Articles

Business Security is National Security – Cyber Attacks in UK

According to UK’s National Cyber Security Center (NCSC), the cyber security arm of GCHQ,  Britain will be hit by a life-threatening “category 1” cyber emergency in the near future. The NCSC’s annual review revealed it is currently repelling around 10 attempted cyber attacks every week, with “hostile states” said to be responsible for the bulk of thwarted strikes.

MI5, UK’s internal secret service defines “Cyberspace” as the term used to describe the electronic medium of digital networks used to store, modify and communicate information. It includes the Internet but also other information systems that support businesses, infrastructure and services.

A wide range of hostile actors use cyber to target the UK. They include foreign states, criminals, “hacktivist” groups and terrorists. The resources and capabilities of such actors vary. Foreign states are generally equipped to conduct the most damaging cyber espionage and computer network attacks.

Hostile actors conducting cyber espionage can target the government, military, business and individuals. They use computer networks, for example, to steal large volumes of sensitive data undetected. This might include intellectual property, research and development projects, strategic data on a company’s merger and acquisition plans, or any other information that the owner might want to protect.

Couple of weeks ago, in an unprecedented statement, the foreign secretary, Jeremy Hunt said the National Cyber Security Centre (NCSC) had found that a number of hackers widely known to have been conducting attacks around the world were covers for the Russian GRU intelligence service. He added that their attacks had been undertaken with the consent and knowledge of the Kremlin. The Foreign Office attributed six specific attacks to GRU-backed hackers and identified 12 hacking group code names as fronts for the GRU – Fancy Bear, Voodoo Bear, APT28, Sofacy, Pawnstorm, Sednit, Cyber Caliphate, Cyber Berku, Black Energy Actors, STRONTIUM, Tsar Team and Sandworm. These names have also been confirmed by National Cyber Security Center (NCSC) too. In the recent statements, GRU has been directly targeted which is Russia’s Military Intelligence. In its statement, Britain for the first time identified four cyber-attacks as Russian-sourced. They include an October 2017 attack through Bad Rabbit ransom ware that rendered IT inoperable, causing disruption to the Kiev metro, Odessa airport, Russia’s central bank and two Russian media outlets.

Further attacks attributed to Russia for the first time are the 2017 hacking of confidential medical files of international athletes under the control of the World Anti-Doping Agency, attacks on a small, still functioning British-based TV station and finally the 2016 hacking of the Democratic National Committee, which was used to take thousands of internal party emails published by outlets including Wiki Leaks during that year’s US presidential election campaign.

GRU is Russia’s Military Intelligence agency. It is also Russia’s largest foreign intelligence agency. Most of the times people mistake GRU for Russian KGB which is wrong. Let me clarify it for my readers that GRU did exist during the Soviet Union era alongside KGB but it did split from it in 1991 and since then has been working as Russia’s main military intelligence agency. GRU’s agents are mostly serving military officers, with some under civilian, diplomatic or business cover inside and outside Russia. The GRU generally operates independently but in some cases it liaises with other Russian agencies.

For the knowledge of my readers, I may also shed some light on Five Eyes Intelligence Alliance that has declared Russia and GRU a cyber security threat on numerous occasions. The Five Eyes (FVEY) brings the UK, the United States, Canada, Australia and New Zealand into the world’s most complete and comprehensive intelligence alliance. For more than 70 years now, the once-secret post-war alliance of the five English-speaking nations has been an infrastructure of surveillance with a global reach and ageing is not a problem for the FVEY, which remains one of the most complex and far-reaching intelligence and espionage alliances in our history.

On 16th April 2018 a joint statement by US and UK was given where they stated that they have been tracking Russian cyber attacks for the last 20 years or so. Infact Russia is not the only country blamed for Cyber attack in UK. The British authorities blamed North Korea in December 2017 for a cyber attack on UK health services. In March 2018 Iran was blamed to hack British universities and China based groups to hack think tanks in 2017. In  April 2018 ISIS was blamed for specific cyber attacks.

Diplomatic tensions between UK and Russia started since the positioning of Russian double agent Sergei Skrip and his daughter in Salisbury this year. Russians are also blamed by Five eyes including UK for interfering with elections in different countries and also for damaging Russian companies. UK has blamed that Russia and GRU has no regard for international laws.

