NCSC warns of continuing significant cyber threats to UK

Evolving threat landscape and rise of state-aligned groups pose new threats to UK, the National Cyber Security Centre warns.

The UK needs to step up its work to keep pace as critical sectors face ‘enduring and significant’ cyber security threats, partly due to a rise of state-aligned groups and an increase in aggressive cyber activity, the National Cyber Security Centre’s (NCSC) seventh Annual Review shows.

Action is required most urgently in the sectors that provide safe drinking water, electricity, communications, transport and financial networks, and internet connectivity.

Lindy Cameron CB OBE
Lindy Cameron CB OBE,
CEO NCSC. Photo: NCSC

“First, we must improve the UK’s cyber resilience to the most significant cyber risks,” said NCSC CEO Lindy Cameron. “We will continue to improve our understanding of the threats we face and use this knowledge to strengthen resilience in the areas that carry the most risk for the UK, be that across government or to the companies involved in delivering our critical national infrastructure.”

Ransomware remain one of the biggest threats, and between September 2022 – August 2023, NCSC received 297 reports of ransomware activity. The top five sectors reporting the attacks to the NCSC, were;

  • academia (50);
  • manufacturing (28);
  • IT (22);
  • finance (19); and
  • engineering (18).

This year, the NCSC received 2,005 reports in total, an increase of almost 64% from last year’s 1,226 reported cyber attacks. The number of attacks with national significance remained almost as before, yet more attacks were seen as more high-level and damaging than before.

The NCSC sent out 24.48 million alerts to organizations via the automated Early Warning service, warning of ongoing incidents in their systems.

“We live in a dangerous, volatile world … The new front line is online.”

Rt Hon Oliver Dowden CBE MP, Deputy Prime Minister

The NCSC also observed an emergence of a new type of cyber adversary in the shape of state-aligned actors, often sympathetic to Russia’s further invasion of Ukraine. These threats are more ideologically than. financially motivated.  

“The last year has seen a significant evolution in the cyber threat to the UK – not least because of Russia’s ongoing invasion of Ukraine but also from the availability and capability of emerging tech,” Cameron continued

Russia and China hacking

The NCSC also saw a new trend of malicious actors targeting the personal email accounts of high-profile and influential political individuals – especially people hackers think hold information of interest.

“We live in a dangerous, volatile world. The events of the last year have demonstrated the extent to which geopolitical crises and technological change impact us all, threatening not just our traditional security but our economic security. The new front line is online,” said the Rt Hon Oliver Dowden CBE MP, Deputy Prime Minister and Chancellor of the Duchy of Lancaster, and Secretary of State in the Cabinet Office.

As reported before, most of the ransomware criminal groups that target the UK continue to be based in Russian-speaking countries, followed by China and Iran. NCSC also noted that ransomware as a service’ models keep being used in the most high-profile cyber attacks against the UK. This model also lowers the barriers for smaller groups to inflict huge damage.

Deputy Prime Minister Oliver Dowden
UK Deputy Prime Minister Oliver Dowden. Photo: Rob Pinney/Getty Images

In last year’s review, NSCS said that China’s technical development and evolution was “likely to be the single biggest factor affecting the UK’s cybersecurity in the years to come”. Now, the NCSC continues to see evidence of China state-affiliated actors “deploying sophisticated capability to pursue strategic objectives which threaten the security and stability of UK interests”.

Iran, which carries out less sophisticated attacks than Russia and China, continues to use digital intrusions when attacking targets, which include theft and sabotage.

In September 2022, the NCSC and international partners observed how actors connected with Iran’s Islamic Revolutionary Guard Corps launched ransomware operations against multiple sectors, including critical national infrastructure organisations. Later in January 2023, UK organisations and individuals were targeted by spear-phishing campaigns with malicious links, trying to get hold of sensitive information from sectors including academia, defence, government organisations, NGOs, think-tanks, and politicians, journalists, and activists.

Risk of fake content in elections

The NCSC also warns that the rise of AI and the evolving geopolitical landscape are other significant areas of risk to the country’s electoral processes.

Anne Keast-Butler,
Director GCHQ.
Photo: GCHQ

With rapid AI developments, the NCSC believes that large language models (LLMs) will “almost certainly” be used to produce fake content and that hyper-realistic bots will make the spread of disinformation easier – which “are likely” to be seen in the upcoming UK general election, scheduled to take place by January 2025.

“The rapid rise of artificial intelligence is accelerating the pace of change, compounding the threats and lowering the barrier to entry. As a result, the cyber world is a more dangerous place than ever before, and cyber security is rising up our risk register,” Dowden continued.

“Technology is developing faster than ever, and, in an increasingly unpredictable world, our adversaries are seeking to use this change for their own advantage. We must ensure the UK retains its edge in the face of future cyber security challenges, including those emanating from China, which we know poses an epoch-defining threat in the years to come, as well as those posed by future technology shifts,” Cameron said.

“The last year has seen a significant evolution in the cyber threat to the UK – not least because of Russia’s ongoing invasion of Ukraine but also from the availability and capability of emerging tech.”

NCSC CEO Lindy Cameron

But the development of rising threat factors also provides opportunities to improve cybersecurity with AI, said Anne Keast‑Butler Director of the UK Government Communications Headquarters (GCHQ).

“AI has the potential to improve cyber security by dramatically increasing the timeliness and accuracy of threat detection and response, and while AI offers fantastic opportunities, all sectors need to be clear‑eyed about the related cyber security risks,” she said.

The NCSC has decided to take a ‘secure by design’ approach to AI development, and says that it will help establish wider trust and use of the technology. Keast‑Butler also stresses the importance of ensuring diversity and ethics in every stage of AI’s development.

“Our primary objective is to ensure that cyber security does not become a secondary consideration but is recognised as an essential precondition for the safety, reliability, predictability, and ethics of AI systems,” the NCSC concluded.

The UK cyber security sector is growing, with close to 2,000 firms employing over 58,000 people and an estimated worth of about £10.5 billion ($13 billion). It is the largest UK security exports sub‑sector, increasing in value from £4 billion in 2020 to £5 billion in 2021 ($5 vs $6.2 billion) – a growth rate of 20%.