On Thursday (18 October), the Office for National Statistics published the results of its latest crime survey, and it features some eye-catching stats. According to the release, the number of cyber crime incidents involving the public in England and Wales has fallen by 30 per cent in 12 months, from 1.6m to 1.1m.
After a year of data breaches, malware attacks and phishing campaigns, this may come as a surprise to many in the industry – but it’s worth considering the context in which the data was collected, and exactly what it reflects.
Here’s the full breakdown:
|Offence group||Jul ’16 to Jun ’17||Jul ’17 to Jun ’18||Percentage change||Asterisk for statistical significance|
|Unauthorised access to personal information (including hacking)||535||515||-4|
|Unweighted base – number of adults||17,029||30,262|
The fall is driven by a drop in the number of viruses, not breaches
Crime data has always been troublesome. The National Crime Survey was introduced in 1982 in an effort to establish an accurate assessment of how many crimes are committed every year. Rather than looking just at reported incidents, the ONS decided to survey members of the public in England and Wales to find out how much crime hadn’t reached the police. But it doesn’t include crimes exclusively affecting businesses, which is a key caveat for this data.
In 2015, the survey was updated to include computer misuse for the first time, and the data was split into two categories: computer viruses, such as ransomware, spyware and cryptomining malware, and unauthorised access to personal information, including the kind often stolen by hackers.
“Up to the year ending September 2017 the questions were asked of half the survey sample,” the ONS states. “From October 2017 onwards the questions are being asked of a full survey sample.”
However, it goes on to explain that the estimates were approved by the Office for Statistic Regulation in March, and that the overall percentage change is statistically significant.
As the ONS notes, the 30 per cent decline in computer misuse is driven by a dramatic drop in the number of incidents involving computer viruses, which fell by 43 per cent – from just over one million to 606,000. This data is corroborated by the latest results from the City of London Police’s National Fraud Intelligence Bureau. While the NFIB reported a 4 per cent rise in cyber crime in the year ending June 2018, the rise was “less pronounced than that seen in year ending June 2017” because, as the ONS states, there was “a notable decrease of 24 per cent for the latest year in computer viruses (down to 6,260 offences)”.
If last year was the year of ransomware, 2018 may be the year of cryptomining
Security experts often describe 2017 as “the year of ransomware”. Microsoft Windows exploits developed by the NSA and later stolen and dumped on the dark web were a gift to cyber criminal groups, giving inexperienced hackers the chance to launch extraordinarily sophisticated attacks.
A group since linked to North Korea was one of the first to seize on the opportunity. They used the NSA’s EternalBlue exploit to launch a massive attack that swept through hundreds of thousands of computers around the world, encrypting data as it spread.
However, by the end of June 2017, when the ONS’s figures refresh, WannaCry’s once seemingly relentless march had all but ground to a halt. It was followed just weeks later by another strain of ransomware known as NotPetya, which hit dozens of companies around the world, but had limited impact on consumers, and would have minimal, if any, influence on the ONS’s latest figures.
In the last 12 months, many attackers have moved away from ransomware altogether. “An increasing number of cybercriminals view cryptoware as a more lucrative alternative to ransomware,” says Redscan’s cyber security director Mark Nicholls. “Malware is secretly installed onto unsuspecting hosts in order to harness their computer processing power for the purpose of mining cryptocurrency, which is then transferred to an attacker’s digital wallet.”
“Unlike a ransomware, there is no message to tell the victim they were hit; the malware simply runs in the background,” adds Nicholls. “There’s no such thing as a victimless crime, however. Crypotojacking cost UK citizens and businesses millions in lost productivity, while these attacks can also be used as a springboard to launch other threats.”
Webroot’s latest threat report revealed a “massive shift from ransomware to cryptomining” in the first half of the year.
The fall in data breaches is statistically insignificant
The other half of the data is also intriguing. Given the spate of data breaches in recent months from British Airways to Ticketmaster, some might be surprised to see that there was a four per cent fall in unauthorised access to personal information in the last year. It’s worth noting at this stage that this drop is not deemed statistically significant and that many of the biggest breaches of the last few months emerged largely after the ONS stopped surveying people. The magecart card-skimming campaign, for example, which appears to have been responsible for some of the biggest breaches of the year, including BA and Ticketmaster, appeared to peak in mid-September, several weeks after the ONS stopped gathering the data.
But drawing trends is difficult
The rise of more discreet exploitations such as cryptomining may have a part to play in the significant decline in virus incidents, but it’s worth bearing in mind that the data points, while deemed statistically significant by the ONS, cover just two years. The ONS’s researchers warned that “caution must be taken in drawing conclusions about trends at this early stage”. While the data appears to show an extreme decline in incidents, it’s too soon to conclude that we’re winning the war on cyber crime.