NCSC: UK Facing “Enduring and Significant” Cyber-Threat

The UK’s critical infrastructure (CNI) providers face a persistent and critical threat from emboldened state-backed and aligned actors, a leading UK cybersecurity agency has warned.

The National Cyber Security Centre (NCSC), part of GCHQ, issued the warning in its Annual Review 2023.

Over the past year it has repeatedly sounded the alarm over the activity of Russian threat actors, which it claims could be preparing destructive attacks on the UK’s CNI. That’s in addition to the ransomware groups sheltered by the Kremlin which are responsible for “the most high-profile cyber-attacks against the UK.”

However, the review also warned of the “significant and enduring” threat from:

  • Chinese state-backed actors who use sophisticated techniques to pursue “strategic objectives which threaten the security and stability of UK interests”
  • Iran, which uses less sophisticated intrusions to achieve theft and sabotage targeting specific sectors like academia, defense, government, NGOs and think-tanks, as well as politicians, journalists and activists
  • North Korea, which continues to raise funds via cyber-theft and steal information and credentials from institutions, companies and government organizations

Read more on the NCSC: NCSC: Time to Rethink Russian Supply Chain Risks

The review also highlighted the threat to democracy posed by a new trend, whereby hackers target the personal email accounts of high-profile political actors looking for sensitive information. It added that deepfake campaigns will gather steam ahead of the next general election, which must take place before January 2025.

The NCSC received 2005 incident reports from UK organizations over the past year. This is a 64% annual increase, although the rise is due to new data collection methods. Of the 355 deemed serious enough for the special incident management team to handle, 62 were “nationally significant” – a number virtually unchanged from last year.

The NCSC described four of these as “among the most severe incidents” it has had to manage, “due to the sustained disruption they caused and the victims’ links to critical infrastructure via supply chains.”

In total, the agency sent nearly 24.5 million notifications to subscribing organizations of potentially malicious activity on their networks or exposure to a vulnerability.