The UK's National Cyber Security Centre (NCSC) - part of GCHQ and the UK's technical authority for cyber threats - dealt with 723 serious incidents between September 2019 and the end of August 2020, a 20% increase on the 602 it handled the year before. More than 200 of these incidents were related to the coronavirus, according to the NCSC's latest annual review.

The review reveals how the NCSC took decisive action against malicious actors in the UK and abroad "who saw the UK's digital lifelines as vectors for espionage, fraud and ransomware attacks", states Penny Mordaunt MP, Paymaster General, in a ministerial foreword. "The NCSC helped to protect NHS Trusts, the Nightingale hospitals and vital NHS systems, ensuring they were able to function remotely, in spite of coronavirus. In this year of complex challenges, the NCSC continues to react to swiftly evolving cyber threats."

SAFETY AT HOME
When many organisations moved to remote working because of coronavirus, the NCSC responded with new guidance on how to help employees work and communicate securely from home. As organisations moved their business online at pace, advisories were issued about how cyber criminals were seeking to exploit the pandemic for profit, and guidance was updated on how to spot and deal with suspicious emails, calls and texts (including coronavirus-based scams).

With more people using personal devices for work purposes came an increased vulnerability to cyber fraud, as criminals sought to exploit the changing circumstances. Some scams, frequently using phishing emails, claimed to have a 'cure' for coronavirus, or sought donations to bogus medical charities. Many users found that clicking a bad link led to malware infection, loss of data and passwords.

In the review, Lindy Cameron, new CEO of the NCSC, offers an inner eye on how the centre has responded to the cyber challenge. "We scanned more than one million NHS IP addresses for vulnerabilities and our cyber expertise underpinned the creation of the UK's coronavirus tracing app. An innovative approach to removing online threats was created through the 'Suspicious Email Reporting Service' - leading to more than 2.3 million reports of malicious emails being flagged by the British public. Many of the 22,000 malicious URLs taken down as a result related to coronavirus scams, such as pretending to sell PPE equipment to hide a cyber-attack.

Jeremy Fleming, director GCHQ, points to how the world changed in 2020, as did the balance of threats we are seeing. "As this review shows, the expertise of the NCSC, as part of GCHQ, has been invaluable in keeping the country safe: enabling us to defend our democracy, counter high levels of malicious state and criminal activity, and protect against those who have tried to exploit the pandemic. The years ahead are likely to be just as challenging, but I am confident that in the NCSC we have developed the capabilities, relationships and approaches to keep the UK at the forefront of global cyber security."

Jonathan Miles, Mimecast: the healthcare sector simply cannot afford poor cybersecurity.

RIPE FOR TARGETING
Nick Emanuel, senior director of product, Webroot, says it is unfortunate that the NHS has been a common target for cybercriminals throughout Covid-19, but that it's also not surprising. "The vast attack surface of such a large and diverse organisation is one factor, but the value in their data is another. The sheer size and scope of the healthcare industry, its complex supply chain, and the fact that the public sector uses many contractors and outside parties, makes it a difficult task to manage and secure."

Although the sector is particularly vulnerable to ransomware, Webroot believes the biggest concern here is the use of stolen data as a means to enable further attacks. "It is much easier to fool victims with a phishing email once you know details about them and their colleagues," states Emanuel. "We expect this to continue. As 2021 brings forward the first vaccines to fight Covid-19, cyber criminals will exploit the lack of trusted information and the widespread use of phone-based medical appointments to target businesses and consumers in phishing attacks and BEC [Business Email Compromise] scams.

"To mitigate future attacks and build cyber resilience, organisations need to ensure that adequate defences are in place. Staff training is essential for defending against phishing attacks, so they know what to look out for. The training materials used also need to be constantly updated to reflect the latest threat trends and regular simulations should be run to ensure that the training is having the desired effect."

Lindy Cameron, National Cyber Security Centre: we scanned more than one million NHS IP addresses for vulnerabilities.

FINANCIAL PAY-OFF
"Ransomware-focused cyber threat actors are evidently pursuing methodologies where they believe the financial payoff will be the most beneficial," says Jonathan Miles, senior threat intelligence analyst at Mimecast. "This means they look for a combination of ease of entry, meaning relatively weak security programmes, combined with a high willingness and ability to pay. These threat actors have increasingly found this combination in the healthcare industry, a sector that is highly dependent on IT to run its operations and in possession of some of the most sensitive data, which is very profitable for hackers' financially motivated criminal activity."

For healthcare organisations, the financial impact of these attacks is only the tip of the iceberg, he adds, with hackers holding confidential data hostage also preventing practitioners to access the patient files, resulting in delayed treatment - or worse. "Healthcare also plays a fundamental role in supporting a nation and is considered part of its critical national infrastructure. With its heightened importance during a global pandemic, it has rapidly become a very attractive target for nefarious actors intent on exploiting a time of confusion and uncertainty."

Cybercriminals know that denying the services of the healthcare sector at this time will have massive ramifications. "By denying services or the efficiency of the healthcare sector, a hostile actor can be seen as subverting a nation through undermining the healthcare aperture, and degrading efficiency, reputation and trust," adds Miles. "There is also a possibility that, in attacking a healthcare organisation that is part of a wider network of infrastructure, it may be possible to pivot to other critical facilities."

CYBERSECURITY VIGILANCE
More than any other industry, the healthcare sector simply cannot afford poor cybersecurity. "For those organisations that are subjected to a ransomware attack, the consequences stretch beyond the breach, compromise and financial penalties," he cautions. "A longer lasting outcome is the reputational damage that the brand will be tarnished with. When a breach has been identified, it requires time and effort to contain the impact and mitigate the damage. This can cause a significant strain on resources, focus, people hours and funding that could have been used elsewhere."