Skip navigation

Effective October 28, 2019 Duo Security will be transitioning to Cisco's Privacy Statement. View the Duo Privacy Data Sheet.

Industry News

U.K. Cyber Crime Surpasses All Other Crime

The U.K.’s National Crime Agency (NCA) has reported that, for the first time, computer-related crime and misuse has surpassed all other crime types. Fifty-three percent of cyber crime is now attributed to cyber-enabled fraud and “computer misuse,” according to the agency’s Cyber Crime Assessment 2016 Report, compared to 47 percent of all other types of crime.

Banking Trojans Steal Credentials

The report credits the use and sale of financial Trojan malware as a substantial source of financial crime in the U.K., including Dridex, Neverquest and Dyre/Dyreza. While Dridex previously was used to hijack and redirect online banking money transfers to fraudulent accounts, it’s now also being used to steal banking credentials and credit card information, according to Dark Reading.

Likewise, Neverquest is used to gain access to bank accounts and other financial processing systems by harvesting stolen credentials.

Other threats to note include Distributed Denial of Service (DDoS) and ransomware attacks, which have increased due to readily-available malware tools. According to data from the U.S. Dept. of Health & Human Services, ransomware attacks have jumped 300% - from 1,000 daily attacks in 2015 to 4,000 in 2016.

What’s Old Doesn’t Work Anymore

The report also cites technological advances and improving criminal methods have rendered many corporate security tools and basic procedures unable to protect corporate networks.

This may be due to the fact that older security technology was developed to protect networks and systems - but now, we need to build security to protect users, as new threats mainly target users’ credential and devices to gain access to company applications and data, as Duo's CEO Dug Song stated in a keynote on the current state of the information security industry.

Tools like antivirus and firewalls are considered “bolted-on” security that aren’t effective against new threats. In 2014, antivirus provider Symantec infamously stated that antivirus software was dead - their senior vice president estimated that antivirus software catches just 45 percent of online attacks today, according to The Wall Street Journal.

These days, we need more solutions that protect a user’s access to applications, including a way to verify a user’s identity and a way to ensure their devices aren’t out-of-date and at risk of vulnerabilities and malware infections. Two-factor authentication can ensure trusted users, while endpoint security solutions can protect devices.

U.K. Government Invests in Cyber Defenses

In order to respond to these threats, the U.K. Government is investing £1.9 billion over the next five years in the U.K.’s cyber defenses, doubling their investment over the previous five years, according to the report.

They plan to use the money to:

  • Open a National Cyber Security Center to centralize and simplify government efforts on cyber security
  • Create a national defense program, partnering with major U.K. Internet services companies to ensure they can defend against malware and malicious sites
  • Two innovation centers to support cyber businesses and drive growth in the cyber sector
  • Develop and improve national offensive cyber capability

The NCA acknowledges that there are number of other factors that may hamper efforts to improve security - including the under-reporting of cyber crime and lack of information sharing.

Learn more in the U.K.’s NCA Cyber Crime Assessment 2016 Report.