Criminal hackers carrying out ransomware attacks now represent a bigger risk to UK national security than online espionage by hostile states, Britain’s cyber defence chief has warned.
Lindy Cameron, chief executive of the National Cyber Security Centre — a branch of GCHQ — urged Britons to wake up to the threat from ransomware hackers, in a speech to London’s Royal United Services Institute on Monday.
Cameron described Chinese cyber attacks on UK industry as “something our companies treat as business as usual”, and highlighted that North Korea and Iran use digital technology to “sabotage and steal”. She also accused Russia of using the web to seek “political advantage”.
However, Cameron said what she found “most worrying” was not state actors, but the wider failure to manage cyber risk. For the “vast majority” of UK citizens and businesses, including suppliers of critical national infrastructure and government services, “the primary threat is not state actors but cyber criminals”, the NCSC chief executive added.
Her warning comes after a worldwide proliferation in ransomware attacks — which typically paralyse a target’s computer networks and data until a payment is made.
The number of incidents rose by more than 60 per cent to 305m in 2020, according to data from SonicWall. Recent victims include Ireland’s health service, the US’s Colonial Pipeline and JBS, the Brazilian meat processing company, attacks which have focused minds on the risk to critical infrastructure and supply chains.
The White House believes both the Colonial Pipeline and JBS attacks were carried out by criminals based in Russia, and US President Joe Biden is expected to raise the issue during his meeting with Russian counterpart Vladimir Putin this week. Biden has indicated he is “open” to a proposal from Putin that Russia would hand over cybercriminals to the US if Washington did the same for Moscow.
Leaders of the G7 countries, who met in Cornwall this weekend, signalled their determination to clamp down on criminal hackers. They pledged in their summit communiqué that they would “urgently address” the “escalating shared threat from criminal ransomware networks”.
The communiqué also called on Russia in particular to “identify, disrupt, and hold to account” ransomware attackers and other cyber criminals, including those who “abuse virtual currency to launder ransoms”, within its borders.
In her speech on Monday, the NCSC chief executive said cyber criminals did not exist in a vacuum, and were “often enabled and facilitated by states acting with impunity”.
She added that while ransomware was historically the preserve of high-end cyber crime groups, the threat was evolving because of the “ransomware as a service” business model, in which malware tools and targets are sold online.