Russia, China, Iran and North Korea pose ‘strategic national security threats to the UK’, boss of NCSC warns
The National Cyber Security Centre (NCSC), part of the UK intelligence agency GCHQ, has published its annual review regarding the online world.
The report covers the period 1st September 2018 to 31st August 2019, and revealed that it has ‘handled’ 658 attacks on 900 organisations, including schools, airports and emergency services.
This brings the total number to almost 1,800 since the NCSC’s formation in 2016. A significant number of incidents continue to come from hostile nation states, it warned, pointing the finger at Russia, China, Iran and North Korea, which the NCSC said poses ‘strategic national security threats to the UK’.
The report also stated that NCSC took down 177,335 phishing URLs in the period, which meant that the country’s share of visible phishing websites is now down to just 2 percent as of August 2019.
The NCSC also said it had thwarted more than one million cases of suspected payment card fraud in the past year. This was done through ‘Operation Haulster’, which sought to uncover which payment cards were being targeted by online fraudsters.
“Increasingly, criminal groups are using criminal marketplaces in cyberspace to buy and sell personal information and credit card details,” said the NCSC. “Haulster takes stolen credit cards collected by the NCSC and partners, then, working with UK Finance, repatriates them to banks, often before they are ever used for crime. Card providers are then able to block cards to protect both financial institutions and the public.”
The NCSC also said that it had thwarted ATM attacks.
“On multiple occasions, the NCSC has alerted UK financial institutions to imminent threats from ATM cash-out fraud at home and abroad,” it said. “This is where cyber criminals compromise banking and payment infrastructure, and obtain card details that can be used to withdraw large sums of cash from ATMs. Once already in-progress, these attacks can be difficult to stop.”
“As a result, banks swiftly put defensive measures in place that protect them against financial loss and reputational damage,” it said. “Most recently, the NCSC alerted 56 banks to a specific ATM cash-out threat after receiving actionable information. As a result, the banks were able to block any attempt by the attackers to fraudulently withdraw money from customer accounts.”
The NCSC also pointed out the hostile actions of nation-state threat actors.
“The NCSC works collaboratively with a strong network of partners in the UK and internationally,” it said. “Through this work with partners, the NCSC knows more about its main nation state threats, including Russia, China, Iran and North Korea, than it ever has before.”
“This review gives a real insight into the breadth of outstanding work done by the NCSC and underlines why we are a world leader in cyber security,” said NCSC Chief Executive Ciaran Martin.
“From handling more than 600 incidents – many from hostile nation states – to equipping the public with the tools they need to stay safe online, we are employing our expertise on a number of fronts,” he added.
Earlier this week UK and US intelligence agencies warned that a Russian hacking group sought to cover its tracks by hijacking tools and techniques used by Iranian hackers.
The “piggybacking” activity by the Russian Turla group is “unique” in its level of “complexity and scale and sophistication”, said Paul Chichester, director of operations for the NCSC earlier this week.
The NCSC annual review triggered a number of responses from the cyber security sector, with one expert warning that businesses need to reconsider the way they defend their organisations.
“Nation states and criminal groups are making persistent and creative attempts to disrupt our society’s organisations,” said Dave Palmer, director of technology at Darktrace. “Across the world, we see these groups conducting attacks beyond straightforward data theft like manipulating data to damage operational facilities or undermine trust in critical services.”
“The way organisations were securing data and systems in the past is not good enough in the face of modern threats,” said Palmer. “Today’s review from the UK’s NCSC reminds us that governments and businesses must find new approaches to defence that can cope with the unexpected.
Another expert emphasised the responsible approach businesses must take to cyber security nowadays, and the need to be proactive.
“Cyberattacks represent one of the most dangerous threats to businesses today and the latest figures from the NCSC demonstrate the importance of a responsible approach to tackling modern-day cybersecurity issues – that is, being proactive not reactive,” said Rob Norris, VP enterprise and cybersecurity EMEIA at Fujitsu.
“As technology makes payments easier for customers, it is critical that organisations work with government institutions to better secure the infrastructure and security posture of UK businesses,” said Norris.
“Organisations are starting to recognise that the effect of cybercrime is more than just a bad headline and in compromising the data of their customers, they are also breaching the most golden of pacts – trust – that can cause more problems in the aftermath of an attack,” said Norris. “We found that 39 percent of UK citizens admitted to having less trust in organisations than they did five years ago – showing the long-term impact that incidents such as cyberattacks have had on the public’s opinion towards how their data is handled.”
Another expert warned that people’s attitudes to privacy have changed a lot over the past five years.
“Attitudes to privacy have changed significantly over the last 5 years, and we’ve seen some significant restrictions in what’s acceptable and possible, particularly in the case of social media monitoring,” said Patrick Martin, head of threat intelligence at digital risk protection specialist Skurio.
Another expert expressed caution when attributing cyber-attacks to particular nation states.
“The National Cyber Security Centre does a laudable job with proactive, preventive and educative efforts in the cyberspace,” said Ilia Kolochenko, founder and CEO of web security company ImmuniWeb.
“Their transparent communications with the stakeholders are likewise greatly beneficial and serve as a decent example to other European countries,” said Kolochenko. “I would, however, be prudent with attack attribution by geography, especially when we are talking about APTs and otherwise sophisticated attacks.”
“For example, it is not that infrequent to see cybercriminals purposely taking control of law enforcement IT infrastructure and using it as an exit point when currying out intrusions,” said Kolochenko. “Political tensions and the complexities of international criminal law exacerbate an already overly complicated incident forensics process, often making breaches technically uninvestigable. Thus, reliable attack attribution remains a highly complicated challenge today.”
Do you know all about security? Try our quiz!