What are the most common cyber attacks in the UK?

You wouldn’t have to perform particularly in-depth research online to ascertain the real scale of the cybercrime challenge for UK businesses as we head further into 2022. From insurers, to IT service providers, and the UK government’s Cyber Security Breaches Survey 2022, there’s plenty of information out there letting us know cyber security breaches continue to be a serious and growing threat.With attack statistics rising and losses soaring ever since 2018 (and in the shadow of the covid-19 pandemic which saw the cyber-attack surface broaden due to home-working measures), as many as four in ten businesses (39%) and a quarter of charities (26%) reported suffering cyber security breaches across 2021/22.

Indeed, according to the Hiscox Cyber-Readiness Report, in 2021, 59% of large businesses (250+ employees) reported feeling like their organisation had become more vulnerable to cyber-attacks since the start of the pandemic – perhaps due to the frequency of cyber events increasing ever since 2020 (and bringing with them a range of financial repercussions).

Still, when it comes to cyber security, knowledge is power and it’s important to understand the threat landscape in 2022 if we are to put adequate security measures in place.

Phishing

Both the government’s survey and the Hiscox report uncovered phishing attacks to be the number one most common threat vector facing UK businesses today.

Indeed, the number of phishing emails aimed at businesses drastically rose throughout 2020 and 2021, with 83% of organisations surveyed experiencing a phishing attack.

Evidence suggests cyber-criminals are getting more efficient at it too; they have bigger and better technology at their fingertips (in fact, there’s an increasing number of ‘out of the box’ phishing attack kits available to buy if you know where to go) which means resources to run scams more effectively, with more volume, and across multiple platforms.

Common types of phishing to look out for:

• Email phishing – Hardly news to many of us, most phishing attacks (96%) are received by email. Here, cyber-criminals register fake domains that impersonate genuine people or organisations, sending hundreds of thousands of generic requests to individuals, hoping just 1 or 2 will succeed in scamming somebody.
• Spear phishing – Spear phishing is a type of email phishing, but it involves targeting only one specific person or group of people (hence the ‘spear’ symbolism). Cyber-criminals who engage in spear phishing will already have some, or all, of the following information about the victim: name, workplace, job title, email address, job role, social media account information, etc. This type of information-gathering is a form of social engineering and it works because it allows cyber-criminals to launch more targeted phishing attacks that look and feel more authentic.
• Whaling – Whaling attacks are an even more targeted form of email phishing and are designed to go after the ‘big fish’, e.g., senior management or the C-suite. Crafted with a solid understanding of business language/tone, whaling is a type of fraud designed to encourage victims to perform a business-related action, e.g., transfer funds or file tax information.
• Smishing and vishing – In the instance of both smishing and vishing, telephones replace emails as the vehicle of attack. Smishing involves criminals sending text messages (the content of which is much the same as with email phishing), and vishing involves a telephone conversation. A common vishing scam, for example, involves a fraudster posing as a bank or credit card representative and informing the victim that their account has been breached.
• Angler phishing – Referring to the ‘hook’ aspect of real fishing, angler phishing is a specific type of phishing attack that exists on social media. Using social platforms, attacks are launched from realistic-looking corporate social media accounts that, in actual fact, exist to post malicious URLS to cloned websites, and which propagate fake posts, tweets, and products.

Impersonation 

An impersonation attack is a type of cyber-crime in which an attacker impersonates a trusted individual in order to steal money or sensitive data from a business. These attacks are usually carried out by cyber-criminals specifically targeting high-ranking executives in order to breach data, steal login credentials, or transfer money into a fake account.

According to Hiscox, 27% of organisations experienced impersonation attacks in 2021, with the majority occurring via email (impersonation assaults do not require malware, relying instead on social engineering and a sense of ‘urgency’ to get what they want and appear credible).

Additionally, most impersonation attacks will appear to be from a senior company executive, and usually threaten negative consequences if the target doesn’t complete the ‘important’ request in a timely manner.

In order to combat impersonation attacks, it’s vital for employees to be reminded about these types of scams regularly and to remain vigilant about any emails requesting sensitive information.

Malware

Did you know, there are over 1 billion malware programs out there? And, according to the government’s cyber security breaches survey, fewer businesses (83% in 2021 vs. 88% in 2020) and charities (69% vs. 78%) report having up-to-date malware protection.

Short for ‘malicious software’, malware refers to any intrusive or harmful software developed by cyber-criminals to steal data, damage or destroy computer systems and infrastructure, or hold individuals/organisations at ransom. Examples of common malware include viruses, worms, Trojan viruses, RATs, spyware, adware, and ransomware.

Hackers will invariably employ a variety of methods to get malware into computer systems, but at some stage this will usually require an individual to download the file unwittingly (e.g. clicking on a disguised file download or attachment).

Denial of service 

A denial-of-service (DoS) is a type of cyber-attack wherein cyber-criminals aim to render a computer or server unavailable to its intended user(s) or owners, e.g. to employees working at PCs on an office network.

DoS attacks work by oversaturating the usual functioning of the device (like a traffic jam in which nobody can move), overwhelming and flooding the target with requests until the machine can no longer perform and service is shut down or ‘denied’.

For information, a DoS attack is characterised by using a single computer to launch the attack, whereby a distributed denial-of-service (DDoS) attack is a type of DoS attack that comes from many distributed sources, such as a botnet DDoS attack.

Worryingly, in its latest report, Cloudfare reported a 175% increase in ransom DDos attacks in Q4 of 2021 compared to Q3. Remember, DoS attacks often target web servers of high-profile organisations (think banking, commerce, government and media companies) and whilst they do not typically result in the loss of assets or data, they can cost organisations a great deal of time and money to handle.

Better safe than sorry 

Prevention is always better than the cure! The best way to tackle cyber security is to invest time and resources to secure your systems and ensure that your employees receive regular awareness training and education as to cyber-threats.