More than a quarter of all cyber-attacks handled by Britain’s cyber-security agency in the past year involved criminals and hostile states exploiting the COVID-19 pandemic, a new report has revealed.
The National Cyber Security Centre (NCSC), which is a branch of the UK’s signals intelligence agency GCHQ, defended the UK from an average of 60 attacks per month during the past year, according to its latest annual report, which was published on Tuesday.
Between Sept. 1, 2019, and Aug. 31, 2020, the NCSC handled 723 incidents, with 194 related to the CCP (Chinese Communist Party) virus, which caused the COVID-19 pandemic.
These included both cyber criminals looking to exploit public fear over the pandemic with virus-related online scams and hostile states targeting vaccine research.
In May, the NCSC issued a joint advisory with the U.S. Cybersecurity and Infrastructure Security Agency (CISA), exposing malicious cyber campaigns targeting international health care and medical research organisations involved in the CCP virus response.
In July, the NCSC revealed Russian cyber actors, known as APT29, had been targeting organisations involved in vaccine development.
The NCSC provided support for the health care sector this year by scanning more than 1 million IP addresses in the National Health Service (NHS) for vulnerabilities, which led to the detection of 51,000 indicators of compromise, the report said.
“The world changed in 2020 and so did the balance of threats we are seeing,” Jeremy Fleming, director of GCHQ, said.
He said the NCSC’s expertise “has been invaluable in keeping the country safe, enabling us to defend our democracy, counter high levels of malicious state and criminal activity, and protect against those who have tried to exploit the pandemic.”
The UK government has repeatedly warned against attempts by hostile states, including China, to steal vaccine research from Western institutions.
In July, Foreign Secretary Dominic Raab expressed concerns over evidence that the Chinese regime was engaged in malicious cyber-attacks against commercial, medical, and academic institutions in 11 countries, including the UK.
It followed the U.S. indictment of two Chinese hackers for stealing millions of dollars worth of trade secrets and other sensitive information, and attempting to steal research on COVID-19.
Last month, MI5 Director-General Ken McCallum said his agency’s 2020 agenda had “been dominated by the pandemic”, especially the need to protect UK research on COVID-19 vaccines from theft or sabotage by hostile foreign states.
Lily Zhou contributed to this report.