The ‘cumulative effect’ of ransomware and the lessons for UK national infrastructure

The ‘cumulative effect’ of ransomware and the lessons for UK national infrastructure

Ransomware has quickly become one of the biggest threats to organisations, and business leaders must get a hold on their infrastructure and ensure they operate with the most stringent security procedures in place. Adam Enterkin, SVP, EMEA, BlackBerry, tells us what the UK should be learning from the recent Colonial Pipeline hack and how we must prepare in order to give ourselves the best chance of protecting data, funds and the daily lives of all those living in the UK.

Ransomware is the biggest threat to British people and businesses.

That’s according to Lindy Cameron, Chief Executive of the UK’s National Cyber Security Centre. In a recent speech, she warned of the ‘cumulative effect’ society would feel if it failed to deal with this rising threat. But what effect is she speaking of?

We need only look to our US neighbours to answer this. The Colonial Pipeline hack in May 2021 pushed gasoline shortages to their worst in three years. Prices skyrocketed, impacting citizens and businesses simply wishing to go about their daily lives. For all this disruption, there was little justice. Its perpetrator, DarkSide, is – by all estimations – still at large and ready to strike again.

Connected infrastructure is at greatest risk

Over the last 10 to 15 years, critical infrastructure has become increasingly connected to the Internet: highly connected hospitals, water and energy systems powered by intelligent sensors, government operations with deep roots in data and many more. This obviously has its benefits: most importantly the ability to be operated remotely. However, this connectivity also means the systems we rely on for our health, power and national security are susceptible to cyber threats. And in this regard, the Colonial Pipeline attack should serve as a wake-up call to those out there that needed one, as well as a reminder to those of us who were already aware of the threat.

All eyes have been on the UK’s critical national infrastructure, and particularly the NHS, since the pandemic began. Defending it is at the heart of the new Integrated Review of the UK’s foreign, defence, security and development policy, which seeks to ensure that those in control of Critical National Infrastructure have the knowledge, strategy and security to combat threat actors bent on bringing it down. But the infancy of this initiative means that some industries are still in the dark regarding the urgency of the threat and how to defend against it.

Ageing critical infrastructure around the globe has long been ripe for attack. Last year, the UK’s National Cyber Security Centre issued a joint warning alongside the US warning of Russian attacks on millions of routers, firewalls and devices used by infrastructure operators and government agencies.

The UK faces increasingly sophisticated threats from private attackers

What makes this situation more perilous is the fact that the Colonial Pipeline shut down was caused by what appears to have been a private party. Typically, cyber warfare tactics such as targeting infrastructure was the realm of nation state actors. An act of aggression not unlike previous ‘pre-Internet’ tactics, and one which would ultimately be traceable to the perpetrator.

This situation punctuates an upward trend in the number of private parties targeting public infrastructure in ransomware attacks. These attacks, which hold information or systems hostage until a sum of money is paid, are growing in complexity, sophistication and frequency globally. In the UK, ransomware attacks surged 80% in just three months following the start of the pandemic.

While it was only a matter of time until ‘outsourcing’ came to the cybercrime business, the success of Ransomware-as-a-Service (RaaS) providers against infrastructure targets is sure to spur imitators and competition. The newfound ability for individuals to seriously impact critical supplies for personal profit is certainly troubling and opens our ageing infrastructure to an even wider pool of threats.

State-sponsored offenses hide behind mercenary groups

However, the rise in skills of these cyber mercenary groups may highlight an even greater long-term risk to all infrastructure. Numerous reports – including BlackBerry’s BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps – show that mercenary groups offering APT-style attacks are becoming more readily available. The tactics, techniques and procedures (TTPs) used in these attacks are beginning to resemble the highly sophisticated state-sponsored campaigns. This means the profile and geography of potential victims has diversified exponentially. And these victims will become increasingly ‘random’ or illogical when analysed for any commonality.

This lack of commonality will also make it harder to identify when nation states are actually behind attacks, as their fingerprints will be largely removed.

Interestingly too, the interconnectedness of the UK’s infrastructure is starting to provide an asymmetric advantage for some nations we traditionally classify as hostile. North Korea, for instance, hasn’t had the resources to upgrade their infrastructures like the much of the west. This means much of the nation’s infrastructure remains unconnected to the Internet – making it largely insusceptible to cyber threats. The one-way threat posed by some nations may present a unique challenge to the UK and other highly connected nations in the years to come.

A reactive response won’t be enough – We must prepare

Reactive approaches won’t cut it in a threat landscape perpetuated by some of the most intelligent tech minds globally. To have the best chance of protecting data, funds and – most critically – the daily lives of all those living in the UK, we must stop attacks like Colonial Pipeline or WannaCry from happening in the first place.

The UK government must acknowledge the severity of these threats, considering them as destructive and disruptive as warfare in its more typical forms. It must take on board the messages from the National Cyber Security Centre and independent cybersecurity experts, with a view to anticipating an increase in the volume and severity of threats in the coming years. And, most importantly, it must set in place strong cyber-resiliency plans and advanced technologies to help fend off these threats with a prevention-first attitude. Such a security posture starts with neutralising malware before it can exploit systems. Once it’s unable to execute, the downstream consequences, and the resulting efforts to trace, contain and remediate the damage, are dramatically reduced.

In turn, this will make targets less valuable for would-be criminals. Only this way can the NHS, emergency services and other critical national infrastructures continue their hard work in the knowledge that data is confidential, safe and used only in the best interest of the UK and its people.

Browse our latest issue

Intelligent CISO

View Magazine Archive