NCSC Head Says Russia Remains UK’s Most Acute Cyber Threat

Russian internet © Pavel Ignatov Shutterstock 2012

Russia remains the UK’s most acute cyber threat and the source of most ransomware attacks, says head of National Cyber Security Centre Lindy Cameron

The head of the National Cyber Security Centre (NCSC), Lindy Cameron, has made clear that Russia remains the UK’s most acute cyber threat.

And Cameron used her speech at Cyber 2021, Chatham House, to confirm that ransomware presents the most immediate danger to the UK, and she urged British businesses and individuals to follow best practice guidelines to mitigate the threat.

Cameron also added that while UK adversaries continue to engage in British IP theft via hacking or espionage, there is a new channel being exploited by rivals – namely acquiring the technology via acquisition or investments into British firms. This is “enabling our adversaries to effectively buy emerging technology rather than steal it,” Cameron warned

UK Threats

Cameron took over leading GCHQ’s NCSC from Ciaran Martin, who had led NCSC since it began operations back in October 2016.

During her speech Cameron reflected on the past year and noted significant cyber incidents, such as the SolarWinds compromise by the Russian Foreign Intelligence Service.

She also noted the ransomware attacks on Ireland’s Health Service Executive, which lead to months of disrupted appointments and services, as well as the ransomware attack on Hackney Council in London.

Cameron noted four trends at the moment.

First, the Coronavirus pandemic continues to cast a significant shadow on cyber security and is likely to do so for many years to come, with hackers continuing to attempt to steal vaccine data etc.

She also warned that criminals are now regularly using Covid-themed attacks as a way of scamming the public.

Ransomware threat

And then she highlighted the ransomware threat.

“Secondly, ransomware presents the most immediate danger to the UK, UK businesses and most other organisations,” she said. “Many organisations – but not enough – routinely plan and prepare for this threat, and have confidence their cyber security and contingency planning could withstand a major incident. But many have no incident response plans, or ever test their cyber defences.”

“But while ransomware continues to pose a threat, the methodology of ransomware criminals is evolving as they seek more effective ways to make money: in addition to shutting down an organisation’s ability to function, many now also threaten to publish exfiltrated data on the dark web,” said Cameron. “And their intention is clear: to increase pressure on victims to pay.”

“We expect ransomware will continue to be an attractive route for criminals as long as organisations remain vulnerable and continue to pay,” said Cameron. “we have been clear that paying ransoms emboldens these criminal groups – and it also does not guarantee your data will be returned intact, or indeed returned at all.”

The third trend noted by Cameron is supply chain attacks, “which continue to be an attractive vector at the hand of sophisticated actors and I think the threat from these attacks is likely to grow.”

Russia threat

Cameron’s fourth topic was technology itself, saying “we are all increasingly dependent on that technology and it is now fundamental to both our safety and the functioning of society, which gives us two challenges.”

“First, where the UK leads in an emerging technology, our adversaries may seek to steal that technology, traditionally through cyber espionage and IP theft,” she said. “But increasingly seeing this threat is evolving to include strategic foreign investment into those companies – enabling our adversaries to effectively buy emerging technology rather than steal it.”

And Cameron made clear that Russia remains the UK’s principle cyber threat.

“I doubt anything I’m about to say will come as a surprise to a well-informed audience like you because the Government’s Integrated Review published earlier this year makes clear that “Russia remains the most acute threat to our security,” she said.

“And we have been clear and consistent in calling out Russian cyber aggression. In addition to the direct cyber security threats that the Russian state poses, we – along with the NCA – assess that cyber criminals based in Russia and neighbouring countries are responsible for most of the devastating ransomware attacks against UK targets,” she said.

Ransomware scourge

The decision by Cameron to name Russia and the ransomware attacks that originates from its borders was noted by security experts.

“It’s right for the NCSC to identify ransomware as the biggest threat facing UK business, these attacks have the potential to completely paralyse any organisation, hijacking critical data and forcing many to handover large sums of money to break free,” said Chris Ross, SVP at Barracuda Networks.

“The days of businesses hoping for the best and assuming they won’t fall victim to a ransomware attack are well and truly over, and urgent action needs to be taken to prevent such threats and ensure the necessary backup support is in place to protect compromised data,” said Ross.

“Our recent study of 100 IT decision-makers revealed that ransomware attacks are extremely prevalent. In fact almost two-thirds of respondents (70 percent) admitted they had fallen victim to a network attack in the last 12 months, while two-thirds (65 percent) suffered a ransomware attack,” said Ross.

Effective tool

“Ransomware is without doubt the biggest threat facing UK businesses and remains a frighteningly effective tool for leaving organisations of all sizes completely at the mercy of cyber criminals,” added Torsten George, cybersecurity evangelist at Absolute Software.

“The risks have dramatically increased with the rise of remote working, with millions of people mixing home and work devices to answer emails and share company data, making it easier for employees to fall victim to scam emails which contain hostile threats,” said George.

“In recent attacks criminals have even started exploiting smart phone vulnerabilities to penetrate corporate networks,” said George. “Recently, a new trend has emerged whereby ransomware attackers not only encrypt an organisation’s systems, but also exfiltrate data and threaten to release it publicly if the ransom is not paid.”

“Besides applying fundamental measures to minimise exposure to ransomware attacks like implementing cybersecurity training, regularly updating anti-malware tools, and backing up data frequently, organisations must pay special attention to the state of their endpoints,” said George.

“Endpoint devices are often the launchpad from which ransomware spreads across the network,” said George. “Therefore, it’s vital to have the necessary systems in place to maintain full visibility and control over your device fleet to assure that you can survive inevitable attacks and continue to do business even under attack. This encompasses the ability to ensure that endpoint security controls are always healthy and functioning as intended to keep threat actors locked out.”

Human error

“All too often these ransomware attacks start with a phishing email,” added Tim Sadler, CEO at Tessian. “Why? Because cybercriminals are exploiting a major vulnerability in organisations’ security – employees on email.”

“These phishing attacks are advanced, and carefully designed to trick employees into clicking links, downloading malicious attachments or entering their account credentials which enable a cybercriminal to move laterally across the business,” said Sadler. “By posing as a trusted party on email or applying a sense of urgency to the messages, attackers can manipulate targets into complying with their requests. And they just need one employee to fall for it.”

“So, stop phishing attacks, and you significantly reduce the risk of ransomware attacks in organisations,” said Sadler. “Businesses that arm their employees with the tools and knowledge to spot phishing attacks will be less vulnerable to this growing danger.”