In its seventh Annual Review, the National Cyber Security Centre (NCSC) has emphasised the ongoing and serious nature of the threat to the United Kingdom’s critical infrastructure.
The NCSC, a branch of GCHQ, used this opportunity to highlight the increasingly unpredictable threat landscape faced by the UK.
According to the review, the UK’s critical sectors, including essential services like water, electricity, communications, transport, financial networks, and internet connectivity, are under ‘enduring and significant’ threat. This risk is attributed partly to the rise of state-aligned groups and a noticeable increase in aggressive cyber activities.
In the past year, the NCSC has observed the emergence of a new class of cyber adversary in the form of state-aligned actors, often sympathetic to Russia’s further invasion of Ukraine. These actors are motivated ideologically rather than financially.
In May, the NCSC issued a joint advisory revealing the details of ‘Snake’ malware, a core component in Russian espionage operations carried out by Russia’s Federal Security Service (FSB) for nearly two decades.
NCSC CEO Lindy Cameron stated, “The last year has seen a significant evolution in the cyber threat to the UK – not least because of Russia’s ongoing invasion of Ukraine but also from the availability and capability of emerging tech.”
The Annual Review also points out a new trend of malicious actors targeting personal email accounts of high-profile and influential individuals involved in politics. This trend indicates a shift from mass campaigns against the public to specific targeting of individuals deemed to hold valuable information.
The NCSC assesses that personal accounts are targeted because their security is less likely to be managed in depth by a dedicated team. In response, the NCSC launched a new opt-in service this year for high-risk individuals to receive alerts if malicious activity is detected on personal devices or accounts.