Cyber incident reports hit ‘all-time high,’ warns UK NCSC

The number of cyberattacks reported to Britain’s National Cyber Security Centre (NCSC) hit an “all-time high” over the past year, the agency announced on Tuesday.

Of the 2,005 voluntary reports sent to the agency by victims — a 64% increase on last year’s figures — 371 were so serious that NCSC’s incident management team had to triage the response, according to its new annual review.

The NCSC said that 62 of these incidents were deemed to be nationally significant, and that four of those — which were not specifically identified — were “among the most severe incidents the NCSC has had to manage.”

The highest proportion of incidents handled by the NCSC were linked to applications being hacked, including 13 nationally significant incidents involving the exploitation of a vulnerability (CVE-2023-3519) affecting Citrix’s networking product NetScalers.

That vulnerability initially was exploited, according to researchers from cybersecurity business Fox-IT, with the threat actor placing webshells on specific vulnerable services to maintain access after the product was rebooted or patched.

But after a patch was available, the remaining unpatched vulnerable services left online were then exploited on a larger and automated scale.

It is not explicit whether the 13 incidents that earned a response from NCSC’s incident management team were due to the initial or secondary wave of attacks, although the agency bemoaned poor cyber-hygiene.

Alongside describing its workload, the NCSC — which is a part of the signals intelligence agency GCHQ — warned that it was “highly likely” the cyber threat to Britain’s critical national infrastructure had heightened over the past year, with multiple sectors drawing unwanted attention from state-sponsored and criminal hackers.

The threat to national assets that the U.K. “relies on for the everyday functioning of society” remained particularly acute from financially motivated ransomware gangs, said the NCSC, however it cautioned against the “misconception that state activity is all about espionage.”

Russia, China, Iran and North Korea were all identified as state sponsors of cyber activities that had targeted the United Kingdom and its allies over the past 12 months..

The annual review quoted Jen Easterly, the director at the U.S. Cybersecurity and Infrastructure Security Agency (CISA), who described China state-sponsored activity targeting critical infrastructure as more likely being intended to position the attackers for “disruption and destruction” rather than espionage or data theft.

In a speech at the CyberUK conference in Belfast earlier this year, a British government minister warned “emerging Wagner-like cyber groups are attempting to cause maximum damage to the UK's critical national infrastructure.”

The NCSC on Tuesday said: “While we don’t believe, right now, that anyone has both the intent and capability to significantly disrupt infrastructure within the UK, we know that we can’t rely on that situation persisting indefinitely.”

Election year

The annual review also warned that, with the United States and United Kingdom expected to hold elections next year — alongside numerous allies and partners, from Belgium to India — the democratic world could expect to see the integrity of its electoral systems tested again.

Although general elections in the United Kingdom are conducted using a pencil and paper for ballots —- “significantly reducing the chances of a cyber actor affecting the integrity of the results,” explained the NCSC — the act of voting itself merely “marks the end of the sprint,” states the report.

“The next election will be the first to take place against the backdrop of significant advances in AI. But rather than presenting entirely new risks, it is AI's ability to enable existing techniques which poses the biggest threat.”

The ability for large language models to automatically generate fabricated text and other generative algorithms to produce realistic images could empower the spread of disinformation and manipulation, states the report.

Last month, an AI-generated audio clip posted to social media falsely purported to show Britain's opposition leader Keir Starmer verbally abusing his staff. The authenticity of the recording was debunked for Recorded Future News by Reality Defender, a deepfake detection business [Editor's Note: Following publication, The Record's parent company informed us that it was an investor in Reality Defender. This was unknown at the time of writing — The Record is an editorially independent unit of Recorded Future].

Authorities in the U.K. are already bracing for this kind of interference ahead of the country’s general election next year, in the wake of similar attempts to influence recent elections in Slovakia.

Two days before the polls opened there on September 30, faked audio clips were published on social media attempting to incriminate an opposition party leader and a journalist with rigging the election by plotting to purchase votes.

Publicly debunking the audio was a challenge because of the country's election laws, which strictly ban both the media and politicians making campaigning announcements in the two days before the polls open.

As reported by Wired, as an audio post the fake “exploited a loophole in Meta’s manipulated-media policy, which dictates only faked videos — where a person has been edited to say words they never said — go against its rules.”

In its annual review, the NCSC stated: “The protection of democratic processes will be a focus for the NCSC in the UK, as well as for global partners, as key elections shape the coming year.”