Covid Research Remains Prime Target For Cyberattacks – NCSC

coronavirus Image credit: World Health Organisation

Latest review of the UK’s cyber landscape reveals record number of cyberattacks, with Covid vaccine research remaining a prime target

The UK’s cyber guardians, the National Cyber Security Centre (NCSC), has published its annual review of the cyber threat landscape being faced in the United Kingdom.

The NCSC announced that in its annual review, it has witnessed a record number of cyber incidents, and indeed has offered support in 777 of these cases.

It said that it has seen ongoing cyberattacks on Coronavirus vaccine research, distribution, and supply chains – all vital areas as the world contends with over 5.1 million deaths globally (as of 17 November 2021) from Covid-19.

The NCSC's headquarters in Victoria. NCSC, security
The NCSC’s headquarters in Victoria. NCSC

Key findings

The NCSC review shows that it was involved in managing an unprecedented 777 incidents over the last twelve months – up from 723 the previous year.

And the bad news is that around 20 percent of organisations supported are linked to the health sector and vaccines.

To put this into context, NCSC dealt with an average of 643 cyber incidents since launching in 2016.

Other key statistics revealed in the NCSC’s Annual Review show that in the past 12 months, there have been 5.9 million reports of malicious content to the Suspicious Email Reporting Service – leading to the removal of more than 53,000 scams and 96,500 URLs.

During the past year NCSC has engaged with approximately 5,000 organisations providing an essential service during the pandemic, from well-known brands through to small businesses.

It has also issued guidance and threat assessments to over 80 companies and 14 universities. Last month for example, Sunderland University suffered a devastating cyberattack.

And the review also showed that the NCSC’s Active Cyber Defence programme has taken down 2.3 million cyber-enabled commodity campaigns, 442 phishing campaigns using NHS branding, and 80 illegitimate NHS apps hosted and available to download outside of official app stores.

Incident growth

NCSC said that the growth in the number of incidents handled by the NCSC this year is partially reflected in it’s ongoing work to proactively identify threats through the work of its Threat Operations and Assessment teams.

The health sector and in particular the vaccine rollout was a major focus for the NCSC, with the organisation’s world-leading services protecting NHS, healthcare, and vaccine supplier IT systems from malicious domains billions of times, it stated.

Over the past 12 months the NCSC also responded to a rise in ransomware attacks, and a range of services have been provided to businesses over the past year to help protect them from ransomware, the agency added.

These include the Early Warning Service alerting organisations to emerging threats through to cyber security advice for those working in education.

These efforts have come against a backdrop of responding to significant global incidents, including the attack on the SolarWinds IT management platform by Russia’s Foreign Intelligence Service – and a major ransomware attack on the American software firm Kaseya.

Challenging year

The NCSC began operations in October 2016, and it acts as the front-line base for providing government organisations and UK-based businesses with advice on how to defend against cyber threats.

“I’m proud of the way the NCSC has responded to what has been another hugely challenging year for the country as we all continue to navigate our way through the pandemic,” said Lindy Cameron, CEO of the NCSC.

“The support and expertise we have provided for stakeholders from government all the way through to the general public during the pandemic has been vital to keeping the country safe online,” said Cameron.

“Undoubtedly there are challenges ahead, but the upcoming National Cyber Strategy combined with the continued engagement from businesses and the public provides a solid foundation for us to continue reducing the impact of online threats,” said Cameron.

“This year we have seen countless examples of cyber security threats: from state sponsored activity to criminal ransomware attacks,” added Jeremy Fleming, Director of GCHQ. “It all serves to remind us that what happens online doesn’t stay online – there are real consequences of virtual activity.”

Russia threat

Last month Cameron had made clear that Russia remained the UK’s most acute cyber threat.

That warning came after a report from committee of MPs in July warned that Russia has been conducting a long-running cyber and interference campaign against the UK, and the Government is still playing catch up.

That report from the committee of MPs that oversee the work of MI5, MI6, and GCHQ, also warned that “Russia considers the UK one of its top Western intelligence targets.”

The NCSC has this year warned that Russia’s APT29 (also known as Cozy Bear) had been targetting Covid-19 vaccine researchers.

Worrying trends

One security expert said the NCSC research reveals a number of worrying trends, reinforcing the need for organisations to ensure they have in-depth protections in place.

“The UK’s National Cyber Security Centre reports that it responded to a record number of incidents in the last 12 months, noting a particular rise in ransomware attacks impacting healthcare organizations and government organisations,” noted Jonathan Lee, UK director of public sector and education at Sophos.

“We’ve seen these worrying trends reflected at both a UK and global level in our annual State of Ransomware survey,” said Lee. “To give just a few examples: worldwide more than one in three (34 percent) healthcare organisations were hit with ransomware in 2020. For central government the figure was a significant 40 percent.”

“The impact of these attacks is likely to have been severe for some of the victims – our research also found that around two in ten organisations in healthcare and central government don’t have a recovery plan in place for what to do after a malware incident,” warned Lee.

“This is why external, third party incident response, such as that reported on by the NCSC is so valuable,” said Lee. “We also found that half (50 percent) of IT managers in the UK, regardless of the sector they work in, believe that cyberattacks are now too advanced for the organisation’s IT team to deal with on their own and 41 percent say that ransomware attacks are increasingly hard to stop due to their sophistication.”

“Just under 80 percent of the incidents our own Rapid Response team was called in to help with this year involved ransomware – and these attacks are evolving all the time,” said Lee. “Our advice to organisations in all sectors, is to implement defence-in-depth that combines advanced security technologies with human-led threat hunting, so that the organisation can prevent, detect and respond to incidents at every stage of the attack chain. And to remember that there are organisations out there who can step in to help should the worst happen.”

Reach out

Another expert was not surprised at the amount of incidents the NCSC has had to deal with over the past 12 months, and urged firms to reach out for support.

“It’s alarming to see the number of cyber incidents increasing but these figures are far from surprising,” said Jude McCorry, CEO of Scottish Business Resilience Centre. “Most businesses have been focussed on recovery over the last year – understandably – but this has left them vulnerable to the threats of opportunistic cyber criminals.”

“While the report focuses on Covid related incidents, it’s important to note the upward trajectory in cyber crime overall,” said McCorry. “Now more than ever, individuals and businesses must be on high alert for sophisticated cyber scams.”

“It’s definitely not the time for anyone to let their guard down,” said McCorry. “The NCSC does an incredible job of monitoring, managing and preventing such incidents – without them it is likely these figures could have been much higher.”

“Nonetheless, these figures are a stark reminder to organisations that they must take a proactive approach to their cyber planning,” McCorry concluded. “But they don’t have to do this on their own. There is a broad range of support available – from workshops like Exercise in a Box and programmes to upskill board members, to online resources and advice lines to ensure businesses have the practical support they need to ensure they do not become a statistic.”