If we were to believe Hollywood films, hackers have strange accents and live in far-flung countries that you may never have heard of, but new research shows that far and away the majority of criminals carrying out cyber attacks against UK companies are actually based inside the UK.

A huge 72% of attacks against businesses in the UK and Ireland are carried out by criminals located on these islands, according to a new report from fraud prevention company ThreatMetrix.

This homegrown cybercrime epidemic is not unique to the UK and Ireland, however, with 93% of the attacks taking place in China being carried out from within the country, while France (87%), Germany (81%), Italy (94%) and Russia (85%), also show that hackers look close to home when seeking a victim.

Just 0.074% of the cyber attacks carried out against UK targets originated in China. A slightly higher percentage of 0.27% originated in Russia.

These figures stand in stark contrast to the perceived wisdom that the Chinese and Russians were the main threat at work globally today. The truth it seems is very different.

Mexican hackers

After homegrown threats, the biggest percentage of attacks against UK businesses surprisingly comes from Mexico where ThreatMetrix says there is evidence of "a growing cybercriminal network".

Third on the list of threats is Nigeria, with Germany and the United States taking up fourth and fifth positions respectively.

Tony Larks from ThreatMetrix, who has worked in the cybersecurity field for the last 20 years, says that even he was surprised by the results: "We all hold this belief that is coming from elsewhere – Africa, south east Asia, Russia, China. You always want the bad guy to be somewhere that is not close to you. There is an element that the bad guy is someone who doesn't speak your language, who doesn't live in your street, that is quite a way away."

The disconnect is the result of headline-grabbing stories of cybercrime and cyberespionage that typically involve the giants of the global political stage – such as the US, China, Russia and Israel – all of whom conduct high-level campaigns against each other, but typically not against consumers or private business.


The result is that while people believe the threats lie in the far-flung corners of eastern Europe or within the anonymous tower blocks of Shanghai, the real threat lies much closer to home.

Larks says that the people who are carrying out the majority of attacks from within the UK are part of organised gangs who are looking to take advantage of relatively poor security measures.

There are, however, also "opportunists" carrying out these attacks by utilising the increasingly automated tools that are freely available on the dark web and which require little to no technical expertise to use effectively.

A worrying trend ThreatMetrix observed was a 60% increase in the use of spoofing or impersonation attacks, with more than 11.4 million fraud attempts identified by the ThreatMetrix Global Network during the last peak Christmas shopping period at the end of 2014.