The threats faced in cyber security are constantly evolving, with state actors taking part in cyber espionage, and cyber criminal groups creating paid-for campaigns and offering services for hire. The National Cyber Security Centre (NCSC), a part of GCHQ, and the UK government’s technical authority for cyber security, have released their annual review for 2022 this month. This review looks at the cyber security threats and developments in the UK between September 2021 and August 2022, as well as looking ahead to the future challenges and potential mediations for the future. The review looks at evolving state threats, continued phishing and ransomware campaigns targeting businesses and individuals, and other cyber attacks faced by the UK, as well as what the NCSC, their partners, and other agencies around the world have done to combat these cyber threats. 

 

The NCSC named 5 types of cyber attack faced by the UK:  

• • • • • • • • • Ransomware 
                • Commodity attacks, such as phishing scams 
                • Proliferation (high-end disruptive offensive cyber capabilities and tools) 
                • Supply chain attacks 
                • Exploiting vulnerabilities, such as the widespread Log4j vulnerability attacks.  

 

The Threat of Ransomware 

Ransomware has been one of the biggest cyber threats over recent years, and its prevalence has continued, with NCSC revealing that they dealt with 18 ransomware incidents in the 12 months covered by the review that required a nationally coordinated response due to the severity and scale of the attack. An example given for these attacks includes the targeting of an NHS 111 software supplier, causing the shutdown of IT in August, which was later confirmed to be a LockBit 3.0 malware attack. Another of these attacks targeted water utility company South Staffordshire Water, which ransomware group Cl0p took credit for.  

The threat of ransomware is continuing to evolve, with researchers increasingly seeing the exfiltration of data prioritised within attacks, as businesses prove that they are willing to pay ransoms so as not to have their data published online. This used to be a secondary element to ransomware attacks, with encryption of data on the company’s system being the favoured form of attack. The NCSC published a joint security advisory with government agencies from the USA and Australia earlier this year to provide information about wide spread ransomware attacks, including details on how threat actors gained initial access into their victims systems, and the new emergence of Ransomware-as-a-Service (RaaS) such as Zeppelin RaaS. 

 

Cyber Fraud 

Previously published data shows that in the 12 months leading up to the report, 39% of UK businesses had suffered a cyber-attack, although the NCSC believe the actual number to be higher. This is because organisations may be hesitant to report an attack or data breach in order to save their reputation with clients and customers. 20% of those that reported an attack also confirmed that they faced a material outcome of the cyber crime, such as a loss of money or data. But ransomware isn’t the only threat faced by UK businesses, as the NCSC saw 2.7million cyber related frauds in the 12 months to March 2022. Small businesses and individuals were targeted in this way, through phishing, social media hacks, and commodity campaigns. 

In this year, the NCSC received reports of 8023 events of social media hacking, which is an increase of 23.5% from last year. Commodity attacks, which are high-volume, low-sophistication cyber attacks, such as phishing or other scams, and malware attacks, is reported as being the cyber threat that most of the public in the UK are likely to face. Cyber criminals often used current events to perform these phishing scams, in previous years utilising the COVID-19 pandemic, and more recently using the Russian invasion of Ukraine. Energy regulator Ofgem was used to trick victims in over 50 different phishing campaigns this year, with the topic of rising energy costs used to trick people into providing their financial credentials to the cyber criminals.  

 

Response to Threats 

NCSC worked to combat these attacks and managed the response to hundreds of incidents across the UK, 63 of which were nationally significant. As well as managing response to attack, the NCSC and their partners stopped 2.1million commodity campaigns. The NCSC runs an Active Cyber Defence (ACD) program, which contains many tools that can be used by businesses and the public to report and remediate online commodity attacks. The NCSC Takedown Service works with hosts to remove malicious websites and resulted in the removal of those 2.1million campaigns. The result of this service was that the share of global phishing remained at 2%, whereas in 2016 it was over 5%, and also the number of fake UK government phishing scams decreased by 46%, from 13k to 6k.  

Another tool in the ACD program is the Suspicious Email reporting Service (SERS). This was launched in 2020, and since then has received 13.7million reports, which have been actioned into the takedown of 174k scam URLs. This year, 6.5millionsuspicious emails have been reported using this service, resulting in 62k scam URLs being taken down. The number of reports to this service has increased this year by 20%, from 5.4million to 6.5million. This means not only that cyber crime is continuing to be a prolific threat, but also that individuals and businesses are starting to become more cyber literate, and can better identify a scam or threat when they are faced with one. 

 

State Actors 

A major cyber threat faced by the UK this past year was on a slightly larger scale, state threats from countries who use cyber capabilities for cyber-enabled espionage, destructive capabilities, theft, and data leaks. Back in 2020, the UK saw cyber attacks from Russia in which they attempted to steal COVID vaccine research, but this year the main cyber capabilities utilised by Russia were in the war with Ukraine, including DDOS attacks against the Ukrainian government, which occurred just hours before their initial invasion, showing their cyber operations were paving the way for their physical attacks. An attack on ViaSat, the Ukrainian communications company, aimed to interrupt military response, but is also caused disruption for other customers.  

Other evolving state threats include China, who have been targeting third-party technology and service supply chains in their state-sponsored cyber attacks, as well as exploiting new and zero-day vulnerabilities. In this report the NCSC also states “China’s technical development and evolution is likely to be the single biggest factor affecting the UK’s cyber security in the years to come”. Also highlighted in this report is Iran, a state known for exploiting known vulnerabilities in unpatched systems rather than developing attacks for zero-day flaws. In November 2021 a joint agency advisory was published warning of Iranian-backed attacks exploiting Microsoft Exchange and Fortinet vulnerabilities. The NCSC also describes North Korea as a capable cyber actor, as they have been found to conduct cyber theft for economic gain, although these attacks are not as sophisticated as the other state-backed threats mentioned in this report. 

 

Moving Forward  

Looking forward, the NCSC are continuing to monitor and respond to threats, and the proliferation of increased commercial availability of disruptive and offensive cyber capabilities and tools used by state and non-state actors. Products such as RaaS and hackers-for-hire are making it easier for criminals without the technical know-how to launch sophisticated and high-end attacks. Maintaining high cyber security at home and at work protects from the most common threats, such as phishing and other commodity attacks. Free tools and services for individuals and businesses are available from the NCSC to help bolster cyber defences across the UK to better protect the nation from current and future threats.