UK told of significant threat as state actors seek to use AI attack systems

A cyber expert has decried AI-powered cyberwarfare as “in its heyday”, as the UK’s cyber chief warned that the threat to the nation’s most critical infrastructure is “enduring and significant”, amid a rise of state-aligned groups, an increase in aggressive cyber activity, and ongoing geopolitical challenges.

The UK National Cyber Security Centre (NCSC), part of GCHQ, has published its latest Annual Review, which stated that the UK needs to accelerate work to keep pace with the changing threat, particularly in relation to enhancing cyber resilience in the nation’s most critical sectors.

These sectors include those that provide the country with safe drinking water, electricity, communications, its transport and financial networks, and internet connectivity.
It added that over the past 12 months, the NCSC has observed the emergence of a new class of cyber adversary in the form of state-aligned actors, who are often sympathetic to Russia’s further invasion of Ukraine and are ideologically, rather than financially, motivated.

NCSC CEO Lindy Cameron said: “The last year has seen a significant evolution in the cyber threat to the UK – not least because of Russia’s ongoing invasion of Ukraine but also from the availability and capability of emerging tech.

“As our Annual Review shows, the NCSC and our partners have supported government, the public and private sector, citizens, and organisations of all sizes across the UK to raise awareness of the cyber threats and improve our collective resilience.

“Beyond the present challenges, we are very aware of the threats on the horizon, including rapid advancements in tech and the growing market for cyber capabilities. We are committed to facing those head on and keeping the UK at the forefront of cyber security.”

In May this year, the NCSC issued a joint advisory revealing details of ‘Snake’ malware, which has been a core component in Russian espionage operations carried out by Russia’s Federal Security Service (FSB) for nearly two decades.

In its report the NCSC has reiterated the warning of an enduring and significant threat posed by states and state-aligned groups to the national assets that the UK relies on for the everyday functioning of society.

The Annual Review highlights a new trend of malicious actors targeting the personal email accounts of high-profile and influential individuals involved in politics. Rather than a mass campaign against the public, the NCSC warns that there is a “persistent effort” by attackers to specifically target people who they think hold information of interest.

The NCSC assesses that personal as opposed to corporate accounts are being targeted as security is less likely to be managed in depth by a dedicated team. In response, earlier this year the NCSC launched a new opt-in service for high-risk individuals to be alerted if malicious activity on personal devices or accounts is detected and to swiftly advise them on steps to take to protect themselves.

The Annual Review also highlights how the next general election will be the first to take place against the backdrop of significant advances in artificial Intelligence (AI), which will enable and enhance existing challenges.

“More specifically, the NCSC assesses that large language models (LLMs) will almost certainly be used to generate fabricated content; that hyper-realistic bots will make the spread of disinformation easier; and that deepfake campaigns are likely to become more advanced in the run up to the next nationwide vote, scheduled to take place by January 2025,” it warned.

As part of broader risks to the UK’s cyber security, the Annual Review highlights that the NCSC continues to see evidence of China state-affiliated cyber actors deploying sophisticated capability to pursue strategic objectives which “threaten the security and stability of UK interests”.

In May, the NCSC and international partner agencies issued a joint advisory highlighting how recent China state-sponsored activity had targeted critical infrastructure networks in the US and could be applied worldwide.

Having read the report David Critchley, regional manager UKI at cyber specialists Armis  said the report’s contents whilst stark were not unexpected.

“The warnings issued by the NCSC come as no surprise,” he explained. “AI-powered cyberwarfare is unfortunately in its heyday. This drastic change in boldness has brought cyberwarfare out from the shadows into the open – arguably flaunted by threat actors and nation-states – with seriously ill-intent.

“As citizens we have yet to become used to the idea of cyberwarfare being a legitimate tool that a country can employ, but the truth is that we are all on the front line. Unlike traditional physical warfare, cyberwarfare has no natural borders. It’s much cheaper too – cyber criminals can strike halfway across the world with no physical risk to their people with very few logistics. That said, these attacks cause significant disruption to the everyday lives of civilians, such as limiting access to hospitals and influencing electoral processes.”