National Crime Agency rescues over 1 million victims of cyber crime

The National Crime Agency (NCA) and its subset, the National Cyber Crime Unit (NCCU) have safeguarded over one million victims of cyber crime, according to official figures.

The data, contained in the NCA’s recently published annual report and accounts for the most recent financial year (FY 20-21), has been analysed by Griffin Law, the niche litigation practice.

The analysis revealed that the NCA had coordinated 490 ‘prevent’ interventions against individuals at risk of becoming future cyber offenders, and they took down or suspended over 270 criminally controlled websites.

Furthermore, the NCCU’s operational activity had also surged in the last financial year. The report revealed that they had actively pursued over 34 per cent of all cyber ‘disruptions’ in FY 20-21, compared to just 13 per cent in FY 19-20 – a nearly three-fold increase year over year.

The report revealed that a large quantity of the operational activity recorded this year was in relation to a five-week NCCU-led and nationwide investigation into WeLeakInfo[DOT]com. This resulted in the arrests of 21 cyber criminals who had paid to access WeLeakInfo, which hosted 12 billion stolen credentials, in order to download personal data for use in further offences. In addition to the arrests, Cyber Prevent Officers also visited a further 60 individuals to warn them to cease and desist from criminal activity.

Also, in April 2020 during the height of the pandemic, the NCA launched a high-priority investigation into an email sent to NHS England, demanding £10 million by a set deadline, or an explosive package would be left at one of its hospitals. The investigation led to the arrest of an Italian national for attempted extortion, and he was sentenced to three years’ imprisonment in February 2021.

The Agency also increased audience exposure to ‘prevent’ messaging around cyber crime, more than doubling this relative to 2019-20. This was achieved through a range of cyber ‘prevent’ campaigns, including a four-stranded Google AdWords campaign and the popular online game ‘CyberLand’, designed to introduce key cyber security concepts to children.

Additionally, the NCCU issued 123 target packages against the previous years 115. This was achieved alongside an increase in Triage, Incident Coordination and Tasking logs recorded.

Cyber prevention methods against attacks targeting the NCA itself had also improved in the most recent financial year, and in 2020-21, seven Distributed Denial of Service (DDoS) attacks were prevented, resulting in 0 downtime, compared with 39 attacks and around 3 and a half minutes of downtime in 2019-20.

Donal Blaney, Founder, Griffin Law said the NCA ‘deserves credit’ for its performance but needs to do more to protect victims from online harassment, fraud and cyber stalking. “Too many cyber crime victims are left without hope, and the NCA needs to commit far more resources to taking this growing threat more seriously,” said Blaney.

Cyber expert Edward Blake, Area Vice President EMEA for Absolute Software said,

“The NCA is doing a fantastic job in the fight against cyber crime, providing significant support to organisations at a time when cyber threats are surging due to the chaos of the pandemic. However, the figures in this report underline the very risk cyber criminals pose to businesses, particularly with hybrid working models on the rise.

Blake continued, “In this new era of remote and flexible working, it’s inevitable that organisations will see a rise in lost or stolen devices, which will contain critical data. It’s therefore vital to ensure the right systems are in place to track, freeze and wipe items like laptops, to keep data out of the hands of fraudsters.”

Email security specialist Tim Sadler, CEO, Tessian said, “This report highlights the harsh reality that cybercrime continues to boom. Credential theft, in particular, is revealed as a lucrative business for cybercriminals today, given that these pieces of data can open the door to further crime. It's, therefore, so important that people are using strong passwords and two-factor authentication to access their accounts and are aware of the ways their data and credentials could be stolen and used against them in phishing or social engineering attacks, for example. These are simple preventative steps to help avoid falling victim to cyber crime.”

Chris Ross, SVP International for Barracuda Networks said: “The NCA is playing a critical role in the fight against cyber crime, providing education, awareness and pursuing online attackers in an effort to bring them to justice.

“Whilst this report demonstrates that huge progress is being made, the fact is that sophisticated ransomware attacks on businesses and public sector organisations are on the rise. From universities to hospitals and local councils, any organisation which holds valuable public data appears to be fair game to cyber criminals. According to Cyber Ventures, unfortunately, every 11 seconds an organisation will fall victim to a ransomware attack. Hackers can strike through email, websites, and applications, all of which require full cyber protection. Failure to have these systems in place and train employees to spot potential threats, could lead to cyber criminals obtaining and encrypting data, paralysing businesses and critical national infrastructure.”