Fraud Management & Cybercrime , Geo Focus: The United Kingdom , Geo-Specific
Ransomware Attacks Pose Biggest Threat to UK Organizations
Security Agency Says 18 Incidents in 2022 Needed Nationally Coordinated MitigationRansomware attacks against U.K. hospitals and schools remained the biggest cybersecurity threat facing country in 2022, the country’s cybersecurity agency warns, adding that these attacks are likely to surge in the coming months.
See Also: 3 Ultimate Strategies for Ransomware Prevention in UK's Public Sector and Education
While the United Kingdom witnessed an uptick in various attacks, including low-level tactics such as spear-phishing, ransomware attacks against its critical infrastructure persisted throughout the year, with 18 incidents in the country requiring national-level coordination to mitigate the malware from systems.
These include the attacks on attacks on a supplier to the country’s national emergency helpline, and a water supply company at South Staffordshire, according to the 2022 cyber threat report released by the National Cyber Security Centre.
The NCSC attributes the uptick in ransomware attacks to the proliferation of ransomware-as-a-service groups, which it says are empowering lower-skilled attackers and group affiliates that normally lack the expertise to deploy sophisticated malware. These services have opened multiple attack vectors to a broader range of hackers, NCSC says.
Further, less sophisticated hackers are now equipping themselves with advanced intrusion software such as military-grade spyware and off-the-shelf cyber surveillance products that are readily available through various cybercrime markets. These capabilities have “lowered the entry into cybercrime” and will directly contribute to ransomware extortion and corporate espionage attacks against U.K. businesses.
"Ransomware remains the most acute threat that businesses and organizations in the U.K. face. These attacks have real-world consequences and it is vital that organizations treat them as a genuine, board-level risks toCon be managed. " says Lindy Cameron, CEO of the National Cyber Security Centre.
The 2021 discovery of the Log4J vulnerability, which ransomware hackers began actively weaponizing within months of its disclosure, is another important attack vector contributing to the rise in ransomware attacks, the agency adds. The JavaScript flaw affects multiple software versions and enables remote code execution when exploited.
TellYouThePass, Conti and Khonsari are among the ransomware groups that have successfully weaponized Log4j to target victims across the world.
The NCSC also says geopolitical tensions related to the Russian invasion of Ukraine are a another factor behind the rise of ransomware attacks.
"Most of the ransomware criminal groups that target the U.K. continue to be based in and around Russia," NCSC says. "While it is not clear the degree to which these ransomware groups are directed by the Kremlin, those operating from within Russia’s borders benefit from the tacit consent of the Russian state."
In the majority of ransomware attacks observed in the U.K. in the past year, the hackers primarily relied on the data extortion model to pressure victims to pay more ransom. In response, the NCSC is urging businesses and other ransomware victims to not pay the ransom to discourage future attacks.