UK NCSC responded to 63 “nationally significant” cyber incidents in past year

The UK National Cyber Security Centre (NCSC) responded to 63 “nationally significant” cyber incidents between September 1, 2021, and August 31, 2022. According to the NCSC’s Annual Review 2022, these incidents included a range of malicious cyber activity such as ransomware, reconnaissance, malware and network intrusions, data exfiltration and disruption of services and systems. Nation-state threats were a significant driver of such malicious activity, with the NCSC citing the likes of Russia and China as posing significant threats to UK and global cybersecurity.

Nation-states pose increasing threats to UK cybersecurity

In its review, the NCSC wrote, “While many countries use malign cyber capabilities to some extent, including to control their domestic information environments, the regimes that continued to present the most acute cyberthreat to the UK and its interests were Russia, China, Iran and North Korea.” The type of threats posed by these states varied widely, the NCSC added, including:

• Cyber-enabled espionage – unauthorised access or transfer of secret, classified or sensitive information to gain advantage over rivals.
• Destructive cyber capabilities – using tools such as wiper malware to damage IT systems or institutions.
• Cyber-enabled theft to further strategic advantage or domestic control, for example of Intellectual Property or personal data of citizens.
• Hack and leak – stealing and publishing sensitive or restricted information to embarrass states or institutions or to undermine social cohesion.

Russia’s invasion of Ukraine and the use of cyber operations within was the most significant development in the cybersecurity threat landscape in the last year, whilst China’s technical development and evolution is likely to be the single biggest factor affecting the UK’s cybersecurity in the years to come, the review stated. “In the coming years, with the proliferation of commercially available capabilities, the NCSC anticipates a wider number of states possessing the ability to pose threats to the UK’s cybersecurity,” it read.

Commenting, Sir Jeremy Fleming, director of GCHQ, stated, “It is clear the cybersecurity threat is diversifying and evolving. We are seeing more states with cyber capabilities and more non state actors joining the mix. We are also experiencing a shift in technology leadership towards the East. These factors and more have implications for the cybersecurity threats we all face.”

UK NCSC co-ordinated national response to 18 ransomware attacks

During the last year, the NCSC co-ordinated the national response to 18 ransomware attacks including the attacks on a supplier to NHS 111 and South Staffordshire Water. The NCSC stated that ransomware continues to pose one of the most significant cybersecurity threats to businesses in the UK and, given its potential impact on critical national infrastructure and essential services, is considered a national security risk. Most of the ransomware criminal groups that target the UK continue to be based in and around Russia, it added.

“The NCSC continued to see increased use of ransomware as a service (RaaS) where ransomware variants are leased to less-skilled affiliates who can launch cyberattacks without building the ransomware themselves,” the review read. “This opens the ransomware attack vector to a wider range of criminal actors where previously it was restricted to those with the requisite technical expertise.”

NCSC CEO Lindy Cameron warned that ransomware remains the most acute threat UK organisations face. “These attacks have genuine real-world consequences and are a reminder to all organisations of the importance of taking the important mitigation measures set out in our guidance.”