Free Police Cyber Crime Clinic being hosted in Harrogate and open to all

25 September 2024

The Yorkshire & Humber Regional Cyber Crime Unit would like to welcome you to the next Police Cyber Clinic!

They are a number of short informative talks from cyber security professionals to learn all about the Police led cyber security products and services that you can access for free to protect your business from cyber crime.

They are engaging sessions that will cover a range of topics, from the latest threats and vulnerabilities to practical steps you can take to safeguard your digital assets.

There will be opportunity to ask questions, share experiences, and network with other business owners who are equally committed to enhancing their cyber defences. Whether you’re a small startup or an established enterprise, these talks are designed to provide you with the knowledge and tools necessary to stay one step ahead of cyber criminals. This event is suitable for anyone including SMEs, businesses, charities, organisations, academia, and non-profit organisations who are looking to enhance their knowledge, awareness and skills in the ever-evolving world of cyber security.

 

 

What is cybercrime ?

Cybercrime is an umbrella term used to describe two closely linked, but distinct ranges of criminal activity.

The Government’s National Cyber Security Strategy defines these as:

Cyber-dependent crimes – crimes that can be committed only through the use of Information and Communications Technology (‘ICT’) devices, where the devices are both the tool for committing the crime, and the target of the crime (e.g. developing and propagating malware for financial gain, hacking to steal, damage, distort or destroy data and/or network or activity).
Cyber-enabled crimes – traditional crimes which can be increased in scale or reach by the use of computers, computer networks or other forms of ICT (such as cyber-enabled fraud and data theft).

Out team focusses on tackling these Cyber-dependent crimes.
Cyber-dependent crimes fall broadly into two main categories:

  • Illicit intrusions into computer networks, such as hacking; and
  • The disruption or downgrading of computer functionality and network space, such as malware and Denial of Service (DOS)
  • or Distributed Denial of Service (DDOS) attacks

Hacking
Hacking is a form of intrusion targeted at computers, including mobile phones and personal tablet devices. It is the unauthorised use of, or access into, computers or networks by exploiting identified security vulnerabilities. Hacking can be used to:

  • Gather personal data or information of use to criminals;
  • Deface websites; or
  • Launch DoS or DDoS attacks.

Disruption of Computer Functionality

Malware (malicious software) spreads between computers and interferes with computer operations. Malware may be destructive, for example, deleting files or causing system crashes, but may also be used to steal personal data. Prosecutors need to be aware that some programmes have a dual use. They have a legitimate function but can also be used for criminal purposes. Types of malware include:

Viruses are one of the most well-known types of malware. They can cause mild computer dysfunction, but can also have more severe effects in terms of damaging or deleting hardware, software or file They are self-replicating programs, which spread within and between computers. They require a host (such as a file) in a computer to act as a carrier, but they cannot infect a computer without human action to run or open the infected file.

Worms are also self-replicating programs, but they can spread autonomously, within and between computers, without requiring a host or any human action. The impact of worms can therefore be more severe than viruses, causing destruction across whole networks. Worms can also be used to drop Trojans onto the network system.

Trojans are malicious computer programs that present themselves as useful, routine, or interesting in order to persuade a victim to install it. This malware can perform functions, such as stealing data, without the user’s knowledge and may trick users by undertaking a routine task while actually undertaking hidden, unauthorised action.

Spyware is software that invades users’ privacy by gathering sensitive or personal information from infected systems and monitoring the websites visited. This information may then be transmitted to third partie Spyware can sometimes be hidden within adware (free and sometimes unwanted software that requires you to watch advertisements in order to use it). One example of spyware is key-logging software which captures and forwards keystrokes made on a computer, enabling collection of sensitive data such as passwords or bank account details.

Ransomware is software that can hold your data hostage, for example, a trojan may copy the contents of the ‘My Documents’ folder into a password- protected file and delete the original file. It will then send a message demanding payment in exchange for access to the folder.

Malware may be distributed by spam – unsolicited or junk email that is not targeted but typically sent in bulk to millions of recipients around the world.

