Chinese-linked hacking groups are responsible for a rising number of cyber attacks against the UK, the National Cyber Security Centre (NCSC) has confirmed.
Paul Chichester, director of operations at the NCSC, said it recognised that nation states such as China were using cyber attacks as a tool to pursue national strategy and national intelligence outcomes.
According to the NCSC’s annual review, the country “continues to be a highly sophisticated and capable threat actor”, and is targeting a wide range of sectors and institutions across the globe, including in the UK.
The warning came as government ministers wrote to leaders of hundreds of large businesses urging them to take concrete actions to manage cyber threats.
Last year, the Five Eyes intelligence agencies, including the UK, exposed a Chinese company operating a malicious botnet of 260,000 devices.
In August, they warned that Chinese state-sponsored actors were targeting the routers of major telecommunications providers, and using infected devices to pivot onto other networks.
There are concerns that some nation states, including Russia, are “pre-positioning” cyber capabilities in readiness to attack critical infrastructure. “We absolutely recognise that there is a threat there,” said Chichester. “The conflict in the Ukraine shows that Russia believes it can further its aims by disrupting critical infrastructure.”
AI is an enabler – not an existential threat
The NCSC also reported that hostile states are using artificial intelligence (AI) to increase the efficiency and frequency of their existing attack methods, but are not yet using the technology for novel attacks.
Actors linked to China, Russia, Iran and North Korea are starting to use large language models to evade detection, exfiltrate data, research security vulnerabilities and devise social engineering to gain access to systems.
Over the past 18 months, researchers have identified new AI threats, including automated spearphishing campaigns, hijacking cloud-based large language models, and data exfiltration.
The most significant AI-cyber developments in the near term will be from AI used for vulnerability research and the development of exploits, according to NCSC research.
NCSC chief technology officer Ollie Whitehouse said that AI in isolation is being used by attackers as a “natural productivity enhancer” and currently does not pose “an existential threat”.
It is being used by less experienced hackers to run more sophisticated attacks and by existing attackers to run operations at greater scale and depth.
“You can think of AI as being a productivity enhancement tool for an adversary,” he said. “We’re seeing it across a range of capabilities, from using it to develop malware, through to trying to integrate it into certain capabilities in order to avoid detection.”
Ransomware is most acute threat
For organisations in the UK, ransomware remains the most acute threat. Despite a spate of attacks on retailers this year, including Marks and Spencer, the Co-op and Harrods, cyber criminals are opportunistic and target organisations in any sector that is vulnerable.
Chichester said the NCSC reviewed reports from businesses hit by ransomware every day. “Sadly, every morning we’re seeing organisations like schools, charities, small businesses – people and organisations that are at the heart of the economy and society – that are absolutely having a dreadful day and having a really bad time,” he added.
The forthcoming Cyber Security and Resilience Bill, which will require organisations providing key infrastructure, including datacentres and managed service providers, to report cyber incidents within 24 hours, and provide more detail within 72 hours, would increase resilience across the UK.
Richard Horne said it was vital that board directors understood cyber security risks. “And I think it’s not just a case of commissioning reports, but being able to understand the urgency with which they need to act is really important,” he added.
Horne’s comments came as ministers wrote to the leaders of major companies asking them to step up security collaboration in the wake of rising cyber threats.
The letter asks company bosses to “take concrete actions” to manage cyber risks and boost their company’s protection against attacks.
It warns that cyber activity in the UK has become “more intense, frequent and sophisticated”, and can seriously disrupt organisations’ operations, impacting their workers, damaging their brand and profits.
