Britain is underestimating the seriousness of the online threats it faces from hostile states and criminal organizations, the country's cybersecurity chief has warned.
Richard Horne, director of the GCHQ National Cyber Security Center, cited a threefold increase in “serious” incidents amid Russia's “aggression and recklessness” and China's “highly sophisticated” digital operations. do.
In his first major speech as head of the agency on Tuesday, Mr Horne warned that hostile activity in UK cyberspace has increased “with frequency, sophistication and intensity” by adversaries seeking to cause maximum disruption and destruction. He said that it is increasing.
Horn, who took on the role in October, spoke at the NCSC's London headquarters about the “aggressiveness and recklessness of the cyber activity coming from Russia” and how “China remains a highly sophisticated cyber attacker. We plan to point out that this continues to be the case. There is a growing ambition to project its influence beyond its borders. ”
“Despite all this, we believe the severity of the risks facing the UK has been widely underestimated,” he would say.
One expert said the comments were a “honk horn” call for businesses and public sector organizations to wake up to the scale of the cyber threat facing the UK.
Mr Horne issues the warning after the NCSC revealed a significant increase in serious cyber incidents over the past 12 months. According to the annual review, the agency responded to 430 incidents requiring assistance from September 1, 2023 to August 31, 2024, compared to 371 in the previous 12 months.
The report said 12 of the attacks were “at the highest level of scale” and “more serious in nature,” a threefold increase from the previous year.
“There is no room for complacency about the seriousness of state-sponsored threats or the scale of the threat posed by cybercriminals,” Horn said. “We need to improve the protection and resilience of critical infrastructure, supply chains, the public sector and the economy as a whole.”
Last week, Cabinet Office minister Pat McFadden warned that Russia could “turn out the lights for millions of people” with a cyberattack.
The NCSC's investigation does not distinguish between attacks by nation-states and incidents by criminal organizations. However, we know that a significant amount of that time is spent helping organizations respond to ransomware attacks, where criminal organizations paralyze targeted IT systems and extract sensitive data. The gang then demands a ransom payment in Bitcoin to return the stolen data.
Recent ransomware attacks against high-profile targets in the UK include the British Library and Synnovis, which manages blood testing for NHS trusts and GP services. According to the NCSC, there were 317 reports of ransomware activity last year, 13 of which were of “national significance.”
“The attack on Synovis showed how much we rely on technology to access health services, and the attack on the British Library showed how much we rely on technology to access knowledge. “It reminded us that we're in a good place,” Horn said. “These and other incidents demonstrate how closely technology is intertwined with our lives, and the human cost of cyberattacks.”
Ransomware gangs typically originate from Russia or former Soviet Union countries and appear to be tolerated in Russia as long as they do not attack Russian targets. However, according to the UK's National Crime Agency, one of the Russian cybercriminal organizations, Evil Corp, carried out attacks against NATO countries at the request of national intelligence agencies.
Horn added, “Since taking the helm of the NCSC, one of the things that has struck me most strongly is the contrast between the exposures and threats we face and the defenses that are in place to protect us.'' “The gap between them is clearly widening,” he added.
“And what is equally clear to me is that we all need to increase the pace of our work to stay ahead of our opponents.” Warning of “underestimated” has prompted UK public and private organizations to It is understood that it is directed at
According to the NCSC, the top sectors reporting ransomware activity this year were academia, manufacturing, IT, law, charities, and construction.
The agency's research shows that by invading Ukraine, the Russian regime is encouraging non-state actors to carry out cyberattacks against critical Western national infrastructure.
The review notes that Chinese hackers such as the Bolt Typhoon Group are targeting U.S. infrastructure and “may be laying the foundation for future devastating and destructive cyberattacks.” In the UK, groups linked to the Chinese government have been targeting the emails of members of parliament and voters. Committee database.
The report also states that Iran is “developing cyber capabilities and is prepared to target the UK to achieve its destructive and destructive objectives,” while North Korean hackers are It warns that North Korea is targeting cryptocurrencies and attempting to steal defense data to improve North Korea's internal security. military capabilities.
The NCSC also believes that British companies are almost certainly being targeted by workers from North Korea “posing as freelance third-country IT staff to obtain income for the North Korean regime”.
Alan Woodward, a cybersecurity professor at the University of Surrey, said the NCSC warned the public and private sectors to “keep their eye on the ball”.
“The government is trying to honk the horn,” he said. “I feel like not everyone is listening yet.”
