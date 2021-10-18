David Ferbrache (picture supplied by Orchard PR) (31853622)

Visiting consultant David Ferbrache, who helped set up the Ministry of Defence’s cyber-research centre, said that the number of online attacks has increased up to tenfold since the start of the pandemic, with criminal organisations looking to exploit vulnerabilities created by the crisis.

Mr Ferbrache said that Covid-19 had created opportunities for criminals in two particular ways.

‘First of all, there was a big shift to home working. All of a sudden you had a very distributed workforce. If this wasn’t handled properly, it often meant you were dealing with loopholes or attack holes that criminals could exploit,’ he said.

‘The other thing you saw happen was due to organisation crime being very good at exploiting crisis situations. If you’ve got a major natural disaster, for example, the first websites you see are sites created by organised crime.

‘We saw that through Covid, where they would say they are mask providers, they provide information or could give access to vaccines.

‘The false sites were used for phishing attacks [to access personal details] or as lures and often they were able to take money directly away from people,’ he added.

A number of high-profile attacks have taken place in recent years, such as ransomware assaults – where systems are shut down until a ransom is paid – on the NHS and on US fuel provider Colonial Pipeline.

Mr Ferbrache, who came to the Island from the UK to advise trust firms on security, said that criminals were moving away from what might be viewed as ‘unethical’ attacks, such as these, but were otherwise ‘indiscriminate’ in who they target.

He said: ‘We are actually seeing some of these organised crime groups almost adopting an ethical code, which is fairly bizarre.

‘They are saying they’re not going to attack the health service or critical infrastructure any more. Part of the reason for that is probably because they had a severe backlash from the governments for doing that.

‘But, sadly, the financial service industry is still viewed as fair game, so we are seeing large-scale targeting going on. If you look back over the last 12 months, we’ve probably seen between a seven and ten-fold increase in ransomware activity.’

He added: ‘Attacks are becoming a lot more sophisticated in terms of being tailored and targeted. Criminals spend a lot more time in systems now and their work might involve cultivating and working out how much money a company has, how they can extract it and where can they set the ransom at.

‘They might even look at a firm’s cyber-insurance policy to see how much payout they might be able to get.’

Mr Ferbrache said that cyber criminals make money through ransom, blackmail, fraud and selling personal details on the dark web.

He added that gangs were most likely to target medium-sized businesses, of 100 to 200 people, which would struggle to afford top-of-the-range protection but have enough money to be a worthwhile target.