Thousands of people are being targeted by hackers-for-hire every year in a growing phenomenon that will have a “profound impact” on UK national security over the next five years, Britain’s intelligence agency has warned.
The National Cyber Security Centre (NCSC), a branch of GCHQ, published a report on Wednesday warning of the “rising threat” to individuals and organisations from commercial spyware tools.
The NCSC said more than 80 foreign states have already purchased hacking software over the past decade, with some using it to target journalists, businesses, human rights activists, political dissidents and government officials.
But the intelligence body warned that the grey market will “almost certainly” expand over the next few years as hacking tools become more readily available, making it easier for foreign states such as Russia and China and rogue actors to target UK cybersecurity.
Jonathon Ellison, director of resilience at the NCSC, said this would “have a profound impact on the threat landscape” over the next five years, with attacks on individuals more frequent and “unpredictable”.
He said the UK “should expect to see high-profile exposures of victims”, with thousands of people already targeted every year as major hacking networks operate “at scale”.
It comes after Cabinet Office minister, Oliver Dowden, warned earlier on Wednesday that rogue Russian hacker groups are preparing to “disrupt or destroy” critical British infrastructure.
Speaking at the Cyber UK conference in Belfast, Mr Dowden likened the Russian operators to the Kremlin-linked Wagner Group of mercenaries, warning that “these [cyber] adversaries are ideologically motivated, rather than financially motivated”.
The Chancellor of the Duchy of Lancaster issued a “call to arms” to businesses to strengthen their security, as he announced plans to set “ambitious cyber resilience targets” for all critical national infrastructure sectors to meet within two years.
“A bricks-and-mortar business wouldn’t survive if it left the back door open to criminals every night. Equally in today’s world, businesses can’t afford… to leave their digital back door open to cyber crooks and hackers,” he said.
The NCSC has warned that the hacking marketplace is quickly becoming flooded with “off-the-shelf” spyware products and a growing number of hackers-for-hire — cyber experts who are paid to covertly infiltrate personal and company equipment to acquire information.
An investigation by the Sunday Times and the Bureau of Investigative Journalism last year revealed that hackers based in India were targeting British businesses, government officials and journalists at the behest of private investigators linked to the City of London.
Chris Mason, the BBC’s political editor, and former chancellor Philip Hammond were among senior public figures targeted. Mr Mason reportedly had his personal computer devices hacked just three weeks after being appointed by the BBC, while Mr Hammond was targeted whilst dealing with the fallout of Russia’s Novichok poisonings in Salisbury.
But whilst state-sponsored hacking continues to stoke concern, ransomware attacks by criminals remain the biggest threat to British national security and businesses, according to the NCSC.
Ransomware attacks usually paralyse a target’s computer networks until a payment is made, with most of the criminal groups responsible based in and around Russia, the organisation said.
Russian-linked cyber criminals earlier this year published vast swathes of stolen Royal Mail data on the dark web after the company refused pay a £65.7m ransom fee.
LockBit, a ransomware group based in Russia, claimed to have released the personal details of more than 200 postal workers after Royal Mail failed to respond.
Royal Mail said it believed “the vast majority of this data is made up of technical programme files and administrative business data” and that no employee details had been compromised.
Source link