UK Update: Cyber Security Risks in 2022

As technology innovation moves quickly, so do cyber security threats.

There are some new threats and tactics that cybercriminals have been adopting in recent months, and it is important to be aware of them to avoid being caught out.  In this overview, we set out some of the latest threats to keep in mind when considering what risks you and your business face.

Ukraine donation scam

Whether it is the Covid pandemic or a natural disaster, any significant world event will be exploited. The ongoing Russia-Ukraine war is no different.  The conflict has been used by cybercriminals to request donations from email recipients. The senders will typically impersonate large organisations (e.g. the UN) in order to ask for donations to be made to help the victims of the war. The cybercriminals will typically ask the recipient to make a payment into a cryptocurrency account (which is far more difficult to track than a conventional bank account) that will be owned by the cybercriminal. For this scam to work, it requires the recipient to take action and make payment to the account, which may be more likely than usual given the potential emotional reaction to an email relating to this war. This is a typical tactic employed by cybercriminals.

Sextortion phishing

Following on from the above, this is another ongoing trend that seeks to exploit an emotional reaction from the email recipient for the benefit of the cybercriminal. This type of phishing email uses language to cause fear or alarm (e.g. telling them they have been hacked or owe money) to entice the recipient to click on a link to make some form of payment or comply with a request. These emails tend to ask the recipient to comply with a request and sets a deadline for them to do so (another technique used to create panic).

Denial of Service cyber-attacks

A denial of service attack essentially does what it says it does. It is designed to disrupt or disable a computer network, program or website to allow the cybercriminal to attack specific parts of a network. This is obviously a daunting proposition for any individual or business to face, especially considering the reliance on computer networks and software to run companies efficiently.

LinkedIn phishing emails

Another phishing technique that is on the rise this year is the use of LinkedIn phishing emails, which impersonates other users or a representative from LinkedIn. These emails ask the user to click on a link to log in to their LinkedIn profiles. When the link is clicked on, the user is taken to a fraudulent website which looks like the LinkedIn login page and, as they type in their login details, their personal details are being recorded by the cybercriminal. Following this, the user will be diverted to the actual LinkedIn website, which means they will be unaware of the ongoing phishing exercise being carried out. Most of the phishing emails appear to be genuine: showing the LinkedIn logo, subject lines you would expect to receive from LinkedIn (e.g. in relation to profile views or searches) and also LinkedIn’s actual email footer.

Given that LinkedIn has hundreds of millions of subscribers worldwide, it is important to be vigilant when receiving email correspondence similar to that described above.

CEO / CFO scams

This technique is frequently used by cybercriminals to impersonate a company’s CEO (following the cybercriminal gaining access to the CEO’s email account or using a very similar (created) email address as the CEO) to email the CFO and ask for funds to be sent for the “CEO” to close a deal. The emails are generally cleverly structured and provide an urgent deadline to entice the CFO into making a quick decision to send the funds requested.

Ransomware

Although this technique has been utilised by cybercriminals for a number of years, it continues to be used regularly. Essentially this is used to prevent users from accessing files within their system (usually be encrypting the files) which is obviously disruptive to any business. The cybercriminal will then request that the victim pays a ransom or complies with a request in order for them to provide details that will allow the victim to access the targeted files again. It is important to keep this in mind given that the National Cyber Security Centre has reported that reports to the ICO relating to ransomware attacks “have more than doubled since 2020”.

These are just some of the cyber security threats out there, and it is vital to keep aware of the latest risks. If you or your business have experienced any cyber security incidents or want to find out what we can do to help protect you going forward, please do get in touch with us and we will be happy to discuss.

By Burness Paull LLP, Scotland, a Transatlantic Law International Affiliated Firm.  

For further information or for any assistance please contact ukscotland@transatlanticlaw.com

Disclaimer: Transatlantic Law International Limited is a UK registered limited liability company providing international business and legal solutions through its own resources and the expertise of over 105 affiliated independent law firms in over 95 countries worldwide. This article is for background information only and provided in the context of the applicable law when published and does not constitute legal advice and cannot be relied on as such for any matter. Legal advice may be provided subject to the retention of Transatlantic Law International Limited’s services and its governing terms and conditions of service. Transatlantic Law International Limited, based at 42 Brook Street, London W1K 5DB, United Kingdom, is registered with Companies House, Reg Nr. 361484, with its registered address at 83 Cambridge Street, London SW1V 4PS, United Kingdom.