Photo credit: www.theguardian.com

Cybersecurity Chief Warns UK Underestimating Online Threats

The UK’s cybersecurity landscape is facing an alarming underestimation of threats posed by hostile states and criminal organizations, according to Richard Horne, head of the Government Communications Headquarters (GCHQ) National Cyber Security Centre (NCSC). In a pivotal address scheduled for Tuesday, Horne will highlight a troubling rise in severe cyber incidents, which have reportedly tripled, amidst ongoing Russian aggression and sophisticated operations infiltrating from China.

In his inaugural major speech since assuming leadership of the NCSC in October, Horne is expected to articulate the escalating frequency, sophistication, and intensity of cyberattacks targeting the UK, driven by adversaries intent on wreaking havoc.

Addressing attendees at the NCSC’s London headquarters, Horne will emphasize the reckless cyber activities emanating from Russia, alongside the increasing sophistication of Chinese cyber operations, which are demonstrating ambition to extend their influence globally.

“Despite these rising threats, the prevailing perception of the severity of the risks confronting the UK is underestimated,” Horne will assert.

Experts have characterized Horne’s forthcoming remarks as a critical wake-up call for businesses and public sector institutions to recognize the extensive scale of the cyber threats looming over the UK.

The NCSC’s annual review reveals a notable increase in serious cyber incidents, highlighting that 430 cases requiring intervention from the agency were recorded between September 2023 and August 2024, a rise from 371 in the previous year. Among these, 12 incidents were categorized as severely impactful, marking a threefold increase from the previous reporting period.

“We cannot afford to be complacent regarding the severity of state-sponsored threats or the considerable risks posed by cybercriminals,” Horne will stress, underscoring the crucial need for enhanced defenses and resilience in critical infrastructure, supply chains, public sector operations, and the economy at large.

Recently, Cabinet Office minister Pat McFadden noted Russia’s capabilities to severely disrupt the UK’s energy supply through potential cyberattacks.

Although the NCSC review does not detail the ratio of state-sponsored attacks versus those from criminal organizations, it underscores that a significant portion of the NCSC’s resources is dedicated to aiding organizations recovering from ransomware incidents. These attacks often involve cybercriminals halting operations and demanding ransom payments in cryptocurrencies for the restoration of stolen data.

Notable ransomware cases over the past year include breaches affecting the British Library and Synnovis, the entity responsible for managing blood testing for NHS trusts. The NCSC logged 317 ransomware incidents in the last year, with 13 being categorized as nationally significant.

Horne remarked, “The attack on Synnovis highlighted our reliance on technology for healthcare access. Similarly, the incident involving the British Library sheds light on our dependence on technology for information and knowledge.” He further stated, “These incidents emphasize the intricate link between technology and our daily lives, revealing the human costs associated with cyber-attacks.”

Generally, ransomware groups are known to primarily operate from Russia or countries that were part of the former Soviet Union, benefiting from a level of tolerance in their home countries as long as they refrain from targeting Russian interests. However, the UK’s National Crime Agency has reported that at least one notorious group, Evil Corp, has assisted Russian intelligence services in targeting NATO countries.

Reflecting on his time at the NCSC, Horne expressed concern about the widening gap between the exposure to cyber threats the UK faces and the adequacy of existing defenses. “It is clear that we must accelerate our efforts to stay a step ahead of our adversaries,” he concluded, indicating that his warning is directed at both public and private entities across the UK.

The NCSC’s review indicates that the sectors most frequently reporting ransomware threats include academia, manufacturing, information technology, legal sectors, charities, and construction.

Furthermore, the report concludes that Russia’s ongoing military actions in Ukraine are motivating non-state actors to conduct cyberattacks against critical infrastructure in Western nations. The review also highlights threats from Chinese hacking groups like Volt Typhoon, which have targeted US infrastructure and potentially laid the groundwork for future disruptive cyber operations. In the UK, groups linked to Beijing have reportedly attempted to infiltrate the emails of Members of Parliament and compromise the Electoral Commission’s databases.

Additionally, there is evidence that Iran is enhancing its cyber capabilities with intentions to disrupt UK operations, while North Korean hackers are focusing on cryptocurrency targets to fund their regime and are actively seeking to steal defense-related data.

The NCSC posits that UK businesses may also be at risk from North Korean operatives masquerading as freelance IT professionals in an attempt to generate capital for the Pyongyang regime.

Alan Woodward, a cybersecurity professor at Surrey University, noted that the NCSC is urging both the private and public sectors to remain vigilant and proactive in cybersecurity measures. “The government aims to raise alarm bells, but there appears to be a sense that not all parties are responding adequately,” he cautioned.

Source
www.theguardian.com