![\"software](\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Brian-McKenna-profile-pic-2022-140x180px.jpg\")
\n\t\t\t\t\t<\/p>\nWill Lyne, head of cyber intelligence at the National Crime Agency, is speaking at this week\u2019s Infosecurity Europe conference about cyber criminal trends. Ransomware, and other varieties of cyber attack on the public, are, he said, becoming commoditised beyond the traditional provenance of Russian-speaking expert coders.<\/p>\n
Lyne has worked in law enforcement for over 15 years. From 2011 to 2013, he worked in Afghanistan delivering counter-narcotics investigations with local, military and international partners, before joining the National Cyber Crime Unit in 2013. He was assigned to the FBI\u2019s Cyber Division in Washington from 2016 to 2020.<\/p>\n
He has played a leading role on high-profile cases including disruptions of the EvilCorp cyber crime group, and Operation Destabilise, which disrupted a multi-billion global Russian illicit finance network.<\/p>\n
Lyne is also currently working on a doctorate at the University of Cambridge Institute of Criminology, focusing on the ecosystem that generates ransomware.<\/p>\n
In an interview in advance of Infosec, he said ransomware is the highest-priority cyber crime threat to the UK, and has gone from a \u201cniche cyber crime issue in the late 2010s to being a national security problem.<\/p>\n
\u201cIn 2021, we had really significant attacks like the ransomware attack on Colonial Pipeline,\u201d said Lyne. \u201cThat really brought ransomware to the fore and made it more widely understood.\u201d<\/p>\n
At Infosec, he\u2019s speaking on a panel called Ransomware 3.0: How attackers are changing their thinking<\/em>, alongside Jeremy Banks, vice-chair of the NPCC Cybercrime Team at the National Police Chiefs Council; Magnus Jelen, lead director of incident response for the UK and EMEA at Coveware by Veeam; and Jen Ellis, founder of NextJenSecurity.<\/p>\n What is meant by an \u201cecosystem\u201d in the context of ransomware? Lyne said he thinks of ransomware as a product or symptom of a cyber crime ecosystem, which is best understood as a collection of individual threat actors and technical capabilities that are available on the internet, and that come together and interact to form steps of a cyber crime business model.<\/p>\n \u201cThe ecosystem enables cyber crime,\u201d he said. \u201cRansomware is the most pernicious of cyber crime threats, and the most significant that we\u2019re looking at at the moment. It is our priority cyber crime threat within the National Cyber Crime Unit. It is a national security issue in its own right, and I think that it will continue to be our highest priority for some time to come.\u201d<\/p>\n The harm is to the public and is not only financial, but psychological, social and economic, he said. \u201cIt\u2019s like drugs \u2013 the harm there is not just to the people taking them,\u201d said Lyne.<\/p>\n He said the Scattered Spider cyber crime group that seems to be behind the recent spate of attacks on retailers, notably Marks & Spencer, is interesting as an instantiation of current trends. It is not a Russian-language group, but Anglophone, and most probably staffed by young males in their teens and 20s, with no real need for advanced computer coding skills. It\u2019s teenage kicks.<\/p>\n \u201cWe are seeing lower barriers to entry [to cyber crime], with reduced costs of buying tools and the language skills needed to get in,\u201d said Lyne. \u201cTraditionally, you\u2019d have to be a Russian-speaker with a reputation in the ecosystem, coding skills, and so on.\u201d<\/p>\n Nor is this democratisation of cyber crime down to the rise of generative AI, he said. \u201cWhile 10 years ago, you could buy some type of cyber capabilities and tools online, now you can get more powerful ones \u2013 it\u2019s cheaper and easier,\u201d said Lyne. \u201cThe tooling required is more accessible now, so it opens up the field to non-Russian cyber criminal groups. We are seeing the locus maturing and moving to everywhere else than Russia. Scattered Spider is one symptom of that.\u201d<\/p>\n But even the traditional Russian cyber crime groups are not like hierarchical Sicilian Mafia operations. They are more like loosely managed tech startups than well-run, large IT companies, he said. \u201cEvilCorp did have a well-understood hierarchy, but most do not,\u201d added Lyne. \u201cThey operate with a \u2018minimum viable product\u2019 to make the money they want to.\u201d<\/p>\n Nevertheless, the ransomware threat is evolving.<\/p>\n \u201cWe\u2019ve had commodity ransomware, then you had human-operated ransomware, and double extortion came in where they\u2019re stealing sensitive data from victims and then using that as extra leverage,\u201d he said. \u201cWe\u2019re increasingly seeing encryption-less extortion, where groups are just stealing data from victims and extorting them.