Tech savvy hackers based in Eastern Europe are using malicious software, known as malware, to infect computers by sending supposedly legitimate emails, asking bank customers to update their details.
It's a fallacy to think your company has nothing of interest or worth stealing http://t.co/F3BiGcU8AS #DataBreach pic.twitter.com/GeWautWoPT
— IBM Security (@IBMSecurity) October 14, 2015
But once opened — the virus spreads through the computer and the malware is used to harvest online banking details to steal money from people and businesses around the world.
“The Dridex scam proves yet again that human beings are one of the weakest links in cybersecurity." http://t.co/E3l9Is4yVP via @SecNewsDesk
— SecurityNewsDesk (@SecNewsDesk) October 14, 2015
The NCA is predicting that thousands of computers have been infected in the UK. It is working with the FBI to stop infected machines from communicating with cyber criminals manipulating them. One "significant arrest" has already been made. Mike Hulett, head of operations at the NCA's cybercrime unit said:
"This is a particular virulent form of malware and we have been working with our international law enforcement partners, as well as key partners from the industry, to mitigate the damage it causes. Our investigation is ongoing and we expect further arrest to be made."
In an interview with Security News Desk, Peter Jopling, executive security adviser for IBM said every second counts when it comes to combating cybercrime.
"The timeline is very short so the human element is really incidental. It is technology that is going to help you assess what's vulnerable and what you need to do."
"If you have been hit there is a high propensity, through 'dark web' networks, for people to try to do the same and look at the exploits, and slightly change their malware, for a new attack," said Jopling.
In 2013, more than 12.5 million people have been affected by cybercrime, which has cost the UK economy an estimated US$2.77 billion (£1.8bn). According to online security company Norton, that's US$221 (£144) per victim — and that number is expected to dramatically rise.
The Office for National Statistics is due to publish its new finding, including cybercrime, for the first time on Thursday 14 October.