Northdoor comment:
GCHQ detecting and mitigating high volumes of ransomware and phishing attacks including across NHS trusts
The National Cyber Security Centre (NCSC) annual’s report has highlighted the surge in cyber-attacks between September 2019 to August 2020. In total, there were 723 incidents of all kinds which represents a 10 percent increase on the previous period.
Of those incidents 194 were COVID related threats some of which were nation-state attacks looking for insight into the UK’s progress into a vaccine. However, most of the campaigns the GCHQ division thwarted (15,354 campaigns altogether) were those that used the pandemic as a theme to trick people into clicking on malicious links or opening infected attachments.
Increase in attacks against healthcare organisations
Some of the most disturbing figures came from the types of sectors criminals were targeting during this period. Healthcare and particularly the NHS came very high up the list. We have seen over the past few years an increase in the number of attacks on the NHS, most notably the Wannacry attack in 2018. However, the pandemic has seen attacks new levels, with callous criminals targeting a crucial and yet vulnerable organisation at a time when the public needed it the most. The NCSC said it had scanned more than one million NHS IP addresses to look for vulnerabilities and had shared 51,000 indicators of compromise.
We have also seen earlier in 2020 the NCSC and the US Cybersecurity and Infrastructure Security Agency (CISA) issue advice that Advanced Persistent Threat (APT) actors are targeting organisations involved in the response to coronavirus, exploiting the pandemic as part of their cyber operations.
Healthcare sector must now make cyber security a priority
Whilst the report is a wide-ranging overview of the trends the NCSC has seen over the past year, the fact that it has done so much work trying to protect the NHS points to how not just how important it is currently but also how vulnerable it is.
The sector must now take cyber security seriously. We have seen in Germany prosecutors linking a death to a COVID ransomware attack and if the number of successful attacks continue sadly we might well see the first such incident here in the UK.
There are signs that the NHS is starting to look at security protocol more carefully. For example, it has recently introduced an identity and access management tool called NHS Identity which aims to make authentication to clinical data for health and care professionals easier. However, in order to ensure that this and other new initiatives are communicated effectively to staff to ensure buy-in.
The key is being proactive in defence. Identifying vulnerabilities within infrastructure and ensuring that they are patched means that there is no easy route in.
Access management
The first step for many is to ensure that those with access to key data are secure. As we have seen the NHS has started to take action but other sectors need to also ensure that their identity and access management are up-to-speed.