other vulnerabilities.
There is also concern that generative AI-powered large language models (LLMs) will be used to generate fabricated content that hyper-realistic bots will then spread to make the disinformation more believable, and it fears deepfake campaigns are likely to become more advanced and more prevalent around national elections both her in the UK and abroad.
This year there was a jump in reports of cyber attacks coming into the NCSC, but the volumes that reached the threshold of national significance remained broadly stable.
There were, however, more incidents at the top end of the scale, reflecting more high-level and damaging incidents against the UK.
A total of 2,005 reports were received by NCSC, an increase of almost 64% from last year’s 1,226 and of those, 371 were deemed serious enough to be handled by the IM team (compared with 355 last year).
Of these, 62 were nationally significant (63 last year) and four of them were among the most severe incidents the NCSC has had to manage (compared with one last year) due to the sustained disruption they caused and the victims’ links to critical infrastructure via supply chains.
The highest proportion of incidents handled by the NCSC resulted from the exploitation of public-facing applications.
Malicious traffic around Black Friday
There were also increases in malicious bot behaviour over the Black Friday holiday sale period, with surges in traffic from non-human sources.
Black Friday has gained in popularity in the UK over recent years and with it has come an increase in the activity of bots both friendly and not so good.
The festive atmosphere is quite often accompanied by a surge of bot traffic alongside cyberattacks targeting consumers seeking attractive deals.
These bots can often have malicious intent, including hacking user accounts and causing extensive damage. The risks extend to both businesses and customers.
The three primary ways in which attackers access an organisation are stolen credentials, phishing and exploitation of vulnerabilities.
Last year cybersecurity experts and the US government warned consumers to beware of scams. The Cybersecurity and Infrastructure Security Agency (CISA) said the holiday shopping season is a “prime opportunity” for scammers and cybercriminals to take advantage of shoppers through fake websites, malicious links, and even fake charities, in an effort to steal information and money.
CISA suggested shoppers follow basic cybersecurity advice: always use multi-factor authentication, double check website addresses and make sure any emails offering sales are legitimate.
How do bots affect Black Friday?
Malicious bots are used to scalp or scrape retail websites, buy “in-demand” goods in bulk to resell at much higher prices or as a tool which searches out incorrectly assigned purchase prices, usually much cheaper than they should be, and buys them in large amounts for later resale.
Scalping occurs mainly in the e-commerce and ticketing industries and is used to buy up fast-moving goods such as event tickets, gaming consoles, and limited-edition items.
Some of the bots are programmed to proceed straight to the checkout process, bypassing the cart flow. Compared to human users, these bots take a fraction of time to fill up consumer information such as credit card details and billing addresses to speed up the checkout process.
It often leads to items selling out before genuine customers get a chance to purchase and inflates the value of the items due to the artificial “high demand”.
“Automation is now part of the public consciousness, and the barrier to entry for consumers has significantly lowered. Scalper bots, in particular, are an acknowledged money-maker.
“This creates the underlying conditions for confirmation bias. In essence, bot users only ever see the upside in their actions: They reason that no one will come to any harm,” said Bec McKeown, Cyber Psychologist and Founder of Mind Science.
Google identifies malicious activity earlier each year
Last year Nelson Bradley, a manager at Google Workspace Trust & Safety, said the multinational technology company had been seeing a spike in malicious activity online around Black Friday.
Bradley said Google was seeing increases in spam and scams starting earlier each year. On an average day, Gmail blocks nearly 15 billion unwanted messages.
In the two weeks before Black Friday 2022 Gmail blocked 231 billion spam and phishing messages, a whopping 10% higher than the average volume.
Generative AI’s inherent bias
The cover of NCSC’s Annual Review, along with the illustrations included within, were created using an image generator, powered by AI.
Interestingly, when the original prompt was added to the generator, it produced an image featuring the stylised green coding, dark quasi-dystopian images and men in hoodies hunched over laptops which have become synonymous with stereotypical representation of cyber security.
Amending the prompts to incorporate ‘inclusion’, ‘open and resilient society’ and ‘diversity’, produced images which more accurately reflected the type of future for AI and cybersecurity which the NCSC is hoping to shape.
Generative AI tools pose ethical, legal, and existential questions which society is grappling with, and will continue to grapple with, for years to come.
While AI as an emerging technology presents a huge opportunity for global governments and wider society, ‘in the context of increasing interest and intrigue from the UK public’ it’s vital that those using these technologies understand the cyber security risks.
Veracity Trust Network protects your business
The team at Veracity Trust Network always keep their eyes open, as at this time of year we always see substantial spikes in malicious bot traffic from digital ads.
This year, the spikes are especially pronounced across our customers running UK adverts, with increased malicious bot activity up to 50% higher in some cases in the UK, versus lower spikes elsewhere.
Malicious bots on digital ads at this time of year are usually focused on ecommerce websites, looking for vulnerabilities for data theft, scraping opportunities and attempting account take-over – hoping to be lost in the noise of increased traffic levels generally.
However, all websites are targets for reconnaissance to gain information for phishing attacks, or for more general hacking attempts, including content pollution or illicit material sharing, so all website owners should ensure that they have the best level of protection possible to prevent this.
Founded in 2016, Veracity was formed with one intention: to fight the rise of malicious bot activity.
Our technology began life as a tool to intelligently detect click fraud and save money for businesses using online advertising. Once it became clear that our AI-powered detection engine could do even more, and protect people from legitimately dangerous bot attacks and compromised data, we developed Veracity Web Threat Protection.
Elegantly designed to mitigate everything from data theft attempts to advertising click fraud, our engine solves problems for multiple business functions. From security to finance, marketing to data analysis, customer experience and reputation management.
It is award-winning technology* applicable to any business operating a website and works to block a wide range of bot attacks, preserving website performance, while optimising infrastructure costs and security resources.
Start protecting your website and ad spend from bot attacks by booking a call now:
*Winner ‘Tech Innovation of the Year 2023’, Leeds Digital Festival Awards, Highly Commended ‘Best Use of AI 2023’, Prolific North Tech Awards, Shortlisted ‘Cyber Security Company of the Year 2023’, UK Business Tech Awards, Winner ‘Best Innovation 2022’, Best Business Awards, shortlisted ‘Innovation in Cyber 2022’, The National Cyber Awards, Shortlisted ‘Emerging Technology of the Year 2022’, UK IT Industry Awards as well as holding Verified by TAG status.