Cyber threats to national security, businesses, and private individuals are increasing, and several million cases of fraud and computer misuse are reported to the police each year. Cybercrime can take many forms, targeting supply chains, operations, and finances by exploiting human and security vulnerabilities. Matt Atkins spoke to DC Richard Gentile, a Detective in the Cyber Crime unit of British Transport Police (BTP), to discuss the threat of cybercrime to the rail industry and how organisations and individuals can avoid becoming a victim.
Hi Richard, thanks for joining us. To start, could you give us a brief outline of your role and the work that BTP does to fight cybercrime?
Hi Matt, thanks for having me. BTP don’t just police the railway by offering visible uniform presence – we also have a whole host of crime departments including a Cyber Crime Unit just like any other police force. We have four working pillars that we call the ‘Four Ps’. These are: Protect, Prevent, Pursue and Prepare.
The Protect strand is effectively cybercrime awareness and crime prevention, while the Prevent strand is the ability to identify young individuals who commit cybercrime offences and offer them alternative paths within the commercial world to steer them away from hacking and committing cybercrime.
The Pursue strand is the active response to cyber-attacks on the railway and members of the public who become victims of cybercrime. We have two teams of detectives dedicated to the response aspect. The final strand is Prepare, which goes hand in hand with the Protect strand and that aims to buildg resilience for business via tabletop exercises and similar activities.
Can you give us an overview of the types of cybercrime that the rail industry is exposed to? How well prepared are the rail network and companies within the wider industry?
The railway industry, just like any other, is exposed to cybercrime and all businesses involved in the railway, regardless of size, need to bolster and strengthen their capability to keep themselves safe from cyber-attacks.
One of the methods that cyber criminals tend to deploy is being able to reach a company they wish to target and infiltrate it via their supply chain. Therefore, it’s really important for the wider industry which acts as a supply chain to the Network, train operating companies, and freight companies, to maintain good cyber standards and keep good cyber hygiene practices within their business.
Has the Covid pandemic had any effect on cybercrime? Has the behaviour of cyber criminals changed since an increasing number of us now work from home?
Covid-19 has allowed a digital transformation across several industries and has arguably accelerated the rate of cyber-attacks and changed the cyber security landscape.
As people work from the comfort of their own home, cyber criminals have found new and ingenious ways to target employees and exploit the situation to their advantage, with targeted phishing campaigns and an increase in reconnaissance through social media.
New types of scams have also emerged, playing on people’s emotions. One such scam touted the availability of vaccines for Covid-19, prior to them actually being created and rolled out.
What types of attacks are motivated by financial gain? Are you seeing an increasing number of increasing attacks on rail companies?
When we think of hostile actors within today’s digital environment, we need to think of Organised Crime Groups (OCGs), Nation State actors, and Hackers. Broadly speaking, these are the main three actors. The motivation of OCG’s is most defiantly financial gain, while the hacker’s motivation can sometimes be financial gain but is mostly around kudos.
We have seen an increase in both cyber-enabled and cyber-dependant crime on the railway especially Ransomware, where a company’s data is held at ransom with the premise that if money is not paid within a time frame set by the criminal, it will either be destroyed or leaked on the dark web. We’ve definitely seen an increase in these types of attacks, hitting train operators and their supply chain.
What measures can companies take to protect themselves from financial cybercrime? Are companies doing enough to mitigate the risk at present?
Keeping to basic standard practices to protect themselves can mitigate quite a number of cyber-attacks but, overall, I don’t think companies are doing enough. I believe this is down to the stigma that cyber awareness and education comes with a price tag and is too expensive to invest in, so companies will invest more in technology to try and keep them safe.
There is no real silver bullet to solving the problem of cybercrime and keeping your business protected. But, as approximately 90% of all cyber-attacks are due to human behaviour, education and awareness are the best way to mitigate the majority of cyber-attacks.
If we think of there being five layers to defend your business, these would be: (i) Anticipation – the best way to defend against cyber-attacks is to anticipate them, this means being aware of the latest threats and vulnerabilities and having a process to mitigate these; (ii) Education – all employees should be trained on cyber security best practices to know how to identify and defend against potential attacks; (iii) Detection – organisations should have systems in place to detect attacks as they happen so they can respond quickly and minimise damage; (iv) Reaction – having a quick response plan in place and taking steps to mitigate the damage; and (v) Resilience – even if your business is successful in defending against attacks its’s essential to have plans to recover from any damage that occurs.