A botnet is a term for a number of internet-connected computers under the control of a botnet controller. Usually the computers that make up a botnet have been infected with code that enables the botnet controller to undertake illegal activity through multiple devices.

A DoS attack is an attempt to make a machine or network resource unavailable to its intended users, to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.

DDoS is where the attack source is more than one, and often thousands of, unique IP addresses. A common method is to flood an internet server with so many requests that they are unable to respond quickly enough. This can overload servers causing them to freeze or crash, making websites and web-based services unavailable to users.

These are common offences under the Computer Misuse Act 1990 and is the main UK legislation relating to offences or attacks against computer systems such as hacking or denial of service.

 

 

Cyber-dependent crimes are committed for many different reasons by individuals, groups and even sovereign states. For example:

Highly skilled individuals or groups who can code and disseminate software to attack computer networks and systems, either to commit crime or facilitate others to do so;

  • Individuals or groups with high skill levels but low criminal intent, for example protest hacktivists;
  • Individuals or groups with low skill levels but the ability to use cyber tools developed by others;
  • Organised criminal groups;
  • Cyber-terrorists who intend to cause maximum disruption and impact;
  • Other states and state sponsored groups launching cyber-attacks with the aim of collecting information on or compromising UK government, defence, economic and industrial assets; and
  • Insiders or employees with privileged access to computers and networks.

 

How has cyber crime changed over the recent years ?

The majority of cyber criminals have relatively low skills levels, but their attacks are increasingly enabled by the growing online criminal marketplace, which provides easy access to sophisticated and bespoke tools and expertise, allowing these less skilled cybercriminals to exploit a wide range of vulnerabilities.

The rise in the use of Social Engineering and Artificial Intelligence (AI) to automate and accelerate this. With the rise of the internet, phishing became a prevalent social engineering tactic. Attackers utilised emails to deceive individuals into revealing sensitive information.

As technology advanced, phishing techniques evolved to include more sophisticated email designs and persuasive content. As seen in the modern day, phishing is still a viable option for malicious actors. The widespread adoption of social media platforms opened new avenues for social engineering attacks.

Malicious actors leveraged personal information shared on social media to craft targeted attacks. Spear phishing emerged as a more refined technique; tailoring messages based on detailed knowledge about the target. In effect, social media allowed many attackers to build a more thorough profile of their target. Malicious actors have embraced AI to automate and enhance social engineering attacks. AI algorithms analyse vast datasets to craft convincing phishing messages and simulate human-like communication.

 

What does the Yorkshire and Humber Regional Cyber Crime Unit do ?

The Yorkshire and Humber Regional Cyber Crime Unit works with the National Crime Agency and other partners, in the UK and abroad, to investigate and prevent the most serious cybercrime offences. There are ten Regional Organised Crime Units (ROCUs) across England and Wales that have a range of specialist policing capabilities, and this includes a dedicated cyber security team that works with businesses, organisations, and communities to promote the steps that we think will reduce the chances of becoming a victim of cyber crime.

The YH ROCU regularly works with SMEs, charities, and representative organisations in response to specific threats and can provide support in the event of a cyber incident, irrespective of whether a formal police investigation exists. The RCCU deals predominantly with the most serious, pure cyber-dependent offences relating to Malware based cyber-crime, including Botnets, Distributed Denial of Service attacks, Phishing, Network Compromise and Extortion. The unit also works with the other Regional Organised Crime Unit departments and supports our regional Forces to tackle serious and organised crime by providing investigative and technical support and a proactive cyber capability.

 

Who should attend this Clinic ?

The Police Cyber Clinic is a monthly event delivered by the Yorkshire & Humber Regional Organised Crime Unit in conjunction with our Partners, designed to raise awareness of current cyber crime threats facing small and medium sized businesses and organisations, along with offering free practical tools and solutions to improve your cyber security. We are providing free cyber crime awareness events for small and medium organisations (SMEs, including businesses, charities and non-profit organisations) but anyone is free to attend.

Leave a Reply

Your email address will not be published.

Advertising

Advertising

Go toTop