The hacking of the complex supply chains of major corporations are likely to increase as agents try to replicate the chaos of the SolarWinds cyberattack on the United States, the head of Britain's cyber security has said.
Lindy Cameron, chief executive of the UK’s National Cyber Security Centre (NCSC), on Monday said such devastating attacks were likely to continue for years, alongside ransomware threats and the continued upheaval caused by the Covid-19 pandemic.
US authorities blame Russian intelligence services for the 2020 attack on the technology supplier SolarWinds, which provides network services to thousands of companies and agencies.
The successful effort to slip malicious software into one of its services led to the perpetrators compromising dozens of companies and government departments including the US Treasury and the Pentagon.
Attacks on supply chains were an attractive prospect in the hands of sophisticated actors and the “threat from these attacks is likely to grow”, Ms Cameron told Chatham House's Cyber 2021 Conference.
“It's particularly the case because we anticipate that technology supply chains will become increasingly complex in coming years," she said.
“And SolarWinds was a stark reminder of the need for governments and enterprises to make themselves more resilient should one of their key technology suppliers be compromised.”
She identified China and Russia as the biggest state threats and also highlighted hacking operations from Iran and North Korea.
The US in March identified three online publications directed by Russia’s intelligence services that it said was seeking to undermine Covid-19 vaccines.
Ms Cameron said that the coronavirus pandemic continued to cast a “significant shadow” on cybersecurity through efforts to spread misinformation to steal technical information about vaccines and the programmes to distribute them.
But she said the vast majority of hacks came from criminals rather than state-led attacks.
Ransomware – a form of malicious software that locks computers until the victim pays a fee to the criminals – remained popular while companies failed to protect themselves and kept paying up on demand.
“Ransomware presents the most immediate danger to UK businesses and most other organisations," she said.
“Improving our resilience also plays a key role in deterring cyber attacks as our adversaries will see that an attack against the UK is likely to be less effective and the perceived benefits will be reduced.”