Scots businesses targeted by cyber crime gangs

A BBC investigation has discovered that Russian crime gangs have been targeting Scotland in a series of cyber attacks.

Figures from Police Scotland show a peak in cyber crimes at the end of last year, with the business community being specifically targeted.

Sergey Novikov from computer security firm Kaspersky Lab said Russian gangs had moved their attention from attacking home-users to corporations.

Police warned that many businesses that have been targeted may never recover.

Det Supt Stevie Wilson, head of Police Scotland's cyber crime unit, said: "We have seen a large number of businesses being targeted across Scotland in a multitude of sectors.

"Certainly in the financial sector and agriculture, but predominantly in the small and medium enterprises with up to 200 employees.

"A lot of businesses may not recover from a cyber attack simply because personal customer data has been stolen, and it can cause real problems for the viability of that business in the long-term."

The role of criminal gangs from Russia has been identified by computer security firms Sophos and Kaspersky Labs.

James Lyne, Sophos's global head of security research, said: "Russia is a huge player in the global network of malicious code, or spam.

"Russian criminal gangs, Russian developers, and frankly just hosting services in Russia are often used as a major part of many of the campaigns that we see online today."

Sergey Novikov said: "The UK is one of the hot spots in terms of attacks. Nobody is protected, nobody is safe."

The scale of attacks in Scotland is proving a challenge for companies who advise businesses how best to protect themselves.

Gary Fairley, cyber and digital lead at the Scottish Business Resilience Centre, said attacks existed across all industries.

"We've seen small shops, one-man operators, we've seen IT companies being targeted," he said.

"We've seen some public sector bodies, we've seen local authorities. We've seen some agencies and other public bodies targeted as well, so the scale is not just traditional business.

"It's anybody or any organisation that has an online presence."

A business with an online presence can then be on the receiving end of a devastating attack, he said.

Mr Fairley said: "We know there was, for example, a bakers' firm that lost £20,000 through malware (malicious software) that was installed on a PC by a member of staff unwittingly clicking on a link in an fraudulent email that looked like it was from a bank."

By clicking on that link, he said, malware was installed on the PC which then allowed hackers to gain access to the company bank account.

He said not only can cyber attacks cause a significant financial loss, but they can also have far greater consequences for the Scottish economy as a whole.

"If it's not safe to do business online with companies over here, then investors from overseas will find other places to put their money," he said. "It's as simple as that."

Few commercial attacks are reported, for fear of reputational damage. Yet businesses are being urged to come forward so that police can track down those responsible.

However, businesses are not the only targets.

More than 80% of people now have internet access in their home, with most daily tasks carried out online including banking, booking holidays, buying groceries and networking.

Data stolen by criminal cyber gangs is fast becoming one of the most lucrative criminal commodities.

A Home Office report from October last year revealed that one in five internet users said someone tried to fraudulently get hold of their bank details last year. The criminals behind these attacks are after two things - money and personal information for future attacks.

Police said most attacks on home computers are through spam emails which contain hidden viruses, allowing criminals access to personal information such as bank details and passwords.

BBC Scotland Investigates: Gangsters.com will be broadcast on Wednesday 11 June, at 22:35 on BBC One Scotland, and for a week afterwards on the BBC iPlayer.