After Salisbury incident British Prime Minister Theresa May said that a counter Cyber Attack against Russia could be one option for retaliation in a threat. Extensive measure could be unleashed against Russia including sanctions, expelling diplomats etc,. UK has already already expelled 23 Russian diplomats. As per the Prime Minister other options are also on the table.

In case if British Government decides to launch its counter strategy, the potential targets would be;

  1. Russian state sponsored media
  2. Govt websites and internet connectivity infrastructure
  3. Dark web associated with Russian mafia and organised crime gangs

 According to recent figures, UK is investing £1.9 billion per year on cyber security. One thing must be understood by all that it is absolutely impossible to provide total protection against cyber threats and attacks. This is exactly what was said by the Chief of NCSC in January 2018. Infact General Sir Nick Carter, Chief of Defence Staff, in the same week had highlighted the growing threat posed from cyber attacks, in particular from Russia , both on the battleground and on civilian services. Figures for cyber-attacks since the NCSC opened through to December last year underlined the pressure building on the UK from hackers. The NCSC recorded 34 C2 attacks, with Wanna Cry the most disruptive of these, and 762 slightly less serious C3 ones.

The main cyber threat to UK is twofold:

  1. Cyber operations (internet services, online banking, phones to tablets at homes, transport and health etc and a cyber attack could critically disrupt lives).  Britain’s power and water supplies, internet and transport networks, and health services may also get affected as a result of a cyber attack;
  2. Information operations (manipulate social media feeds, plant fake news stories, blast tv and radio channels with propaganda etc. A lot of it could be achieved by stealth with stories manipulated in a pinpoint, targeted fashion at critical political junctures;
  3. Russian state-sponsored cyber actors have conducted both broad-scale and targeted scanning of Internet address spaces. Such scanning allows this actor to identify enabled Internet-facing ports and services, conduct device fingerprinting and discover vulnerable network infrastructure devices;
  4. The targets of this malicious cyber activity are primarily government and private-sector organisations, critical infrastructure providers and the Internet Service Providers (ISPs) supporting these sectors. Specifically, these cyber exploits were directed at network infrastructure devices worldwide such as routers, switches, firewalls, Network Intrusion Detection System (NIDS).

Russian cyber actors leverage several legacy or weak protocols and service ports associated with network administrations activities. These tactics can be used to identify vulnerable devices, obtain log in credentials, masquerade as privileged users, modify device firmware, copy or redirect victim traffic throughout Russian cyber-actor-controlled infrastructure and several other malicious activities.

“Absolute protection is neither possible nor desirable; it’s about having more resilience in the systems we care about the most, those where loss of service would have the most impact on our way of life”  says Martin who is CEO of National Cyber Security Center.

Nevertheless, GCHQ, NCSC (National Cyber Security Center), CiSP (Cyber Security Information Sharing Partnership), ROCU (Regional Organized Crime Units) and Joint Cyber Reserve Force (JCRF) are the various departments that deal with cyber threats in UK.

The following steps must be taken by the Government towards UK cyber security;

  1. Monitor more exposed parts of their digital assets
  2. Cut down on functionality that can be exploited
  3. Set up intelligence gathering from wide sources
  4. Early warning system
  5. Senior representatives from utility, transport and internet firms in addition to the NHS are believed to have attended intelligence briefings at the National Cyber Security Centre (NCSC) on the specific methods being used by Russia to target Britain’s national infrastructure,
  6. Government must take steps to Improve defence, improve detection capability, improve response capability and make proper incident management plans.
  7. The Government must conduct a cyber risk assessment of its supply chain on a regular basis
  8. Mitigate the impacts of successful attacks

Last but not the least, The Five Eyes alliance – Australia, Canada, New Zealand, the United Kingdom and the United States – is deepening its coordination while increasing consultations with other nations to combat Chinese and Russian influence operations and investment. Although new countries have not been invited to Five Eyes meetings, the alliance is seeking to share its intelligence with partners such as France, Germany and Japan in order to counter foreign interference.

The group released a joint technical alert that provides information on five publicly available malicious cyber tools, including where and when they have been deployed. Although cyber threats rapidly develop their own capabilities, they often still use established tools and techniques. Highlighting that the list is by no means exhaustive, the alert gives general advice to system defenders on how to detect these tools and limit their effectiveness, and how to improve network defense practices.

Mohammad Touseef FTIC GGA is the Director General of Westminster Center for Strategy and Research.

