Will Lyne, Head of Cyber Intelligence at the National Crime Agency, is speaking at this week's infosecurity europe conference about cyber criminal trends. Ransomware, and other varieties of Cyber Attack on the Public, Are, He SAID, BOCCEMING Commoditised Beyond The Traditional Provenance of Russian-Specing Expert Coders.
Lyne has worked in law enforcement for over 15 years. From 2011 to 2013, He Worked In Afghanistan Delivering Countter-Narcotics Investigations with Local, Military and International Partners, Before Joining The National Cyber Crime Unit in 2013. Cyber Division in Washington from 2016 to 2020.
He has played a leading role on high-profile cases including disrupts of the Evilcorp Cyber Crime Group, and Operation DestabiliseWhich disrupted a Multi-Billion Global Russian Illlicit Finance Network.
Lyne is also currently working on a Doctorate at the University of Cambridge Institute of Criminology, focusing on the ecosystem that generates raansomware.
In an interview in advance of Infosec, He Said Ransomware is the Highest-Priority Cyber Crime Threat to the UK, and have gone from a “Niche cyber crime issue in the late 2010s to eating a newness to bes.
“In 2021, we had really significant attackers like the ransomware attack on Colonial pipeline“Said lyne.
At infosec, he's speaking on a panel called Ransomware 3.0: How Attackers are changing their thinkingALONGSIDE JEREMY BANKS, Vice-Cair of the NPCC Cybercrime TEAM at the National Police CHIFS Council; Magnus Jelen, Lead Director of Incident Response for the UK and Emea at Coveware by Veeam; And Jen Ellis, Founder of Nextjensecure.
Ransomware ecosystem
What is meant by an “ecosystem” in the context of ransomware? Lyne said he thinks of ransomware as a product or symptom of a cyber crime ecosystem, which is best undersrstood as a collection of individual threats and teachnical capabilities that are available Internet, and that come togeether and interact to form steps of a cyber crime business model.
“The ecosystem enables cyber crime,” He said. “Ransomware is the most pernicious of cyber crime threats, and the most significant that we're looking at at the moment. It is our priority cyber crime thret with Security issue in its own right, and i think that it will continue to be our highest priority for some time to come. “
The harm is to the public and is not only financial, but psychological, social and economy, he said. “It's like drugs – the harm there is not just to the people taking them,” said lyne.
He said the Scattered spider Cyber crime group that seems to be behind the recent spate of attackers on retailers, notably marks & spencer, is interesting as an instantiation of current trends. It is not a russian-language group, but anglophone, and most staffed by young male teens and 20s, with no real need for advanced computer coding skills. It's teenage kicks.
“We are seeing lower barriers to entry [to cyber crime]WITH Reduced costs of buying tools and the language skills needed to get in, “said lyne.
Nor is this democratization of cyber crime down to the risk of generative ai, he said. “While 10 years ago, You could buy someone type of cyber capability and tools online, now you can get more powerful ons – IT's cheaper and emier,” Said lyne. “The tooling required is more accessible now, so it opens up the field to non-Russian Cyber Criminal Groups. We aree Symptom of that. “
But even the traditional Russian Cyber Crime Groups are not like Hierchical Sicilian Mafia Operations. They are more like managed tech startups than well-run, large it companies, he said. “Evilcorp did have a Well-Understood Hierchy, but most do not,” added lyne. “They operate with a 'minimum viable product' to make the money they want to.”
Nevertheles, the ransomware threat is evolving.
“We've Had Commodity Ransomware, Then you Had Human-Operated Ransomware, and Double extraction came in where they're stealing sensitive data from victims and channel are using that as extra leverage. “We're Increasing Encryption-Less extraction, where groups are just stealing data from Victims and extrating them.
“We're also see a shift of threat actor moving away from using the big centering platforms, the big marketplaces where they used to go and obtain credentials for potential Victims, bee're seeing a lot of Thos interactions go to more peer-to-peer trading in the ecosystem, ”Added lyne.
He finished the pre-conference interview with computer weekly with an appeal to Information Security Professionals to Consider joining the National Crime Agency.
“I love this job,” said lyne. Yes, we are facing up to bad dudes, but that provides motivation trust of the harm they do to vulnerable members of the public. Though
“We can't do it in isolation,” he added. “With the drugs threat, we know a lot from where the drugs are grown to who the dealers on the street are. disruption of lockbit Evil corp there was a kaleidoscope of national and international law enforcement partners to deliver that.
“We're collaborating really well in the public sector, with our partners in policing or partners Across Government – Better than we ever have been – both nationally and internationally,” SAID Lyne. “But we're also partnering with the private sector better than we've ever been as well, and that is really important for us to be alive to do what we do.”