“Malicious actors” are trying to steal coronavirus vaccination schedules and data on new variants, a branch of the GCHQ warned.
The head of the National Cyber Security Agency (NCSC) said the pandemic will likely cast a “significant shadow” for many years to come.
Lindy Cameron added, “Malicious actors continue to attempt to access Covid-related information, whether it be data on new variants or vaccine procurement plans.
“Some groups may also try to use this information to undermine public confidence in the government’s response to the pandemic, and criminals are now regularly using Covid attacks to defraud the public.”
Ms. Cameron spoke on Monday at the Chatham House Cyber 2021 conference, where she named Russia, China, Iran and North Korea among the countries launching cyberattacks.
She said another emerging threat is the rise of a “commercial market for sophisticated cyber exploitation products” where unregulated software could be used for unlawful purposes.
As an example, the officer cited the NSO Group’s Pegasus suite after the Supreme Court found it was used by agents of Dubai ruler Sheikh Mohammed bin Rashid al-Maktoum to hack the phones of his ex-wife and her lawyers .
The allegations disputed by Sheikh Mohammed led the NSO Group to terminate its contract with the United Arab Emirates for violating its rules.
“NSO Group customers reportedly had tens of thousands of global phone numbers as potential targets,” said Ms. Cameron.
“Those with less skill can easily buy techniques and crafts – and obviously these unregulated products can easily be used by those who have no history of responsible use of these techniques. So we have to avoid developing a marketplace for vulnerabilities and exploits that makes us all less secure. “
Ms. Cameron told the conference that ransomware, like the WannaCry cyberattack that hit large parts of the NHS in 2017, is still the most imminent threat to the UK and can affect businesses, schools, councils and critical national infrastructures.
She predicted that the threat of so-called “supply chain attacks”, in which hackers target less secure third-party elements of target organizations, will increase.
One example was the 2020 SolarWinds attack, in which hackers took advantage of a system used by companies to manage IT resources to send out corrupted software updates that allowed them to access customers’ systems.
The US government was one of SolarWinds’ customers, and the hackers were able to access email from the US Treasury, Justice and State departments, and other agencies.
The attack was attributed to a group supported by the Russian state by the British and American governments.
Ms. Cameron said it was “a powerful reminder of the need for governments and corporations to be more resilient should one of their key technology suppliers be compromised”.
The NCSC chief said integrating advanced technology into people’s everyday lives was “a significant challenge”.
“In the coming years, society will benefit enormously from developments that make our lives more efficient and greener, such as smart cities,” she added. “But it is inevitable that our adversaries – be they nation states or cybercriminals – will try to take advantage of the opportunities these changes bring.
“And if they are successful, the potential impact is far greater than the attacks we see today. So we have to make sure that we are in a strong position to use these new technologies safely. “