Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Investigating Cybercrime in the UK


Published on

Presentation by Eamonn Keane at The Cyber Academy

Published in: Education
  • Be the first to comment

  • Be the first to like this

Investigating Cybercrime in the UK

  1. 1. Investigating Cybercrime in the UK Sex, Lies & Cybercrime- A pragmatic perspective. DI Eamonn Keane. Cybercrime Specialist Crime Division
  2. 2. Agenda Scottish , UK & Global Perspective! The current threat landscape! Incident Planning & Response!. Prevention. Scotland’s future. Signposting.
  3. 3. Key questions that all CEOs and CISOs should be asking this week? • "Are we vulnerable to SQL injection, ransomware or DDoS based attacks?“ • "What assurance activity have we done to confirm that we are not vulnerable?“ • "If we were compromised, would an attacker be able to gain access to unencrypted sensitive data?“ • "What assurance activity have we done to confirm this position?" • “What is our company posture on security?”
  4. 4. Cybercrime Cost
  5. 5. Cyber Regional Organised Crime Units
  6. 6. Cybercrime!
  7. 7. Stalking Bullying Cyber Fraud SOCG Sexual Offenders Indecent images of children Cyber dependent crimes e.g. hacking, malware, DDoS Anti-socialbehaviour CyberTerrorism
  8. 8. Your Title Here 1980’s Policing
  9. 9. “I can do more damage on my laptop in my pyjamas, before my first cup of Earl Grey, than you can do in a year in the field.” Q - Skyfall
  10. 10. Cyber Attacks are on the rise
  11. 11. Ransomware - Glasgow Hairdressers
  13. 13. The skillsets
  14. 14. Five key cyber crime threats • Malware targeting businesses & individual users for fraud. APT’s, RATS, • Network intrusion ('hacking') DDoS, XSS. Spear-phishing. • Enablers of cyber dependent crime (e.g. money laundering / digital currencies / anonymisation). • Cyber crime 'as a service‘ • Targeted disruption of access to UK networked systems and services (e.g. DDOS / Ransomware)
  15. 15. Old bugs come home to roost… SHELLSHOCK – HEARTBLEED – DRIDEX – CRYPTOWALL - POODLE… LOCKY
  16. 16. 5 Stages of Crypto-Ransomware
  17. 17. Virtual Currencies
  18. 18. Cybercrime-as-a-Service
  19. 19. Darknet
  20. 20. Insider Threat
  21. 21. Cyber Resilience is thorough Preparation Overarching Cyber Security Strategy! Pre-planned Exercise. Incident Management & Response Plan. Communications Strategy. Investigative Strategy. Incident Manager & Team Gold, Silver, Bronze. Mitigation & Recovery Strategy. Logistics - Contingency
  22. 22. Reporting of Cyber Incidents • Incident evaluation and early reporting. • Police Scotland 101 – Incident No. & Action Fraud. • Business continuity and impact our prime consideration. • ICT response and mitigation. Scene preservation? • Where possible preserve original copies of emails, attachments, device images and logs. • Is there a mandatory obligation to report? • Report to Cert UK / GovCert UK . • Report to Scottish Government if appropriate. • Identify point of contact for law enforcement to facilitate enquiries and evidence gathering. • Submit attack details to CISP platform if appropriate (can assist with mitigation and fix)
  23. 23. Cyber Essentials & Cyber Essential Plus Cyber Essentials concentrates on five key controls. These are: 1. Boundary firewalls and internet gateways 2. Secure configuration 3. Access control 4. Malware protection 5. Patch management
  24. 24. Cyber Essentials is not a silver bullet. However, it will prevent 80% of cyber attacks. • Having effective anti-malware means using more than “signature based” detection. The news reports all state this ransomware variant was too new for AV signatures. This means that they were not using heuristics…. • Most, if not all, ransomware relies on systems missing critical patches. • In a nutshell, Cyber Essentials would have saved the Council here. The worst that ransomware should do is a few hours downtime for one user while you restore from backups. Everything else means you’ve made major mistakes.
  25. 25. Scotland’s Response • Cyber Policing Structure – NCCU - Regional Hubs • Police Scotland Cybercrime Strategy • European & Global Co-operation EC3 • Safer Virtual Communities • Education – The Cyber Academy - DFET – SQA National Progression Awards – SBRC – Supporting SMEs.
  26. 26. Example – Tovar: Protect • International operation targeting GameOverZeus and Cryptolocker malware variants. • These malware variants are estimated to have cost the UK £500 million in losses. • Coordinated activity across 10 countries led to the botnet behind the malware being taken offline for two weeks, allowing the public to take steps to protect themselves (e.g. update anti-virus). • Combined with extensive global media coverage • 32% drop in GameOverZeus infections, estimated £100 million in losses prevented
  27. 27. Example – Dermic: Pursue & Prevent • UK investigation targeting the users of Blackshades, a Remote Access Tool able to access users’ webcams. • FBI intel - over 1100 UK-based purchases on Blackshades. • NCCU coordinated a week of arrests, involving ROCUs, MPS & Police Scotland, targeting 50+ individuals for Pursue action. • 20 arrests across 10 Regions. • Remaining individuals subject to Prevent activity – cease & desist letters, visits by ROCU & NCA officers, media coverage • Linked to a global day of action with over 100 arrests in the US, Australia, Asia & Europe. • An important test of coordination of UK law enforcement.
  28. 28. Operation Mouse - Police Scotland Website
  29. 29. Our priorities
  30. 30. WE NEED YOU
  31. 31. Thank you for listening Any Questions?