Coronavirus: UK vaccine programmes face ongoing threat of cyber attacks by hostile states

Cyberattacks by Russia and other hostile states present an “ongoing threat” to the UK’s work to develop a coronavirus vaccine, officials have said.

The National Cyber Security Centre (NCSC) dealt with a record of 723 incidents in the year to September, with a quarter related to the Covid-19 pandemic.

The potential success of vaccines, such as those being developed by Oxford University and Imperial College London, will be key to lowering the death toll and exiting lockdowns.

Paul Chichester, the NCSC’s director of operations, said cyberattacks by hostile states were focused on vaccine research, while criminal groups were also targeting hospitals and healthcare bodies.

“It’s an ongoing threat and it continues to date,” he told a press conference.

“We know states are interested in a variety of elements of the vaccine work – the research behind it is part of that but also knowledge around the success, the trial data.

“It’s also about the likelihood of the supply chain being successful, and a variety of different elements of the vaccine as we move from doing the research to the delivery and supply of it.

“States are trying to understand how the UK is prepared for that.”

The warning came amid two ongoing trials of potential coronavirus vaccines in Britain – one developed by US biotechnology company Novavax and one by the University of Oxford.

In July, the NCSC said a Russian hacking group was targeting vaccine research in the UK, US and Canada.

It said APT29, also named “the Dukes” or “Cozy Bear”, were part of Russia’s intelligence services and target organisations involved in both national and international Covid-19 responses.

The group uses a variety of tools and techniques, including spear-phishing and custom malware known as “WellMess” and “WellMail”.

The NCSC said criminal groups were also targeting hospital and healthcare authorities for profit, including with ransomware that locks computer networks and files.

Analysts said a new trend was seeing criminal groups threaten to release illegally obtained information if money is not paid, rather than just withholding it from victims.

Covid-related cyberattacks can also target organisations outside the health sector, including local authorities, critical national infrastructure and supermarkets.

Mr Chichester said criminals were “looking to disrupt organisations that are critical to the UK's coronavirus response”.

“Those are organisations that criminals think are likely to generate revenue and will be keen to pay,” he added.

The NHS has invested in technology upgrades since the 2017 WannaCry ransomware attack, which crippled services across the UK that had not installed Microsoft security updates.

Since the start of the coronavirus pandemic, the NCSC has also been actively searching for suspicious activity and sharing “indicators of compromise” and vulnerabilities with the NHS.

Its annual report, released on Tuesday, said that coronavirus had also been used by cyber criminals to lure victims into clicking on suspicious links or handing over their details.

Since March, it has taken down more than 15,300 Covid-related scams, including fake shops selling fake protective equipment, test kids and vaccines.

In total, the NCSC handled an average of 60 attacks a month over the past year.

Of the 723 incidents between 1 September 2019 and 31 August 31, 194 related to coronavirus.

The body, which is an arm of the GCHQ intelligence agency, also undertook work to defend the last general election from influence attempts and help parliament function securely online during the pandemic.

Jeremy Fleming, the director of GCHQ, said: “The world changed in 2020 and so did the balance of threats we are seeing.

“As this review shows, the expertise of the NCSC, as part of GCHQ, has been invaluable in keeping the country safe: enabling us to defend our democracy, counter high levels of malicious state and criminal activity, and protect against those who have tried to exploit the pandemic.”