Industry New

UK NSCS Highlights Risks to Critical Infrastructure

27 November 2023

The risk of critical infrastructure hacking in the United Kingdom likely grew in the last year, said the national cybersecurity agency, citing a slew of high-profile ransomware attacks.

In an annual report released Tuesday, the National Cyber Security Center highlighted cyber incidents experienced by the British postal service Royal Mail, a rural water utility and the National Health Service's urgent healthcare services number.

Russia's invasion of Ukraine is a main driver of growing risk in cyberspace, the agency said. The invasion is causing a growing number of ransomware groups to pivot toward state-aligned hacking activities, the report says.

"Over the past 18 months we have seen a new class of Russian cyber adversary emerge. State-aligned actors," the report says. "They have been emboldened to act with impunity regardless of whether or not they have Russia's backing."

These Russian-speaking crime groups are ideologically driven rather than financially motivated, and they often hack Western nations that are critical of Russia by disrupting services, with or without Russia's backing, the report says.

In addition to Russian-speaking groups, the U.K. also experienced increased attacks from Chinese groups. In a May joint alert with members of the international Five Eyes intelligence alliance, the NCSC warned that Chinese hackers favor "living off the land" techniques to avoid being seen.

"This allows the actor to evade detection by blending in with normal Windows system and network activities, avoid endpoint detection and response," the agency said.

The NCSC also warned that threat actors are likely to take advantage of the developments in artificial intelligence to carry out attacks against electoral systems.

"But rather than presenting entirely new risks, it is AI’s ability to enable existing techniques which poses the biggest threat," the agency said of the risks to the U.K. general elections slated to be held in 2025.

The challenges include use of AI-generated deepfakes and other content by threat actors to spread disinformation and the potential use of the technology by hackers to increase the speed and precision of their hacks. Threat actors could also exploit vulnerabilities in AI systems to carry out prompt attacks, the agency added.

The agency said it intends to harness AI for its own ends, saying it will "use AI to spot mutated forms of malware to enable the identification and release of indicators of compromise (IOCs) more quickly than traditional software reverse engineering or code matching allows."