The annual cost to the UK from cyber crime (both directly and indirectly) is in the region of several hundreds of millions to billions of pounds.
The latest National Crime Agency’s National and Strategic Assessment of Serious and Organised Crime1 (the 2021 Assessment) identified that during the coronavirus pandemic (COVID-19) criminals have exploited advances in technology to drive serious and organised crime (SOC) in the United Kingdom (UK). This finding is unsurprising as during the pandemic people have relied more and more upon online shopping and banking, and businesses have had to adapt their working practices by operating a remote working environment providing opportunities for criminals to exploit.
This article will concentrate on the key online threats to organisations in the UK from SOC which include:-
In order to respond to and survive the pandemic SOC criminals have been demonstrating resilience and adapting working practices very much in the same way as organisations have. They have taken advantage of emerging technologies and well established tools to avoid detection through using commercially available encryption to hide communication and purchasing crypto assets to launder illicit proceeds.
The annual cost to the UK from cyber crime (both directly and indirectly) is in the region of several hundreds of millions to billions of pounds. However, this estimate could be much higher as there is a concern about under reporting of data breaches to the Information Commissioner’s Office (ICO). The 2021 Assessment has highlighted that there is still a lack of awareness about what needs to be reported and to whom, and the costs associated with cyber breaches. This is in addition to a reluctance to report cyber breaches, because doing so could potentially be reputationally damaging.
The threat from ransomware attacks has been a prominent feature over the last year. The risk of business disruption or even closure coupled with the added danger of publishing data (if the ransom demand is not paid) make this threat a significant cause for concern for businesses. The ease of which SOC criminals have transitioned from attacking small to medium sized businesses to targeting larger often high profile organisations has been alarming.
A Ransomware Task Force (RTF) has been set up to develop a comprehensive framework for tackling the ransomware threat2. The RTF consists of more than 60 experts from the public and private sector including software companies, cybersecurity vendors and academic institutions working collaboratively to develop a comprehensive framework and to offer a greater understanding and awareness of ransomware. The RTF’s first report was published in April3 2021 and sets out its suggested Comprehensive Framework for Action and key ‘Goals’ to combat the risks from ransomware which are:-
Deter ransomware attacks through a nationally and internationally coordinated, comprehensive strategy
Disrupt the ransomware business model and decrease criminal profits
Help organizations prepare for ransomware attacks
Respond to ransomware attacks more effectively
The guidance issued by the National Crime Agency (NCA) following the 2021 Assessment is:-
Fraud is the most common crime category in England and Wales. Last year Action Fraud reported £3 billion in losses impacting organisations and individuals at a cost to the UK of several billions of pounds, and sadly this figure is increasing.
The speed, scale and diversity of fraudsters who were selling counterfeit, substandard and unregulated personal protective equipment and testing kits was alarming during the pandemic. What's more, there is a concern that fraudsters will seek to exploit the vaccination programmes. There has also been an increase in cyber related fraud, such as phishing attacks and online advertising leading to scams. We have recently seen scams from text messages purporting to come from the Royal Mail requesting payment for missed deliveries4 or scams relating to the Census requesting a fee for incorrect of late submissions of the Census5.
It is not just the pandemic fraudsters are exploiting, they are also taking advantage of Brexit and the uncertainty around new regulations by spreading misinformation campaigns via malicious emails. There are a number of government initiatives aimed at offering information and guidance on how to avoid falling victim to fraud including the ‘Take Five to Stop Fraud’6, ‘ScamSmart’7 and Cyber Aware8 campaigns and the advice is:-
SOC criminals will continuously adapt their modus operandi to avoid detection and seek to exploit those most vulnerable. They are taking advantage of the opportunities available to them during the pandemic. It is estimated that in excess of £12 billion of illicit proceeds are generated each year in the UK.
Like most businesses during COVID-19, SOC criminals have turned to technology to operate their day to day activities and the use of crypto assets to launder money has increased. However, launderers have been using traditional ‘over the counter’ banking services, Money Service Businesses and Valuables in Transit operators to integrate their dirty money into the legitimate financial systems, concealing its true origins so the monies can be used undetected to further their criminal activities and fund extravagant lifestyles.
