Infosecurity 2025: Insights on Emerging Trends from the NCA Cyber Intelligence Director

Will Lyne, the head of cyber intelligence at the National Crime Agency, is at the Infosecurity Europe conference this week, diving into the latest trends in cybersecurity. He points out that ransomware and other cyber attacks are no longer just the domain of skilled Russian hackers; they’ve become widely accessible and commercialized.

Lyne’s law enforcement career spans over 15 years, including counter-narcotics investigations in Afghanistan and a stint with the FBI’s Cyber Division in Washington. He’s been involved in major operations like bringing down the EvilCorp cyber crime group and disrupting a massive Russian illicit finance network through Operation Destabilise. He’s also pursuing a doctorate at Cambridge, focusing on the ransomware ecosystem.

In a pre-conference interview, he highlighted that ransomware is now the top cyber crime threat in the UK. What was once a niche issue has escalated into a national security concern. He pointed to the 2021 ransomware attack on Colonial Pipeline as a pivotal moment that brought this issue into the spotlight.

At Infosec, he’ll speak on a panel titled “Ransomware 3.0: How attackers are changing their thinking,” along with experts like Jeremy Banks from the NPCC Cybercrime Team and Magnus Jelen from Coveware.

So, what’s this ransomware “ecosystem” he mentions? Lyne describes it as a network of threat actors and tools available online, coming together to create a cyber crime business model. Ransomware is the most harmful and significant threat the National Cyber Crime Unit faces today. Its impacts are financial, psychological, and social.

He noted the rise of the Scattered Spider cyber crime group, responsible for recent attacks on retailers like Marks & Spencer. Unlike traditional Russian groups, this one operates in English and appears to be made up mainly of young males, showing how entry barriers to cyber crime are lowering. It’s much easier now to find tools online, making it accessible to a broader range of people.

Lyne stressed this isn’t just because of advancements in AI. The tools are cheaper and readily available, allowing non-Russian groups to emerge. This evolution marks a shift in where cyber crime is happening, moving away from Russia.

Even established Russian groups aren’t like the Mafia; they’re more like tech startups operating with a “minimum viable product” approach rather than strict hierarchies.

He summarized the evolution of ransomware: from basic attacks to more sophisticated tactics like double extortion, where hackers steal sensitive data in addition to encryption. Now there’s a growing trend of encryption-less extortion, focusing solely on data theft.

Lyne encouraged information security professionals to consider joining the National Crime Agency. He relishes his work, motivated by the harm cyber criminals cause to vulnerable individuals. The job is tough, but collaborations between law enforcement, academia, and the private sector have never been better, which is crucial in this ongoing battle against cyber threats.

Unlock your business potential with our expert guidance. Get in touch now!

ransom_g1259800910.jpg

Infosecurity 2025: Insights on Emerging Trends from the NCA Cyber Intelligence Director

cloud-computing-adobe.jpg

How Cybersecurity Experts are Utilizing AWS Tools

silenced-gagged-secret-Michael-adobe.jpg

Post Office Criticized for Deleting Comments on IT Scandal from Social Media

Whitehouse-fotolia-scaled.jpg

When Leaders Overlook Cybersecurity Guidelines, the Entire System Suffers

Police-crime-2-adobe.jpg

Police Digital Service Board Director Resigns Months After CISO’s Departure

surveillance-CCTV-facial-recognition-Gorodenkoff-adobe.jpg

Essex Police Reveals ‘Incoherent’ Facial Recognition Evaluation

chatbot-1-fotolia.jpg

Podcast: RSA 2025 – Navigating AI Risks and the CISO’s Role