<\/p>\n \u201cWe\u2019re also seeing a shift of threat actors moving away from using the big centralised platforms, the big marketplaces where they used to go and obtain credentials for potential victims, whereas we\u2019re seeing a lot of those interactions go to more peer-to-peer trading in the ecosystem,\u201d added Lyne.<\/p>\n He finished the pre-conference interview with Computer Weekly with an appeal to information security professionals to consider joining the National Crime Agency.<\/p>\n \u201cI love this job,\u201d said Lyne. \u201cYes, we are facing up to bad dudes, but that provides motivation because of the harm they do to vulnerable members of the public. We can make a difference to communities up and down the country. It is a hard job, though. These groups are hard to deliver impactful operations against.<\/p>\n \u201cWe can\u2019t do it in isolation,\u201d he added. \u201cWith the drugs threat, we know a lot from where the drugs are grown to who the dealers on the street are. With cyber crime, there is vast knowledge in the private sector and academia. With the disruption of Lockbit and Evil Corp there was a kaleidoscope of national and international law enforcement partners to deliver that.<\/p>\n \u201cWe\u2019re collaborating really well in the public sector, with our partners in policing or partners across government \u2013 better than we ever have been \u2013 both nationally and internationally,\u201d said Lyne. \u201cBut we\u2019re also partnering with the private sector better than we\u2019ve ever been as well, and that is really important for us to be able to do what we do. It\u2019s important work.\u201d<\/p>\n<\/section>\n By: Alex\u00a0Scroxton<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<\/li>\n By: Brian\u00a0McKenna<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<\/li>\n By: Brian\u00a0McKenna<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<\/li>\n By: Alex\u00a0Scroxton<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<\/li>\n<\/ul>\n<\/section>\n<\/div>\n","protected":false},"excerpt":{"rendered":" Software Software Will Lyne, head of cyber intelligence at the National Crime Agency, sketches out cyber criminal trends as ransomware<\/p>\n","protected":false},"author":7282,"featured_media":11171,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-11170","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-software"],"_links":{"self":[{"href":"https:\/\/usaontheweb.com\/clone1\/wp-json\/wp\/v2\/posts\/11170","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/usaontheweb.com\/clone1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/usaontheweb.com\/clone1\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/usaontheweb.com\/clone1\/wp-json\/wp\/v2\/users\/7282"}],"replies":[{"embeddable":true,"href":"https:\/\/usaontheweb.com\/clone1\/wp-json\/wp\/v2\/comments?post=11170"}],"version-history":[{"count":0,"href":"https:\/\/usaontheweb.com\/clone1\/wp-json\/wp\/v2\/posts\/11170\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/usaontheweb.com\/clone1\/wp-json\/wp\/v2\/media\/11171"}],"wp:attachment":[{"href":"https:\/\/usaontheweb.com\/clone1\/wp-json\/wp\/v2\/media?parent=11170"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/usaontheweb.com\/clone1\/wp-json\/wp\/v2\/categories?post=11170"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/usaontheweb.com\/clone1\/wp-json\/wp\/v2\/tags?post=11170"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Ransomware ecosystem<\/h3>\n
\n\t\t\t<\/i>Read more on Hackers and cybercrime prevention<\/h4>\n
\n
![](\"https:\/\/www.computerweekly.com\/visuals\/ComputerWeekly\/Hero%20Images\/security-lock-CROCOTHERY-adobe_searchsitetablet_520X173.jpg)
A landscape forever altered? The LockBit takedown one year on<\/h5>\n
![\"software](\"https:\/\/www.computerweekly.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\")
\n\t\t\t\t\t\t\t\t\t<\/p>\n![](\"https:\/\/www.computerweekly.com\/visuals\/ComputerWeekly\/Hero%20Images\/Russia-Moscow-Kremlin-f11photo-adobe_searchsitetablet_520X173.jpg)
UK government sanctions target Russian cyber crime network Zservers<\/h5>\n
![\"software](\"https:\/\/www.computerweekly.com\/rms\/computerweekly\/Brian-McKenna-profile-pic-2022-140x180px.jpg\")
\n\t\t\t\t\t\t\t\t\t<\/p>\n![](\"https:\/\/www.computerweekly.com\/rms\/onlineimages\/map_globe_g951122258_searchsitetablet_520X173.jpg\")
<\/p>\nGoogle: Cyber crime meshes with cyber warfare as states enlist gangs<\/h5>\n
\n\t\t\t\t\t\t\t\t\t<\/p>\n![](\"https:\/\/www.computerweekly.com\/visuals\/ComputerWeekly\/Hero%20Images\/cyber-threats-fotolia_searchsitetablet_520X173.jpg)
Top 10 cyber crime stories of 2024<\/h5>\n
\n\t\t\t\t\t\t\t\t\t<\/p>\n