Facebook Comments
17 Comments

17 Comments

  1. Avatar

    http://tinyurl.com

    June 17, 2019 at 12:30 pm

    I don’t know if it’s just me or if perhaps everyone else experiencing issues with your blog.
    It appears as if some of the text within your posts are running off
    the screen. Can somebody else please comment and let me know if this is
    happening to them too? This could be a issue with my browser because I’ve
    had this happen previously. Thanks

  2. Avatar

    quest bars

    June 16, 2019 at 2:19 pm

    Amazing blog! Do you have any tips for aspiring writers? I’m hoping to
    start my own site soon but I’m a little lost on everything.
    Would you propose starting with a free platform like WordPress or go for a paid option? There are so many choices out there that I’m
    totally overwhelmed .. Any tips? Bless you!

  3. Avatar

    quest bars cheap

    June 15, 2019 at 5:37 am

    Hey! I know this is kinda off topic nevertheless I’d figured I’d ask.
    Would you be interested in trading links or maybe guest authoring a blog article or vice-versa?

    My site goes over a lot of the same subjects as yours
    and I believe we could greatly benefit from each other.
    If you are interested feel free to send me an e-mail. I look forward to hearing from you!
    Fantastic blog by the way!

  4. Avatar

    xin zhao build

    June 14, 2019 at 11:30 pm

    Thanks for this website. I definitely agree with what you are saying.

  5. Avatar

    poke key for pokebot free

    June 8, 2019 at 3:14 pm

    I really enjoy examining on this page , it has got great posts .

  6. Avatar

    ps4 games release

    June 7, 2019 at 6:48 pm

    It’s going to be finish of mine day, but before ending I am reading
    this fantastic post to increase my knowledge.

  7. Avatar

    germantown carpet cleaning services

    June 7, 2019 at 12:19 am

    I have been absent for a while, but now I remember why I used to love this blog. Thank you, I will try and check back more frequently. How frequently you update your web site?

  8. Avatar

    It is best to participate in a contest for among the finest blogs on the web. I will suggest this web site!

  9. Avatar

    germantown carpet cleaners near me

    June 6, 2019 at 11:04 pm

    I wanted to compose you a little word to be able to say thanks the moment again for those lovely tactics you have discussed on this page. This has been simply incredibly open-handed of you to make publicly precisely what many people would have offered for an e-book to generate some dough on their own, chiefly given that you could have tried it if you considered necessary. Those ideas likewise worked like a great way to understand that other people online have similar interest just as mine to realize way more in regard to this condition. I’m certain there are some more fun situations ahead for folks who examine your blog post.

  10. Avatar

    germantown best carpet cleaning services

    June 6, 2019 at 10:22 pm

    Lovely blog! I am loving it!! Will be back later to read some more. I am bookmarking your feeds also.

  11. Avatar

    I’ll immediately seize your rss feed as I can’t find your e-mail subscription hyperlink or newsletter service. Do you’ve any? Kindly permit me recognise so that I could subscribe. Thanks.

  12. Avatar

    Workers Compensation Attorney

    June 6, 2019 at 4:48 pm

    As a Newbie, I am always exploring online for articles that can benefit me. Thank you

  13. Avatar

    GYc2VM9W_l0

    June 6, 2019 at 4:08 pm

    I have learn several good stuff here. Certainly worth bookmarking for revisiting. I wonder how a lot attempt you put to make this kind of magnificent informative web site.

  14. Avatar

    youtube

    June 6, 2019 at 3:21 pm

    I’m not sure why but this site is loading incredibly slow for me. Is anyone else having this issue or is it a problem on my end? I’ll check back later on and see if the problem still exists.

  15. Avatar

    Workers Compensation Attorney

    June 6, 2019 at 2:29 pm

    hi!,I really like your writing very a lot! percentage we communicate extra approximately your post on AOL? I require a specialist in this space to resolve my problem. Maybe that’s you! Having a look forward to peer you.

  16. Avatar

    I’ve been browsing online more than 3 hours these days, but I never found any interesting article like yours. It’s lovely value sufficient for me. In my view, if all website owners and bloggers made just right content material as you did, the web shall be a lot more useful than ever before.

  17. Avatar

    van su

    June 2, 2019 at 3:31 am

    Hi to every body, it’s my first pay a quick visit of this website; this web site carries remarkable and in fact excellent material in favor of readers.|

Leave a Reply

Your email address will not be published. Required fields are marked *

To Top
Shares