CISOs have been warning for some time that cybercriminal gangs, especially those with pro-Russian sympathies, could easily target critical infrastructure in the UK. In fact, in January and February 2023, Royal Mail’s default courier carrier in the UK was hit by a ransomware demand that crippled organizations’ ability to send or receive parcels within or outside the country. The attackers claimed to belong to the LockBit group, a gang of criminals believed to have Russian origins or sympathies. True, they used a version of the LockBit ransomware framework.

It should therefore come as no surprise to anyone in power in the UK that pro-Russian groups can target potentially vulnerable UK critical infrastructure. In addition to the pressure of updating legacy systems in a process of digital transformation and a recent history of political chaos and economic suicidethe country’s systems may have attracted the interest of pro-Russian cybercrime groups following former Prime Minister Boris Johnson’s swift condemnation of President Putin’s illegal invasion of Ukraine and actions to freeze Russian assets in the UK.

Johnson was subsequently ousted from power after almost his entire cabinet resigned over honesty issues, and is currently facing an investigation to find out if he misled the UK parliament during the Covid pandemic.

New announcement, old news.

But today British Minister Oliver Dowden told the CyberUK Conference in Belfast that Britain’s critical national infrastructure was threatened by “Wagner-type” assailants (Wagner being a reference to Russian mercenaries currently trying to kill people in Ukraine).

Raising perhaps an eyebrow or two from anyone in the infrastructure security industry, for whom this was pre-existing knowledge, Mr. Dowden, who is Chancellor of the Duchy of Lancastersaid he did not disclose this threat lightly.

But he added that the government and, more importantly, the National Cyber ​​Security Center – felt it was necessary if we are to get these companies to understand the current risk they face and take action to defend themselves and the country.

Mr. Dowden then announced his intention to set cyber-resilience targets for critical sectors to achieve within two years. He also said private sector companies working on critical infrastructure would be subject to resilience regulations.

Justifying the move, he explained that “These are the companies in charge of running our country. To keep the lights on. Our shared prosperity depends on them taking their own security seriously.

Spoil for a fight.

It should be noted that the current UK government has been in power for 13 years and is facing strikes in several sectors simultaneously.





But as we mentioned, the idea of ​​pro-Russian cybercriminals attacking UK critical infrastructure isn’t particularly new, despite the announcement meaning it East particularly plausible.

The investment shopping list.

Lindy Cameron, CEO of the NCSC, also speaking at the Dublin conference, echoed Mr Dowdens’ warnings, giving them added weight.

“If the UK is to be the safest place to live and work online, resilience must urgently move to the top of our investment shopping list,” she said.

In fact, the NCSC went so far as to issue an official threat alert to critical businesses, warning that pro-Russian cyber gangs were likely to be less predictable than fully state-sponsored groups, as they are not not subject to formal controls and levels. power.

“Some have said they want to achieve a more disruptive and destructive impact against Western critical national infrastructure, including in the UK,” the NCSC said.

“We expect these groups to look for opportunities to create such impact, particularly if systems are poorly protected.”

A recent Tech HQ interview with Mike McLellan, Director of Intelligence at Secureworks Counter-Threat Unitseemed to confirm this assessment, as older and more mature cybercriminal groups aim to fly well below the radar of the international response, while younger and newer actors with a name to go may well fall out of the game. scenario and launch attacks where they can.

Previous interviews with Deryck Mitchelson, Field CISO at Checkpointalso particularly highlighted the threats to the UK’s critical infrastructure, including the country’s national socialized medical service, the NHS, which is currently undergoing a significant digital transformation, but also suffers from legacy equipment, severe understaffingand also potentially significant staff demotivation, both nurses, paramedics and junior doctors within the system are currently organize strikes over wages and conditions due to prolonged underfunding of the service.

“Show me the money!

Mr. Dowdens’ announcement appears to imply more cybersecurity regulation in critical national infrastructure companies and organizations, but does not appear to have made mention of government financial support to secure these critical infrastructure elements against any threats. imminent and keep the lights on.