UK law enforcement officers are working with public and private sector partners to help businesses and UK consumers guard against cyber crime.
After a number of high-profile malware threats to the UK, the National Crime Agency (NCA) is leading the initiative to help network administrators who manage key parts of the UK internet infrastructure.
The NCA will release intelligence reports through ten police Regional Organised Crime Units (ROCUs), comprising 43 individual police forces, as well as Police Scotland and Police Service of Northern Ireland.
The ROCUs will notify businesses of cyber crime threats on their systems and will include information on how they can subscribe to customised live threat data feeds.
The NCA is kicking off the initiative with intelligence reports for internet service providers (ISPs) and hosting companies.
The reports are based on data from the national computer emergency response team (Cert-UK) and the volunteer intelligence gathering Shadowserver Foundation.
The reports have identified 5,531 compromises on servers in the UK, each of which attackers can use to send spam email, launch attacks and steal information through phishing.
With phishing representing one of the most common cyber crime threats, the NCA estimates organisations acting on this advice could eliminate half the phishing attacks originating from the UK.
The initiative is part of UK law enforcement’s wider ongoing programme of engagement with industry partners, including ISPs, banks and security firms to tackle cyber crime threats to the UK and help clean up the UK’s internet infrastructure.
Cyber-security pop-up shops
On 6 and 7 March 2015, the Association of Chief Police Officers (ACPO) and four police forces will hold cyber-security pop-up shops in London, Reading, Derby and Manchester (see panel, right).
Anyone can take their digital devices to the events for a free health check and to get advice on online banking, virus protection and protecting themselves online.
The pop-up shops will provide advice from a range of cyber experts from law enforcement bodies, banks, cyber security firms and information services such as Cyber Streetwise and Get Safe Online.
Both online services provide malware clean-up tools for businesses and members of the public, as well as information and advice on many aspects of online safety.
“Behind this week’s activity is the message that all of us – as individuals, businesses or law enforcement agencies – have a role to play in making the UK a safe place to enjoy the huge opportunities provided by the internet,” said Andy Archibald, deputy director of the NCA’s National Cyber Crime Unit (NCCU).
“Awareness of the type of cyber crime dangers which are out there is vital, whoever you are, as is collaboration between organisations across different sectors, regions and countries to develop the most effective ways of combating those threats.”
Investigators develop specialist capabilities
Archibald said the NCCU will continue to work with partners to pursue and disrupt the major crime groups targeting the UK, as well as to making the UK as difficult as possible a target for cyber criminals.
National Policing Lead for Cybercrime, deputy chief constable Peter Goodman, said that, across the UK, specialist cyber investigation teams in ROCUs have developed the capability to take on cyber criminals and put a stop to their activity.
“The internet is an incredible resource for all of us and we want the public to have confidence in the digital space. We can give them that confidence by relentlessly targeting those who use the internet to commit crime,” he said.
However, Goodman said law enforcement officers along cannot prevent people being targeted by cyber criminals.
“Nor can we can mitigate all the effects of an attack. It is important that everyone does what they can to avoid falling victim to cyber criminals. I hope as many people possible make the most of the free advice being offered around the country on Friday and Saturday,” he said.
Richard Perlotto, director of the Shadowserver Foundation, said information sharing and long term private/public partnerships are essential to successfully fighting cyber crime.
“Having provided free daily notification reports to network owners, national Certs and law enforcement agencies worldwide for over ten years, we are very pleased to be able to support the NCCU in their unprecedented operation to mitigate cyber threats in the UK,” he said.
The government is encouraging UK businesses to protect themselves by using its Cyber Essentials Scheme that is industry supported and designed to protect against common cyber threats.
Government cyber security advice
A range of free government cyber security guidance and support is available for businesses, including:
10 steps to cyber security guidance for large organisations;
What you need to know about cyber security guidance for small businesses;
A free online information security training course for small businesses and their staff.
“Just being connected to the internet makes any company interesting to cyber criminals,” according to Phil Huggins, vice-president of security science at global digital risk and investigations firm Stroz Friedberg.
“Any company connected to the internet is a resource that can be exploited by criminals because of the data they hold.”
Top data targets include intellectual property and databases of personal information about employees, partners, suppliers and customers, which can be used for identity theft and fraud.
The quest for personal data is believed to be behind the recent cyber attack on US health insurer, Anthem, that reportedly exposed the personal data of up to 80 million customers and employees.