Going back to the ‘Four Ps’ we discussed, we do have the capability to respond and investigate cyber-attacks if a business is undergoing a cyber-attack. However from a Protect perspective, the BTP can offer a whole host of products and cyber education to organisations within the railway industry, and they’re all free. These range from tailored cyber awareness training, cyber escape rooms, tabletop exercises and guidance.
In terms of technology, we offer a free tool called Police Cyber Alarm to help members understand and monitor malicious cyber activity. This service is made up of two parts: monitoring and vulnerability scanning. Police Cyber Alarm acts as a ‘CCTV camera’ monitoring the traffic seen by a member’s connection to the internet. It will detect and provide regular reports of suspected malicious activity, enabling organisations to minimise their vulnerabilities.
What is the risk of financial cybercrime to the general public? What form do these attacks take and how can individuals protect themselves?
When we think of cybercrime and how it can affect an individual there are a whole host of scams and tricks that members of the public can become a victim to. These include phishing emails – targeted or general emails, where criminals hope you click on a link they’ve sent you; smishing scams which are the annoying text messages you receive where scammers impersonate companies such as delivery companies or banks; romance fraud which can cost victims thousands of pounds; and computer software fraud, with 23,625 reports last year and £27.3 million in reported losses.
One of the more current frauds is Payment Diversion Fraud or PDF. This type of fraud involves scammers impersonating companies that you might already be working with and asking you to pay outstanding invoices.
There are very simple steps that members of the public can take to keep themselves protected and that involves changing their mindset and not ignoring things that can make them more secure such as their mobile or computer asking them to update their software, adopting two-factor authentication, not recycling passwords, and creating strong but memorable passwords that are not easy for a cybercriminal to break.
There is some great guidance around using the ‘rule of three’ to create passwords on the National Cyber Security Centre (NCSC) website (www.ncsc.gov.uk) and the cyber aware website (www.ncsc.gov.uk/cyberaware/home).
Do you have any predictions for the cybercrime landscape over the next 12-18 months? Do you expect to see an increase in cybercrime as a result of the events in Ukraine?
I think we’ll definitely see an increase in ransomware and far more hostile reconnaissance, especially around business networking platforms from hostile actors such as cyber criminals and OCGs.
Campaigns like ‘Think before you Link’ from the Centre for the Protection of National Infrastructure (CPNI) is a great campaign which provides free assets for organisations to help keep them safe and raise awareness among staff.
Following Russia’s unprovoked, premeditated attack on Ukraine, the NCSC continues to call on organisations in the UK to bolster their online defences. The NCSC – which is a part of GCHQ – has urged organisations to follow its guidance on steps to take when the cyber threat is heightened.
While the NCSC is not aware of any current specific threats to UK organisations in relation to events in and around Ukraine, there has been a historical pattern of cyber-attacks against Ukraine with international consequences. HermeticWiper, a wiper malware used against Ukrainian organisations, has the potential to impact organisations outside of Ukraine. Wiper malware can erase data from the hard drive of an infected computer. UK organisations are therefore strongly encouraged to follow the actionable steps in the NCSC guidance that reduce the risk of falling victim to an attack.
Thanks Richard. Finally, what steps should individuals and organisations take if they suspect they’ve been the victim of cybercrime?
If you suspect you are currently being subjected to a live and ongoing cyber-attack, believe you have been scammed, defrauded or otherwise been a victim of cybercrime, contact Action Fraud on 0300 123 2040. They have a 24-hour contact centre which will inform the police of the crime. For more information, the Action Fraud website can be found at www.actionfraud.police.uk.
If you are a Train Operating Company or part of the railway supply chain and experiencing a live and ongoing cyber-attack once reported to Action Fraud please contact our control room on 0800 405 040.
Organisations or businesses that want to contact us can speak directly to our Pursue team by contacting [email protected]. For information on any of our free Protect services, contact [email protected].
Image credit: istockphoto.com