Since there have been rapid advancements in technology in recent times, more and more criminals are going online to find ways to make money. A report from the BBC showed that victims of cyber-crime in the UK lose more than £190,000 a day (almost £70m per year) to cybercriminals, yet research from the ABI has shown that only around 11% of UK businesses take out cyber insurance, which is rarely included in a standard business insurance package.
The most common cyber-crimes in the UK are Phishing, Ransomware, DDoS Attack, Viruses and Attack Vectors.
Phishing, Vishing, Smishing and Spear Fishing are all different ways that criminals will attempt to steal information from you such as personal identification numbers (PINs), card details and passwords. Vishing focusses on voice phishing, usually over the phone, and Smishing works to attack you via SMS. Spear Fishing is the collective term for all forms of phishing.
Ransomware is malicious software that stops the victim from accessing files until a ransom is paid to the criminal. There is also little guarantee that once you have paid the ransom that your files will be returned or restored, as the criminal will likely need to destroy the files to help them get away with the crime.
Hiscox UK found that a new victim will experience a ransomware attack every 11 seconds by 2021, an increase from 2019, currently a ransomware attack occurs every 14 seconds.
A Distributed Denial of Service (DDoS) attack is where criminals will attack a business’s website by overwhelming a server or network so that the website goes offline. Criminals will usually then strike by breaking into the system whilst the business focusses on restoring the website.
Motivations for the attack tend to be for blackmail and revenge from disgruntled employees but has also been used by protest groups, who target websites for political reasons.
Computer viruses are common forms of cybercrime which usually look to change the way that your computer will operate. Viruses are easily spread from computer to computer, often by opening an email attachment, running an executable. file, visiting a harmful website or using an infected storage device.
Common viruses include Worms, Adware, Spyware, Bots and Trojan Horse viruses. According to statistics from the Office for National Statistics, there were 442,000 cases recorded of malicious computer viruses reported year ending June 2019.
Attack vectors are the ways that criminals will get into your systems to either infect with malware or to take data. Attack vectors are also known as a hack.
There are 4 attack types that criminals will use to access your computer systems:
- Drive-by attack –when a criminal will target a user through their browser, infecting their computer if they visit a website designed to spread malware. Criminals can also compromise legitimate websites which they can use to infect the user directly or redirecting them to a malicious website.
- MITM (Man in the Middle) –alters communication between users, manipulating users into giving confidential data whilst under the impression they are speaking to a legitimate party.
- Zero-Day attack – Software that has just been released to the general public may be open to attack from criminals as it may be largely untested towards cyber-attacks. Criminals will exploit this new software before new patches can be introduced.
- SQL Injection – A Structured Query Language (SQL) Injection is when an attacker inserts malicious code into a server that uses a domain-specific language. An SQL Injection is particularly effective against software that has a security vulnerability and the attack forces a server to give access to a cyber-criminal.