Articles

Business Security is National Security – Cyber Attacks in UK

According to UK’s National Cyber Security Center (NCSC), the cyber security arm of GCHQ,  Britain will be hit by a life-threatening “category 1” cyber emergency in the near future. The NCSC’s annual review revealed it is currently repelling around 10 attempted cyber attacks every week, with “hostile states” said to be responsible for the bulk of thwarted strikes.

MI5, UK’s internal secret service defines “Cyberspace” as the term used to describe the electronic medium of digital networks used to store, modify and communicate information. It includes the Internet but also other information systems that support businesses, infrastructure and services.

A wide range of hostile actors use cyber to target the UK. They include foreign states, criminals, “hacktivist” groups and terrorists. The resources and capabilities of such actors vary. Foreign states are generally equipped to conduct the most damaging cyber espionage and computer network attacks.

Hostile actors conducting cyber espionage can target the government, military, business and individuals. They use computer networks, for example, to steal large volumes of sensitive data undetected. This might include intellectual property, research and development projects, strategic data on a company’s merger and acquisition plans, or any other information that the owner might want to protect.

Couple of weeks ago, in an unprecedented statement, the foreign secretary, Jeremy Hunt said the National Cyber Security Centre (NCSC) had found that a number of hackers widely known to have been conducting attacks around the world were covers for the Russian GRU intelligence service. He added that their attacks had been undertaken with the consent and knowledge of the Kremlin. The Foreign Office attributed six specific attacks to GRU-backed hackers and identified 12 hacking group code names as fronts for the GRU – Fancy Bear, Voodoo Bear, APT28, Sofacy, Pawnstorm, Sednit, Cyber Caliphate, Cyber Berku, Black Energy Actors, STRONTIUM, Tsar Team and Sandworm. These names have also been confirmed by National Cyber Security Center (NCSC) too. In the recent statements, GRU has been directly targeted which is Russia’s Military Intelligence. In its statement, Britain for the first time identified four cyber-attacks as Russian-sourced. They include an October 2017 attack through Bad Rabbit ransom ware that rendered IT inoperable, causing disruption to the Kiev metro, Odessa airport, Russia’s central bank and two Russian media outlets.

Further attacks attributed to Russia for the first time are the 2017 hacking of confidential medical files of international athletes under the control of the World Anti-Doping Agency, attacks on a small, still functioning British-based TV station and finally the 2016 hacking of the Democratic National Committee, which was used to take thousands of internal party emails published by outlets including Wiki Leaks during that year’s US presidential election campaign.

GRU is Russia’s Military Intelligence agency. It is also Russia’s largest foreign intelligence agency. Most of the times people mistake GRU for Russian KGB which is wrong. Let me clarify it for my readers that GRU did exist during the Soviet Union era alongside KGB but it did split from it in 1991 and since then has been working as Russia’s main military intelligence agency. GRU’s agents are mostly serving military officers, with some under civilian, diplomatic or business cover inside and outside Russia. The GRU generally operates independently but in some cases it liaises with other Russian agencies.

For the knowledge of my readers, I may also shed some light on Five Eyes Intelligence Alliance that has declared Russia and GRU a cyber security threat on numerous occasions. The Five Eyes (FVEY) brings the UK, the United States, Canada, Australia and New Zealand into the world’s most complete and comprehensive intelligence alliance. For more than 70 years now, the once-secret post-war alliance of the five English-speaking nations has been an infrastructure of surveillance with a global reach and ageing is not a problem for the FVEY, which remains one of the most complex and far-reaching intelligence and espionage alliances in our history.

On 16th April 2018 a joint statement by US and UK was given where they stated that they have been tracking Russian cyber attacks for the last 20 years or so. Infact Russia is not the only country blamed for Cyber attack in UK. The British authorities blamed North Korea in December 2017 for a cyber attack on UK health services. In March 2018 Iran was blamed to hack British universities and China based groups to hack think tanks in 2017. In  April 2018 ISIS was blamed for specific cyber attacks.

Diplomatic tensions between UK and Russia started since the positioning of Russian double agent Sergei Skrip and his daughter in Salisbury this year. Russians are also blamed by Five eyes including UK for interfering with elections in different countries and also for damaging Russian companies. UK has blamed that Russia and GRU has no regard for international laws.

