UK cyber-threat agency confronts Covid-19 attacks

Gordon Corera
Security correspondent, BBC News
@gordoncoreraon Twitter

Image source, Getty Images

More than a quarter of the incidents which the UK's National Cyber Security Centre (NCSC) responded to were Covid-related, according to its latest annual report.

The review covers the period from September 2019 to August 2020, so the pandemic occupied an even higher proportion of the agency's efforts after the first lockdown began.

In total there were 723 incidents of all kinds, marking close to a 10% rise on the previous period.

Of those, 194 were Covid-related.

Some of the incidents related to countering nation-state attacks, but most were criminal in nature, the GCHQ division reported.

It also disclosed that it had thwarted 15,354 campaigns that had used coronavirus themes as a "lure" to fool people into clicking on a link or opening an attachment containing malicious software.

Some involved fake shops selling PPE (personal protective equipment), test kits and even vaccines.

Vaccine hackers

Protecting the NHS and health-related research has been a priority, the report said..

In July, the UK accused Russia of trying to steal vaccine-related information through cyber-espionage.

And officials said they had continued to see an "ongoing threat" of states targeting the vaccine research-and-delivery programme.

The NCSC said it had scanned more than one million NHS IP (internet protocol) addresses to look for vulnerabilities, and had shared 51,000 indicators of compromise.

It has also carried out "threat hunting" to look for security risks on connected devices, and worked on the security of the NHS Covid-19 contact-tracing app.

Aggressive ransomware attacks

The NCSC also warned ransomware attacks had become more common.

Ransomware locks people out of their computers and demands victims make a blackmail payment to restore access - and even then it is not always granted.

The NCSC said it had handled more than three times as many ransomware incidents as in the previous year.

These included an attack against Redcar and Cleveland Council which, the officials said, had "caused considerable damage and disruption".

The report added the NCSC had observed a growing trend for such attacks to be more targeted and aggressive than previously.

Rather than just locking people out of access to their data until a ransom was paid, attackers often warned they would embarrass victims if they refused to comply.

"We have seen the threat of data being leaked," Paul Chichester, director of operations, told the BBC.

Examples included details of staff salaries being published online.

This meant victims were at risk even if they have backed up their data.

However, the NCSC said the UK did not appear to be as heavily targeted as some countries, because British victims were less likely to pay the attackers.

Punch-tape replacement

The NCSC has also been working to increase skills and diversity in the cyber-security industry.

It said almost 12,000 girls had taken part in its 2020 competition. However, an advert for the government's related CyberFirst campaign was widely criticised last month for featuring a ballerina and the slogan "Fatima's next job could be in cyber".

Image source, Cyber First/UK Government
Image caption,
NCSC has said it was not involved in the creation of the CyberFirst poster

The report also highlighted the agency's role in protecting parliament as it became "virtual" to prevent hacking of debates or votes.

And it revealed that the NCSC had just updated the system for producing cryptographic keys, which encrypt classified government and military systems.

A new electronic system was introduced to replace old-fashioned punch-tape.