Around four “nationally significant” cyberattacks have taken place in the UK every week within the last year, with the sharp rise in incidents being ascribed to a new wave of cybercriminals.
There has been a 50% increase in the number of “highly significant” incidents which could potentially have a “serious impact on central government” and UK essential services, said the National Cyber Security Centre. While around half of cyberattacks in 2024 can be attributed to “financially motivated” cybercriminals, according to a report by Cognyte the number of attacks connected to “nation-state actors” rose by 3%, said SC Media UK.
Following the recent cyberattacks on Jaguar Land Rover, Marks & Spencer and Asahi, other major companies are desperately trying to understand these new methods of cybercrime.
How do the new hacking groups work?
One group that has grabbed the headlines is Russian ransomware group Qilin, one of the most “prolific” hackers in the world, said Digit. It has recently claimed responsibility for a cyberattack on Japan’s Asahi Group – which also owns Peroni and UK chain Fuller’s – forcing the “suspension of order and shipment operations in Japan”.
Like many other new groups, Qilin operates as a ransomware-as-a-service (RaaS) network, said IBM. Unlike conventional “gangs”, it functions more as a “business model” that can even run “customer-service portals to help affiliates troubleshoot deployment”.
Whereas traditional attacks were carried out by highly technical malware, this “game-changing” RaaS business model rents out cutting-edge malware in return for “20% to 40% of the profits”. Overcoming the time-intensive and “limited scalability” of old gang models, RaaS provides “nearly anyone with malicious intent” with the means to “carry out powerful attacks using advanced tools”.
Where do they come from?
As recently as August, British intelligence “called out government-linked Chinese companies” in response to a global campaign of cyber-attacks, said Politico, as the “latest step in a decade-long diplomatic dance”. The “Big Four”, namely North Korea, Iran, Russia and China, are highest on the list: three are considered “hostile states” and “Britain has an uneasy relationship with the latter”.
Though it is “most common” for cyber-attacks in Britain to originate in Russia, one of the most prominent groups, Scattered Spider, is “unusual” as it is “homegrown”, experts told The New York Times. The group, believed to be behind the Marks & Spencer and Co-op attacks, appears to be “made up of young English speakers in Britain and the United States”, said the outlet.
How are states using cyber-attacks?
“Once primarily driven by financial motives, these cybercrimes are now deeply intertwined with global conflicts and geopolitical disputes,” said Spambrella.
Countries like Russia, Iran and China are “increasingly relying on criminal networks” to target political “adversaries”, said AP News. Security officials are reporting more and more “growing collaboration” between governments and hackers, demonstrating “increasingly blurred lines” between state espionage and hackers motivated by financial gain.
This “marriage of convenience” is set to become more popular, as the symbiotic relationship is hard to break: governments experience a “boost” in cyber activity “without added cost”, while new profit opportunities and “government protection” are directly in the attackers’ interests.
‘Groups’ and ‘states’ are beginning to form concerning partnerships with new ways to commit cybercrime
