Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Spies are after UK’s Covid secrets, cyber security chief warns

‘Malicious actors’ trying to access vaccine procurement plans and data on variants

Lizzie Dearden
Security Correspondent
Monday 11 October 2021 13:42 EDT
Comments
NCSC chief executive Lindy Cameron speaking at a conference held at Chatham House, London, on Monday
NCSC chief executive Lindy Cameron speaking at a conference held at Chatham House, London, on Monday (NCSC)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

“Malicious actors” are trying to steal coronavirus vaccination plans and data on new variants, an arm of GCHQ has warned.

The chief executive of the National Cyber Security Agency (NCSC) said the pandemic was likely to cast a “significant shadow” for many years.

Lindy Cameron added: “Malicious actors continue to try and access Covid-related information, whether that is data on new variants or vaccine procurement plans.

“Some groups may also seek to use this information to undermine public trust in government responses to the pandemic, and criminals are now regularly using Covid-themed attacks as a way of scamming the public.”

Ms Cameron was speaking to the Chatham House Cyber 2021 conference on Monday, where she cited Russia, China, Iran and North Korea among countries mounting cyber attacks.

She said another emerging threat was the rise of a “commercial market for sophisticated cyber exploitation products” that could see unregulated software used for unlawful purposes.

The official named NSO Group’s Pegasus suite as an example, after the High Court found it was used by agents of Dubai's ruler Sheikh Mohammed bin Rashid al-Maktoum to hack the phones of his ex-wife and her lawyers.

The allegations, which are denied by Sheikh Mohammed, resulted in NSO Group ending its contract with the United Arab Emirates for breaching its rules.

“Reportedly, customers of NSO Group had marked tens of thousands of global telephone numbers as potential targets,” Ms Cameron said.

“Those with lower capabilities are able to simply purchase techniques and tradecraft – and obviously those unregulated products can easily be put to use by those who don’t have a history of responsible use of these techniques. So we need to avoid a marketplace for vulnerabilities and exploits developing that makes us all less safe.”

How spies hacked US secrets via Solarwinds' Orion software

Ms Cameron told the conference that ransomware, such as the WannaCry cyberattack that struck large parts of the NHS in 2017, still presented the most immediate danger to the UK and can affect businesses, schools, councils and critical national infrastructure.

She predicted that the threat from so-called “supply chain attacks”, where hackers target less secure third-party elements of target organisations, will grow.

An example was the 2020 SolarWinds attack, where hackers used a system used by businesses to manage IT resources to send out corrupted software updates that allowed them access into customers’ systems.

The US government was among SolarWinds customers, and the hackers were able to access emails at the US Treasury, Justice and State departments, as well as other agencies.

The attack was attributed to a Russian state-backed group by the British and American governments.

Ms Cameron said it was a “stark reminder of the need for governments and enterprises to make themselves more resilient, should one of their key technology suppliers be compromised”.

The NCSC chief said the integration of advancing technology into people’s everyday lives presented a “significant challenge”.

“In the coming years, society will benefit hugely from developments that make our lives more efficient and greener, such as smart cities,” she added. “But it is inevitable that our adversaries – whether they are nation-state or cyber criminals – will seek to exploit the opportunities that these changes bring.

“And when they are successful, the potential impacts are much greater than the attacks we see today. So, we must ensure we are in a strong position to safely take advantage of these emerging technologies.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in