After Salisbury incident British Prime Minister Theresa May said that a counter Cyber Attack against Russia could be one option for retaliation in a threat. Extensive measure could be unleashed against Russia including sanctions, expelling diplomats etc,. UK has already already expelled 23 Russian diplomats. As per the Prime Minister other options are also on the table.

In case if British Government decides to launch its counter strategy, the potential targets would be;

  1. Russian state sponsored media
  2. Govt websites and internet connectivity infrastructure
  3. Dark web associated with Russian mafia and organised crime gangs

 According to recent figures, UK is investing £1.9 billion per year on cyber security. One thing must be understood by all that it is absolutely impossible to provide total protection against cyber threats and attacks. This is exactly what was said by the Chief of NCSC in January 2018. Infact General Sir Nick Carter, Chief of Defence Staff, in the same week had highlighted the growing threat posed from cyber attacks, in particular from Russia , both on the battleground and on civilian services. Figures for cyber-attacks since the NCSC opened through to December last year underlined the pressure building on the UK from hackers. The NCSC recorded 34 C2 attacks, with Wanna Cry the most disruptive of these, and 762 slightly less serious C3 ones.

The main cyber threat to UK is twofold:

  1. Cyber operations (internet services, online banking, phones to tablets at homes, transport and health etc and a cyber attack could critically disrupt lives).  Britain’s power and water supplies, internet and transport networks, and health services may also get affected as a result of a cyber attack;
  2. Information operations (manipulate social media feeds, plant fake news stories, blast tv and radio channels with propaganda etc. A lot of it could be achieved by stealth with stories manipulated in a pinpoint, targeted fashion at critical political junctures;
  3. Russian state-sponsored cyber actors have conducted both broad-scale and targeted scanning of Internet address spaces. Such scanning allows this actor to identify enabled Internet-facing ports and services, conduct device fingerprinting and discover vulnerable network infrastructure devices;
  4. The targets of this malicious cyber activity are primarily government and private-sector organisations, critical infrastructure providers and the Internet Service Providers (ISPs) supporting these sectors. Specifically, these cyber exploits were directed at network infrastructure devices worldwide such as routers, switches, firewalls, Network Intrusion Detection System (NIDS).

Russian cyber actors leverage several legacy or weak protocols and service ports associated with network administrations activities. These tactics can be used to identify vulnerable devices, obtain log in credentials, masquerade as privileged users, modify device firmware, copy or redirect victim traffic throughout Russian cyber-actor-controlled infrastructure and several other malicious activities.

“Absolute protection is neither possible nor desirable; it’s about having more resilience in the systems we care about the most, those where loss of service would have the most impact on our way of life”  says Martin who is CEO of National Cyber Security Center.

Nevertheless, GCHQ, NCSC (National Cyber Security Center), CiSP (Cyber Security Information Sharing Partnership), ROCU (Regional Organized Crime Units) and Joint Cyber Reserve Force (JCRF) are the various departments that deal with cyber threats in UK.

The following steps must be taken by the Government towards UK cyber security;

  1. Monitor more exposed parts of their digital assets
  2. Cut down on functionality that can be exploited
  3. Set up intelligence gathering from wide sources
  4. Early warning system
  5. Senior representatives from utility, transport and internet firms in addition to the NHS are believed to have attended intelligence briefings at the National Cyber Security Centre (NCSC) on the specific methods being used by Russia to target Britain’s national infrastructure,
  6. Government must take steps to Improve defence, improve detection capability, improve response capability and make proper incident management plans.
  7. The Government must conduct a cyber risk assessment of its supply chain on a regular basis
  8. Mitigate the impacts of successful attacks

Last but not the least, The Five Eyes alliance – Australia, Canada, New Zealand, the United Kingdom and the United States – is deepening its coordination while increasing consultations with other nations to combat Chinese and Russian influence operations and investment. Although new countries have not been invited to Five Eyes meetings, the alliance is seeking to share its intelligence with partners such as France, Germany and Japan in order to counter foreign interference.

The group released a joint technical alert that provides information on five publicly available malicious cyber tools, including where and when they have been deployed. Although cyber threats rapidly develop their own capabilities, they often still use established tools and techniques. Highlighting that the list is by no means exhaustive, the alert gives general advice to system defenders on how to detect these tools and limit their effectiveness, and how to improve network defense practices.

Mohammad Touseef FTIC GGA is the Director General of Westminster Center for Strategy and Research.