The pandemic has also seen an increase in the use of money mules, with SOC criminals using social media platforms to recruit and run money mules, especially targeting younger age groups. They have also been exploiting opportunities arising from Brexit and adopting cross border arrangements with the European Union including planned UK Freeports.
As well as targeting individuals, SOC criminals are still using companies in the UK to move and conceal their proceeds of crime, as identified in the FinCEN Files leak last autumn10. In addition, they will use the services offered by wealth management companies to obscure the true origins of their illicit proceeds. Family offices are often targeted because they do not need to be regulated and therefore removing the requirement to conduct client due diligence, verify the source of funds and wealth and monitor and report any suspicions.
Despite the above, there is no relaxation of the money laundering regulations because of the pandemic. The SRA recognises money laundering as a priority risk to the legal sector11 and urges law firms to check they keep up to date with the latest anti money laundering developments by following the:-
The UK has witnessed an unprecedented 15 months not just as a consequence of the pandemic, but also Brexit. The true impact of both significant events are unlikely to be felt for some time. Yet, time waits for no one and criminals will not be phased by such events. Criminals continue to expand their capabilities further by taking advantage of any opportunity that comes their way.
Businesses have a key role to play in combating SOC by operating a risk aware culture. This will ensure staff can recognise the threats from fraud, cyber crime and money laundering and report any suspicions to the appropriate agencies, who in turn can use this information to dismantle the business models and sophisticated structures of criminal organisations across all borders both digitally and physically.
1 National Crime Agency. (2021). National and Strategic Assessment of Serious and Organised Crime 2021. Retrieved from: https://www.nationalcrimeagency.gov.uk/who-we-are/publications/533-national-strategic-assessment-of-serious-and-organised-crime-2021/file
2 National Cyber Security Centre. (2021). Ransomware Taskforce (RTF) announce framework to combat ransomware. Retrieved from:
https://www.ncsc.gov.uk/blog-post/ransomware-taskforce-rtf-announce-framework-to-combat-ransomware
3 The Institute for Security and Technology. (2021). RTF Report: Combatting Ransomware a Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force. Retrieved from https://securityandtechnology.org/ransomwaretaskforce/report/
4 https://www.royalmail.com/help/scam-examples
5 https://www.actionfraud.police.uk/news/watch-out-for-scams-related-to-census-2021
6 https://takefive-stopfraud.org.uk/
7 https://www.fca.org.uk/scamsmart
8 https://www.ncsc.gov.uk/cyberaware/home
9 Solicitors Regulation Authority. (2020). New report highlighting dubious investment risks leads to warning for solicitors. Retrieved from:
https://www.sra.org.uk/sra/news/press/2020-press-release-archive/investment-schemes-thematic-review-warning-notice-2020/
10 Transparency International UK. (2020). Fincen Files Leak is more start Evidence of the UK’s role in global money laundering and corruption. Retrieved from: https://www.transparency.org.uk/finCEN-files-leak-uk-money-laundering-banks-suspicious-activity-report
11 Solicitors Regulation Authority. (2020). Anti-money laundering. Retrieved from: https://www.sra.org.uk/risk/outlook/risk-outlook-2020-21/anti-money-laundering/
12 HM Treasury and Home Office. (2020). National risk assessment of money laundering and terrorist financing 2020. Retrieved from the UK Government website: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/945411/NRA_2020_v1.2_FOR_PUBLICATION.pdf
13 Solicitors Regulation Authority. (2021). New guidance published to help combat money launderers. Retrieved from: https://www.sra.org.uk/globalassets/documents/solicitors/firm-based-authorisation/lsag-aml-guidance.pdf?version=4903b4
14 Solicitors Regulation Authority. (2021). Sectoral Risk Assessment - Anti-money laundering and terrorist financing. Retrieved from: https://www.sra.org.uk/sra/how-we-work/reports/aml-risk-assessment/