Annual report from the National Crime Agency reveals increase in number of attacks stopped in progress but also cites criminals’ technological capability as one of the biggest threats facing organisation

The National Crime Agency nearly doubled the number of “major cyber disruptions” made during the 2022/23 year, with investigative operations including officers posing as attackers for hire.

The NCA has published its annual report for the year to the end of March 2023, revealing that the agency made a total of 237 disruptions of cyberattacks or criminal operations – a 10% increase on the prior-year figure of 216.

But there was marked increase in the number of disruptions of major incidents or crime gangs, which nearly doubled: from 11 to 20.

The NCA characterised “the exploitation of technology” as one of the four key aspects of the threat now posed to the UK by serious organised crime organisations.

Related content

• Data ‘likely’ stolen in Manchester University cyberattack
• Capita admits possible compromise of customer data during cyberattack
• Data offered for sale after ransomware attack on Scottish university

“Technology remains a key enabler for serious and organised crime and is increasingly accessible to offenders,” the report said. “Ransomware remains the greatest cybercrime threat. Criminals use technologies to target the public online, increasingly using social media in particular to identify and communicate with victims. They also use technology to facilitate criminality, including encryption to hide their activities, cryptocurrency for ransoms, and tracking to monitor illicit shipments.”

The annual round-up reveals that one way in which officers pursued cybercriminals was by posing as them – offering attacks for sale online, to flush out those seeking to purchase and deploy them.

“The agency infiltrated the online criminal marketplace by setting up a number of sites purporting to offer distributed denial of service (DDoS) attacks,” the report explained. “This was part of a sustained programme of activity to disrupt and undermine DDoS as a criminal service.”

It added: “All of the NCA-run sites, which have so far been accessed by several thousand people, look like they offer the tools and services needed to execute these attacks. However, after users register, rather than being given access to cybercrime tools, their data is collected by investigators. Users in the UK are contacted by the NCA or police and warned about engaging in cybercrime. Information relating to those based overseas is passed to international law enforcement. This activity forms part of a coordinated international response to target criminal DDoS-for-hire infrastructures worldwide. In December last year, 48 sites were taken offline by the FBI, following close collaboration with the NCA, Netherlands Police and Europol.”

DDoS attacks are intended to take down websites by flooding them with targeted traffic. The NCA report said that “such attacks have the potential to cause significant harm to businesses and critical national infrastructure, and often prevent people from accessing essential public services”.