N. Korean Hackers Plan to Devastate UK

Hacking groups linked to North Korea will continue to devastate the UK with major cyberattacks over the next year, former GCHQ director Robert Hannigan has warned.

Referencing WannaCry, a malware outbreak which has been linked to the rogue state, the ex-spy chief said there will be "more collateral damage and more unintended consequences."
"The technical sophistication of the threats is going to get worse, without question," Hannigan said during a recent FT cybersecurity summit in the heart of London. "We'll see more ransomware, we'll see a greater scale of attacks," he added.

WannaCry, a rapidly-spreading form of ransomware, emerged back in May and eventually affected hundreds of thousands of computers in 150 countries.

In the UK, the National Health Service (NHS) was hit in the cyber-assault. It was not specifically targeted, but instead was a victim of what Hannigan branded "collateral damage."

According to data released by the National Audit Office (NAO), nearly 20,000 appointments were disrupted by the incident. An independent audit found "basic IT procedures" could have halted the hack. 

Hannigan voiced concern about the overlap of state and crime in cyberspace. He noted: "The critical thing is that there are players out there now behaving badly enough not really to care.
"Either because they don't have a stake in the international system, or they have a stake but actually, that's a threshold of damage that they can live with in order to deliver whatever effect they want to deliver. And they would expect the rest of the world just to live with that.

"I think we will see more of that - more collateral damage and more unintended consequences."

While attribution will never be 100% concrete, a clandestine unit known as "Lazarus Group" was linked to the WannaCry outbreak by similarities in hacking tools spotted in other incidents.

UK security minister, Ben Wallace, told the BBC in October the government "quite strongly" believed North Korea was responsible for the cyberattack on the healthcare system.
"I obviously can't go into the detail of intelligence, but it is widely believed in the community and across a number of countries that North Korea had taken this role," he said.
Hannigan quit as GCHQ chief in January this year, citing personal reasons. In September, it emerged he had been appointed as cybersecurity advisor to insurance firm Hiscox UK and Ireland. However, his stance on hacking has been echoed by those still working for the government.

In late October, National Cyber Security Centre (NCSC) chief Ciaran Martin warned that he expected a "significant scale attack" on the UK is likely to take place in the coming years.
"WannaCry was really a reasonably sophisticated tool, used rather ineptly," he commented.
"They will learn from that. People always do. They will get better at using those tools, and there are far more sophisticated tools out there, and they will start to use them." 

He added: "If you look at the NHS, nobody would seriously believe that the North Koreans wanted to attack the NHS, and not least because they were never going to pay a ransom."

IBTimes:

You Might Also Read: 

N.Korea Will Target UK Financial Services:

Former Spy Chief Takes Top Cybersecurity Job:

Director's Departure Leaves A Big Hole At GCHQ:

Spying On You In Britain:
 

« When Guns And AI Work Together
Computers Say ‘No’ But AI’s Decisions Must Be Fair & Transparent »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

Information Systems Security Association (ISSA)

Information Systems Security Association (ISSA)

the Information Systems Security Association (ISSA) is an international organization of information security professionals and practitioners.

Mitol PerfectBackup

Mitol PerfectBackup

Mitol PerfectBackup provide Enterprise Online Backup, Disaster Recovery and Cloud Computing Services.

Illusive Networks

Illusive Networks

Illusive Networks is a cybersecurity company at the forefront of deception technology, the most effective protection against Advanced Attacks.

Emerson Electric Co

Emerson Electric Co

Emerson provides industrial automation systems and associated cybersecurity solutions to protect critical process control systems from cyber attack.

Cyber Future Foundation (CFF)

Cyber Future Foundation (CFF)

CFF was established to create a cyberspace where digital commerce and innovation can thrive based on trust and respect to individual privacy.

Temasoft

Temasoft

TEMASOFT is a software company focused on developing security and infrastructure products.

Government Communications Security Bureau (GCSB)

Government Communications Security Bureau (GCSB)

GCSB contributes to New Zealand’s national security by providing information assurance and cyber security to the New Zealand Government and critical infrastructure organisations.

Verificient Technologies

Verificient Technologies

Verificient Technologies specializes in biometrics, computer vision, and machine learning to deliver world-class solutions in continuous identity verification and remote monitoring.