Facebook Comments
16 Comments

16 Comments

  1. Top Rated Carpet Cleaners milwaukee

    January 19, 2019 at 6:30 pm

    you’re in reality a just right webmaster. The web site loading speed is incredible. It seems that you’re doing any unique trick. In addition, The contents are masterpiece. you’ve performed a magnificent job on this matter!

  2. Top Rated Carpet Cleaners milwaukee

    January 19, 2019 at 6:08 pm

    Its like you read my mind! You appear to know a lot about this, like you wrote the book in it or something. I think that you could do with a few pics to drive the message home a bit, but instead of that, this is great blog. An excellent read. I’ll definitely be back.

  3. Top Rated Carpet Cleaning MILWAUKEE

    January 19, 2019 at 2:16 pm

    Hello! Someone in my Facebook group shared this site with us so I came to check it out. I’m definitely enjoying the information. I’m book-marking and will be tweeting this to my followers! Terrific blog and amazing design and style.

  4. Best Video Carpet Cleaning Milwaukee

    January 19, 2019 at 1:16 pm

    Greetings! I know this is kind of off topic but I was wondering which blog platform are you using for this site? I’m getting sick and tired of WordPress because I’ve had problems with hackers and I’m looking at options for another platform. I would be fantastic if you could point me in the direction of a good platform.

  5. Video Carpet Cleaners MILWAUKEE

    January 19, 2019 at 12:15 pm

    Nice blog! Is your theme custom made or did you download it from somewhere? A design like yours with a few simple tweeks would really make my blog jump out. Please let me know where you got your design. Kudos

  6. seo santa barbara

    January 7, 2019 at 6:18 pm

    What’s Happening i’m new to this, I stumbled upon this I have found It absolutely useful and it has aided me out loads. I hope to contribute & help other users like its aided me. Good job.

  7. best seo santa barbara

    January 7, 2019 at 4:57 pm

    I simply needed to thank you so much once more. I am not sure the things I could possibly have worked on without the tricks provided by you relating to such concern. It had been a distressing issue for me personally, nevertheless taking note of the very skilled form you resolved the issue made me to weep for contentment. Extremely happier for this guidance and in addition hope you are aware of a powerful job you are always getting into teaching people today via your website. Most likely you haven’t got to know all of us.

  8. seo

    January 7, 2019 at 11:10 am

    Hmm is anyone else experiencing problems with the pictures on this blog loading? I’m trying to find out if its a problem on my end or if it’s the blog. Any feed-back would be greatly appreciated.

  9. seo

    January 7, 2019 at 8:10 am

    We are a group of volunteers and starting a new scheme in our community. Your site provided us with valuable information to work on. You have done a formidable job and our whole community will be thankful to you.

  10. best seo

    December 30, 2018 at 3:31 am

    You actually make it appear really easy together with your presentation however I to find this topic to be actually one thing that I think I’d by no means understand. It sort of feels too complicated and very huge for me. I am looking forward to your next publish, I will try to get the cling of it!

  11. best seo

    December 28, 2018 at 9:30 am

    Hi there, just became aware of your blog through Google, and found that it’s truly informative. I’m going to watch out for brussels. I’ll appreciate if you continue this in future. Lots of people will be benefited from your writing. Cheers!

  12. seo

    December 27, 2018 at 11:13 pm

    obviously like your web-site but you need to check the spelling on quite a few of your posts. Several of them are rife with spelling issues and I find it very troublesome to tell the truth nevertheless I will definitely come back again.

  13. best seo

    December 27, 2018 at 12:14 pm

    Wow! Thank you! I continually needed to write on my site something like that. Can I implement a part of your post to my website?

  14. best seo

    December 26, 2018 at 10:29 pm

    Thank you for the sensible critique. Me & my neighbor were just preparing to do a little research about this. We got a grab a book from our local library but I think I learned more from this post. I am very glad to see such magnificent info being shared freely out there.

  15. seo santa barbara

    December 24, 2018 at 8:41 pm

    Hello there, I discovered your blog by way of Google even as looking for a related matter, your website got here up, it appears to be like great. I’ve bookmarked it in my google bookmarks.

  16. com dating

    November 1, 2018 at 8:53 am

    I travel all around the world for work, and it used to be really lonely. Now I can go onto Tinder and have a date lined up in a new city before I even get out of the airport!

Leave a Reply

Your email address will not be published. Required fields are marked *

To Top
Shares