The UK’s critical national infrastructure is subject to an “enduring and significant” threat of cyber attack, the National Cyber Security Centre (NCSC) has warned.
In its new annual review, the organisation has warned that the emergence of a new class of cyber activity in the form of state aligned actors, often sympathetic Russia’s invasion of Ukraine, has created a new threat.
Along with an increase in aggressive cyber activity and ongoing geopolitical challenges, this is creating a need to accelerate work to keep pace, particularly to enhance cyber resilience in critical sectors.
This followed the issuing of a joint advisory by the NCSC earlier this year revealing details of Snake malware, which has been a core component of espionage operations carried out by Russia’s Federal Security Service.
The review also points to actors affiliated to the states of China and Iran as threats. It has called for a continued collaboration with allies and the technology industry to further develop its understanding of the cyber capabilities threatening the UK.
Evolution of threat
NCSC chief executive officer Lindy Cameron said: “The last year has seen a significant evolution in the cyber threat to the UK – not least because of Russia’s ongoing invasion of Ukraine but also from the availability and capability of emerging tech.
“As our annual review shows, the NCSC and our partners have supported government, the public and private sector, citizens, and organisations of all sizes across the UK to raise awareness of the cyber threats and improve our collective resilience.
“Beyond the present challenges, we are very aware of the threats on the horizon, including rapid advancements in tech and the growing market for cyber capabilities. We are committed to facing those head on and keeping the UK at the forefront of cyber security.”
The review also highlights a new trend of malicious actors targeting the personal email accounts of high profile and influential individuals involved in politics. Rather than a mass campaign against the public, the NCSC warns that there is a “persistent effort” by attackers to specifically target people who they think hold information of interest.
It assesses that personal as opposed to corporate accounts are being targeted as security is less likely to be managed in depth by a dedicated team. In response, earlier this year the NCSC launched a new opt-in service for high risk individuals to be alerted if malicious activity on personal devices or accounts is detected and to swiftly advise them on steps to take to protect themselves.
Another emerging threat is the capacity of large language models AI to generate fabricated content and realistic bots to spread disinformation more easily. This is likely to become more advanced in the run-up to the next UK general election, the NCSC warns.