The UK's Serious Organised Crime Agency (Soca) has issued a warning about the increasing number of international online gangs stealing and trading personal details of web users.
A report issued by the agency says that groups of criminals – often comprising of an average of 30 specialists focused on areas ranging from phishing to data trading – are part of a market evolution geared at trading and exploiting data.
Information is often stolen through techniques such as phishing and key logging using malware sent via email. The stolen data is then used by the thieves for fraudulent purposes or sold to other cyber criminals over the web.
"As web-based technologies become increasingly diverse, e-criminals will use these services to access and exploit victims and conceal their activities," says the Soca report.
"Each group will typically have an inner circle of more technically advanced and/or experienced members who control access to the attack tools and are responsible for dividing up the work."
The tactics used by the criminals are constantly updated to keep ahead of protection offered by software vendors, according to Soca.
Last month, Soca completed the first phase of a five-year IT overhaul to help in the battle against organised crime.
But the agency has admitted that it faced challenges in training staff to a level where the improvement will have a material effect on tackling criminals.
Soca’s annual reports said the “challenges involved in increasing knowledge to a level that would facilitate a transformation of the impact on organised crime still remained significant”.
So far the programme has given overseas staff secure access to IT systems, improved the internal management of information and upgraded software to improve the collection of Suspicious Activity Reports a mechanism allowing the public to electronically report financial crime.
Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes
Focus on cost efficiency, simplicity, performance, scalability and future-readiness when architecting your data protection strategy