The UK government said that the country could be brought to a standstill by a catastrophic ransomware attack, according to a report by the National Cyber Security Centre (NCSC).

While fraud risk was one of the most significant threats businesses and people face from hackers, attacks on the UK’s critical national infrastructure was “a new and emerging threat,” it said. “This year has seen the emergence of state-aligned actors as a new cyber threat to critical national infrastructure, the continuation of Russia’s illegal invasion of Ukraine, and the concerns around the potential risks from AI.”

Proliferation

While Russia has had some success in targeting Ukrainian battlefield information with cyber-attacks, threats have also been directed at academics, think tanks, logistics and transport hubs, manufacturing companies, supply chains and internet-of- things devices. In addition to state cyberwarfare, Russian patriotic hackers are also active, including criminal gangs that sell ransomware-as-a-service products.

“The point here is to not assume you are not important enough for Russian spies to take an interest, if it furthers their aims and objectives.”

NCSC said that artificial intelligence is likely to accelerate the speed and scale of attacks significantly even if it does not create any new specific risks.

Incidents rise sharply

NCSC said that over the past 12 months incidents of cybercrime rose from 1226 reports to 2005 – an all-time high and an increase of 64 per cent. Its early warning system sent out over 24 million notifications informing organisations that they were under attack.

“This year we saw a jump in reports of cyber-attacks coming into the NCSC, but the volumes that reached the threshold of national significance remained broadly stable,” it said. “There were, however, more incidents at the top end of the scale, reflecting more high-level and damaging incidents against the UK.”

Resilience efforts

The publication of the National Cyber Security Strategy in 2022 forms the bedrock of the UK government’s fight against cyber-crime. It adopts a so-called “whole of society approach,” which aims to make both individuals and organisations as resilient as possible against attack.