Will Lyne, the head of cyber intelligence at the National Crime Agency, is at the Infosecurity Europe conference this week, diving into the latest trends in cybersecurity. He points out that ransomware and other cyber attacks are no longer just the domain of skilled Russian hackers; they’ve become widely accessible and commercialized.
Lyne’s law enforcement career spans over 15 years, including counter-narcotics investigations in Afghanistan and a stint with the FBI’s Cyber Division in Washington. He’s been involved in major operations like bringing down the EvilCorp cyber crime group and disrupting a massive Russian illicit finance network through Operation Destabilise. He’s also pursuing a doctorate at Cambridge, focusing on the ransomware ecosystem.
In a pre-conference interview, he highlighted that ransomware is now the top cyber crime threat in the UK. What was once a niche issue has escalated into a national security concern. He pointed to the 2021 ransomware attack on Colonial Pipeline as a pivotal moment that brought this issue into the spotlight.
At Infosec, he’ll speak on a panel titled “Ransomware 3.0: How attackers are changing their thinking,” along with experts like Jeremy Banks from the NPCC Cybercrime Team and Magnus Jelen from Coveware.
So, what’s this ransomware “ecosystem” he mentions? Lyne describes it as a network of threat actors and tools available online, coming together to create a cyber crime business model. Ransomware is the most harmful and significant threat the National Cyber Crime Unit faces today. Its impacts are financial, psychological, and social.
He noted the rise of the Scattered Spider cyber crime group, responsible for recent attacks on retailers like Marks & Spencer. Unlike traditional Russian groups, this one operates in English and appears to be made up mainly of young males, showing how entry barriers to cyber crime are lowering. It’s much easier now to find tools online, making it accessible to a broader range of people.
Lyne stressed this isn’t just because of advancements in AI. The tools are cheaper and readily available, allowing non-Russian groups to emerge. This evolution marks a shift in where cyber crime is happening, moving away from Russia.
Even established Russian groups aren’t like the Mafia; they’re more like tech startups operating with a “minimum viable product” approach rather than strict hierarchies.
He summarized the evolution of ransomware: from basic attacks to more sophisticated tactics like double extortion, where hackers steal sensitive data in addition to encryption. Now there’s a growing trend of encryption-less extortion, focusing solely on data theft.
Lyne encouraged information security professionals to consider joining the National Crime Agency. He relishes his work, motivated by the harm cyber criminals cause to vulnerable individuals. The job is tough, but collaborations between law enforcement, academia, and the private sector have never been better, which is crucial in this ongoing battle against cyber threats.