From the NCSC annual report
One of the most important roles of the NCSC is to identify, monitor and analyse key cyber security threats, vulnerabilities and risks. This informs how the organisation, wider government and the whole of society can keep ahead of and respond to these challenges. Over the past year, the cyber security threat to the UK has evolved significantly. The threat from ransomware was ever present – and remains a major challenge to businesses and public services in the UK. This year 18 ransomware incidents required a nationally coordinated response, including attacks on a supplier to NHS 111, and a water utility company, South Staffordshire Water. The most significant threat facing citizens and small businesses continued to be from cyber-crime, such as phishing, while hacking of social media accounts remained an issue. Official figures revealed there were 2.7m cyber-related frauds in the 12 months to March 2022 in the UK 1 .
Internationally, Russia’s invasion of Ukraine brought the cyber security threat into sharper focus in the UK. During the invasion, Russia sought to use offensive cyber operations to support their military campaign. However, like on the battlefield, Ukrainian authorities – assisted by the NCSC – created strong cyber defences, limiting the impact of Russian operations. Ukraine’s successful defensive operations were an exemplar to network defenders across the world.
While not as prominent as Russian operations in cyberspace, the Chinese Government’s cyber capabilities continued to develop. Beijing’s activity has become ever more sophisticated, with the state increasingly targeting third-party technology and service supply chains, as well as exploiting software vulnerabilities. This approach shows no sign of abating, with China’s technical evolution likely to be the single biggest factor affecting the UK’s cyber security in the future. Evolving state threats were not the only cyber security challenges this year: the proliferation and commercial availability of cyber capabilities continued and is likely to expand the threat to the UK. It is expected that further malicious and disruptive cyber tools will be available to a wider range of state and non-state actors and will be deployed with greater frequency and less predictability. Threats to the global supply chain continued to be apparent this year where attackers accessed target victim organisations’ networks or systems via third-party vendors or suppliers.
Meanwhile, the disclosure of the Log4j vulnerability highlighted the challenges where weaknesses in IT systems are exploited to deliver successful attacks. In response to these notable threats the NCSC stepped up its automated notification service Early Warning, which was launched in May 2021. By the end of August 2022 34 million alerts were sent to its 7,500 and growing members to inform them of potential threats, risks, vulnerabilities or open ports in their networks.
p class=”MsoNormal” style=”text-align: justify”>While the NCSC sought to stop as many attacks getting through as possible – 2.1 million commodity campaigns were removed this year – it worked throughout with its partners to respond to incidents when they occurred, and helped victims to recover. This year the NCSC managed the response to hundreds of incidents, 63 of which were nationally significant