Crooks are winning the 'cyber arms race', admit cops

Police and businesses are losing the 'cyber arms race' with criminals who are getting increasingly sophisticated, the UK's National Crime Agency (NCA) has warned.

In its first Cyber Crime Assessment report, the agency warned: "The accelerating pace of technology and criminal cyber capability development currently outpaces the UK's collective response to cyber crime. This 'cyber arms race' is likely to be an enduring challenge."

The warning comes just days after another report, which said the idea of the lone-wolf hacker was outdated and preventing businesses from responding properly to online threats.

See also

Cybercrime kingpins are winning the online security arms race

Cybercrime is getting bigger and more organized. It's time to throw out the idea of the lone-wolf attacker.

Read now

The most advanced and serious cybercrime threat to the UK comes from a small group of sophisticated international crooks, according to the NCA report.

It said a few hundred international cybercriminals -- operating in organized groups -- are targeting UK businesses to commit "highly profitable" malware-facilitated fraud. These cyberattacks include attacks directly targeting business systems, as well as attacks against individuals.

While the most serious threat comes from these international crime groups, the majority of cybercriminals have relatively low technical capability. However, their plots are made much easier by a growing online criminal marketplace, which provides easy access to sophisticated and bespoke tools and expertise, allowing these less-skilled cybercriminals to exploit a wide range of vulnerabilities.

Fighting back against the criminals would requires action from government, law enforcement, industry regulators, and most importantly, business leaders, it said.

The assessment shows that cybercrime activity is growing fast and evolving, with the threats from distributed denial of service (DDoS) and ransomware attacks increasing "significantly" in 2015, although data breaches are the most common cybercrimes committed against businesses.

The report warns that under-reporting of crime by businesses continues to obscure the full impact of cybercrime in the UK. "This shortfall in reporting hampers the ability of law enforcement to understand the operating methods of cyber criminals and most effectively respond to the threat," it warned.

Read more on cybersecurity

• The government's encryption plans remain impossible to decipher
• The new art of war: How trolls, hackers and spies are rewriting the rules of conflict
• Inside the secret digital arms race: Facing the threat of a global cyberwar
• Surveillance laws need rethink, but bulk collection of web data will continue
• The undercover war on your internet secrets: How online surveillance cracked our trust in the web
• The impossible task of counting up the world's cyber armies
• Encryption: More and more companies use it, despite nasty tech headaches