UK Research and Innovation (UKRI), the UK’s national funding agency for science and research, has been hit by 5.4 million cyber attacks this year, six times as many as last year.
According to freedom of information requests from the Daily Express, 236,400 of these were phishing attacks designed to trick staff into handing over sensitive information.
Another 11,200 were malware attacks, designed to damage computer systems and steal data. The rest were logged as spam or malicious emails.
“These extensive incidents underline the severity of the threat facing public and private sector organisations on a daily basis,” commented Rick Boyce, chief for technology at AND Digital.
“The emergence of AI is seeing new threats and attacks emerge at a pace we’ve never seen before, and this is driving a material increase in successful attacks across all sectors. The effect of this will compound quickly – every organisation needs to adapt moving beyond traditional approaches to protect themselves in a changing environment.”
UKRI, sponsored by the Department for Science, Innovation and Technology (DSIT), invests £8 billion a year in research and innovation.
The attackers appear to be hoping to steal valuable intellectual property and damage UK infrastructure.
With the agency facing cyber threats on this scale, it’s been suggested that the attacks have been waged by a nation state – most likely Russia. Intellectual property in particular has become a key target for state-sponsored threat groups.
Questions raised over scale of attacks
The figures may not be entirely accurate, however. UKRI said that different reporting periods meant that a direct year-on-year comparison couldn’t be made and as such should be taken with a pinch of salt.
However, there’s no doubt that state-backed hacking groups are increasingly targeting critical infrastructure.
Late last year, the UK’s National Cyber Security Centre (NCSC) warned that Russia’s GRU Unit 29155 was targeting government and critical infrastructure organisations for espionage, sabotage and reputational harm
Other groups active over the last few years have included Unit 26165, known as Fancy Bear, and Unit 74455, known as Sandworm. The NCSC dealt with more than 430 incidents in 2024 alone.
“While definitive attribution remains complex, the sophistication of these attacks and the backdrop of geopolitical tensions strongly indicate Russian involvement. These attacks have targeted diverse organizations, causing widespread disruption and financial losses,” warned Cyfirma in a research report late last year.
“Russia has solidified its position as a capable, motivated, and irresponsible cyber threat actor.”
MORE FROM ITPRO
- INSERT STORY LINK
- INSERT STORY LINK
- INSERT STORY LINK
Source link
-
-
-
-
-
-
-
-
