In it’s second annual review, published on Tuesday, the National Cyber Security Centre (NCSC) revealed it has handled more than 10 attacks a week in the last two years – the majority of which it traced back to “nation states in some way hostile to the UK”.
The NCSC became fully operational in 2016, and since then it has handled 1,167 cyber incidents, including 557 in the last 12 months.
The majority of the attacks “were undertaken by groups of computer hackers directed, sponsored or tolerated by the governments of those countries,” writes Ciaran Martin, CEO of the NCSC.
“These groups constitute the most acute and direct cyber threat to our national security.”
None of the incidents fell into the so-called category one – a strike with potential risk to life. However, Mr Martin warned that such an attack was highly likely.
“I remain in little doubt we will be tested to the full, as a centre, and as a nation, by a major incident at some point in the years ahead,” he said.
Category-one attacks are “national emergencies, causing sustained disruption of essential services, leading to severe economic or social consequences – or to a loss of life”, the NCSC warned.
The most prominent cyber attack on the UK, the WannaCry malware attack on the NHS, was classed by NCSC as a category two attack, defined as having “a serious impact on a large portion of the population, economy or government”.
WannaCry is a ransomware worm that spread rapidly through across a number of computer networks in May of 2017. After infecting a Windows computers, it encrypts files on the PC’s hard drive, making them impossible for users to access, then demands a ransom payment in bitcoin in order to decrypt them.
A number of factors made the initial spread of WannaCry particularly noteworthy: it struck a number of important and high-profile systems, including many in Britain’s National Health Service; it exploited a Windows vulnerability that was suspected to have been first discovered by the United States National Security Agency; and it was tentatively linked by Symantec and other security researchers to the Lazarus Group, a cybercrime organisation that may be connected to the North Korean government.
Alongside this report, foreign secretary Jeremy Hunt accused Russia’s intelligence service, the GRU, of waging a campaign of “indiscriminate and reckless” cyber strikes targeting institutions across politics, businesses, media and sport.
In a damning speech, Hunt stated;
“These cyber attacks serve no legitimate national security interest, instead impacting the ability of people around the world to go about their daily lives free from interference, and even their ability to enjoy sport.
“The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens. This pattern of behaviour demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences.
“Our message is clear: together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.”
The National Cyber Security Centre (NCSC) identified that a number of cyber actors widely known to have been conducting cyber attacks around the world are, in fact, the GRU. These attacks have been conducted in flagrant violation of international law, have affected citizens in a large number of countries, including Russia, and have cost national economies millions of pounds.
And in 2017, the Ministry of Defence issued warnings about a Chinese espionage group known as APT10 hacking IT suppliers to target military and intelligence information.
Mr Martin describes nation state activity as “the most acute threat”, but says the most “chronic” risk comes from “high-volume cyber crime”, which is handled by the National Crime Agency (NCA).
The NCSC launched the Active Cyber Defence initiative in 2017 to deal with these attacks, and their ongoing work is helping to keep the UK safe from malicious cyber attacks.