The UK is underestimating the seriousness of the online threat it faces from hostile states and criminal gangs, the country’s cybersecurity chief will warn.
Richard Horne, director of GCHQ’s National Cyber Security Centre, will cite a triple of “serious” incidents amid Russian “aggression and recklessness” and China’s “highly sophisticated” digital operations.
In his first major speech as head of the agency, Horne will say on Tuesday that hostile activity in UK cyberspace has increased in “frequency, sophistication and intensity” by enemies who want to cause maximum disruption and destruction.
In a speech at the NCSC headquarters in London, Horne, who took office in October, will point out “the aggression and recklessness of the cyber activity we see coming from Russia” and how “China remains a highly sophisticated cyber actor, with growing ambition to project its influence beyond its borders.”
“And yet, despite all this, we believe the severity of the risk facing the UK is being widely underestimated,” he will say.
One expert described the comments as a “klaxon” call to businesses and public sector organizations to realize the magnitude of the cyber threat facing the UK.
Horne will make the warning as the NCSC reveals a significant increase in serious cyber incidents over the past 12 months. Its annual review shows that the agency had responded to 430 incidents requiring its support between September 1, 2023 and August 31, 2024, compared to 371 in the previous 12 months.
It says 12 of those attacks were at the “higher end of the scale” and were “more serious in nature,” three times as many as the previous year.
“There is no room for complacency about the severity of state-led threats or the volume of the threat posed by cybercriminals,” Horne will say. “The defense and resilience of critical infrastructure, supply chains, the public sector and our broader economy must improve.”
Last week, Cabinet minister Pat McFadden warned that Russia “can turn off the lights for millions of people” with a cyber attack.
The NCSC review does not reveal the division between attacks carried out by the State and incidents carried out by criminal gangs. However, it is understood that a significant amount of their time is spent supporting organizations responding to ransomware attacks, where criminal gangs cripple their targets’ IT systems and extract sensitive data. The gangs then demand a ransom payment in bitcoins to return the stolen data.
Recent ransomware attacks against high-profile targets in the UK include the British Library and Synnovis, which manages blood tests for NHS trusts and GP services. The NCSC says it received 317 reports of ransomware activity last year, of which 13 were “of national significance.”
“The attack on Synnovis showed us how dependent we are on technology to access our health services. And the attack on the British Library reminded us that we depend on technology to access knowledge,” Horne will say. “What these and other incidents show is how intertwined technology is with our lives and that cyberattacks have human costs.”
Ransomware gangs typically originate in Russia or former Soviet Union countries and their presence appears to be tolerated within Russia, as long as they do not attack Russian targets. However, a Russian cybercrime gang, Evil Corp, has carried out attacks against NATO countries at the behest of state intelligence services, according to the UK’s National Crime Agency.
Horne adds: “What has struck me more than anything else since taking command of the NCSC is the widening gap between the exposure and threat we face, and the defenses that exist to protect us.”
“And what is equally clear to me is that we all need to increase the pace at which we work to stay ahead of our adversaries.” The “understated” warning is understood to be aimed at UK public and private sector organisations.
The NCSC says the top sectors reporting ransomware activity this year were academia, manufacturing, IT, legal, charities and construction.
The agency’s review says the Russian regime, through its invasion of Ukraine, is inspiring non-state actors to carry out cyberattacks against critical national infrastructure in the West.
The review points to Chinese hackers such as the Volt Typhoon group, which has attacked US infrastructure and “could be laying the groundwork for future disruptive and destructive cyber attacks”, while in the UK groups linked to Beijing have attacked the emails of parliamentarians and the Electoral Congress. Commission database.
The report also warns that Iran “is developing its cyber capabilities and is willing to target the United Kingdom to meet its disruptive and destructive objectives,” while North Korean hackers targeted cryptocurrencies to raise revenue and attempted to steal defense data to improve Pyongyang’s internal security. military capabilities.
The NCSC also believes that UK businesses are almost certainly being attacked by North Korean workers “disguised as freelance IT staff from a third country to generate revenue for the DPRK regime”.
Alan Woodward, professor of cybersecurity at the University of Surrey, said the NCSC was warning the public and private sectors to “keep their eyes on it”.
“The government is trying to sound the siren,” he said. “The feeling is that not everyone is listening yet.”