The UK’s cyber security agency dealt with more than 60 “nationally significant” cyber attacks over the past year, an official report has revealed.
The National Cyber Security Centre (NCSC), part of GCHQ, did not directly specify what the attacks were, but did talk about ransomware attacks against the NHS 111 helpline service and also the water utility company, South Staffordshire Water, which triggered national responses.
“The threat from ransomware was ever present – and remains a major challenge to businesses and public services in the UK,” the NCSC said in its annual review, released on Tuesday.
It said a growing focus over the past year has been supporting Ukraine’s cyber defenders in fending off widespread and aggressive cyber attacks by Russia in the wake of President Vladimir Putin’s invasion.
The NCSC said the war had “brought the cyber security threat into sharper focus in the UK”.
The UK government earlier on Tuesday revealed for the first time a previously covert effort to help Ukraine defend itself from cyber attacks under a programme worth more than £6m.
“Ukrainian authorities – assisted by the NCSC – created strong cyber defences, limiting the impact of Russian operations,” the annual report said.
Ukraine war: British spies playing key role in defending Kyiv from Russian cyber attacks
Ransomware attack on NHS systems could take weeks to fix, major IT provider warns
Ministers coordinating ‘resilience response’ after ‘major’ cyber attack hits NHS systems across UK
“Ukraine’s successful defensive operations was an exemplar to network defenders across the world.”
The cyber centre also touched on China. It said Beijing’s evolving technological capabilities will likely be the single biggest factor affecting UK cyber security in the future.
Despite the risk posed in cyber space by foreign states, the biggest threat to British civilians and small businesses online is from cyber criminals, according to the report.
This included phishing attacks and the hacking of social media accounts. For example, there were 2.7 million cyber-related frauds in the 12 months to March 2022.
Summing up its work over the past 12 months, the NCSC said its officials managed the response to hundreds of cyber incidents. This included 63 events that it described as “nationally significant”.