The National Cyber Security Centre (NCSC) has highlighted in their annual review that hackers targeted the University of Oxford’s Covid vaccine research this year.
Their review shows that the health sector has been experiencing record hack attempts, with 777 cases recorded between August 2020 and September 2021. This is an increase from the 723 incidents recorded in 2020.
The NCSC, part of the Government Communications Headquarters (GCHQ), revealed that one in five incidents were aimed at organisations with connections to health, with particular targeting of coronavirus vaccine research.
Additional cyber-protection support has been provided by the NCSC to those working in the health sector, from NHS workers to vaccine researchers.
Researchers at the University of Oxford received help from the NCSC this year after security experts alerted them to a threat from ransomware which had the potential to significantly disrupt the progress of the Oxford/AstraZeneca vaccine.
Ransomware, an area of growing concern, is a form of cyber-attack where the criminal or hostile state locks a user out of their data and demands a ransom for the return of their data. However, in some cases, even if the money is paid, not all data is returned to the victim of the attack.
The NCSC’s Active Cyber Defence (ACD) programme removed 2.3 million cyber-enabled commodity campaigns; this included 442 phishing campaigns using NHS branding.
The growth in reported incidents is in part due to “the organisation’s ongoing work to proactively identify threats through the work of its Threat Operations and Assessment teams,” the NCSC has said.
Earlier this year, NCSC Chief Executive, Lindy Cameron, warned that criminals and state-backed groups would use the pandemic as an opportunity for cyber-attacks; both in targeting information around vaccines and creating fear. She said, “some groups may also seek to use this information to undermine public trust in government responses to the pandemic, and criminals are now regularly using Covid-themed attacks as a way of scamming the public.”
The transition to remote work and use of third-party computing and cloud services has created an opportunity for criminals to target businesses during the pandemic, whilst hostile states have an interest in medical and vaccine research, threatening the UK’s medical industry over the past year.
The NCSC also predicts that ransomware attacks, which first gained prominence in 2020, are “almost certain to grow” in the next year.
Cameron, whilst talking about ransomware, highlighted “in my view it is now the most immediate cyber security threat to UK businesses and one that I think should be higher on the boardroom agenda.”
Director of GCHQ, Jeremy Fleming, stated, “This year we have seen countless examples of security threats: from state-sponsored activity to criminal ransomware attacks. It all serves to remind us that what happens online doesn’t stay online – there are real consequences of virtual activity”.
Fleming added that “In the face of rising cyberattacks and an evolving threat, this year’s NCSC’s annual review shows that world-class cyber security, enabled by the expertise of the NCSC as part of GCHQ, continues to be vital to the UK’s safety and prosperity.”
The NCSC has expressed an interest in further international collaboration efforts from law enforcement agencies to target ransomware operators oversees, notably in China and Russia. This comes after talks at the G7 summit which was held in Cornwall earlier this year.
China, the NCSC states, is a “highly sophisticated” operator in cyber space and has been singled out as the biggest threat to Britain’s tech security. They warn in their annual review that “how China evolves in the next decade will probably be the single biggest driver of the UK’s future cyber security”.
A spokesperson from Oxford University said: “We welcome the NCSC annual report which highlights the cyber protections needed around the ground-breaking work of our vaccine researchers. Our information security team have been fortunate to have excellent support from within NCSC. They have provided a real contribution to the cyber protections around the vaccine research throughout the pandemic.”