Cyberattacks by the UK’s enemies are becoming “relentless” as we enter a “new era” of global conflict, an expert has warned.
It comes after Russian hackers allegedly acquired top secret security information on some of the UK’s most sensitive military sites, including the HMNB Clyde nuclear submarine base on the west coast of Scotland and the Porton Down chemical weapon lab.
The “potentially very damaging” attack last month by hacking group LockBit, which has known links to Russian nationals, saw thousands of pages of data leaked onto the dark web after private security firm Zaun was targeted, the Sunday Mirror newspaper reported.
The company, which provides security fencing for sites related to the Ministry of Defence, said it had been the victim of a “sophisticated cyberattack”.
Responding to the news, Kevin Curran, professor of cybersecurity at Ulster University, told the PA news agency that LockBit’s attack was “serious” as we approach a potential “World War Three” following Russia’s invasion of Ukraine.
He said the raid was “likely” sponsored by the Russian state given the nature of its target and that cyber attacks by Britain’s enemies had become “relentless”.
Professor Curran warned that we were unprepared for this new era as third party companies which hold data on our military infrastructure were not being properly regulated.
He said: “You can’t just expect third party suppliers to adhere to your rules.
“There is always a risk when you have third party suppliers and you do wonder if they adhere to industry best practice.
“It is a worry because everything is online now – cybercrime is the biggest crime in the world.
“Given the new era we are entering which is the brink of World War Three everything is serious.
“They are relentless with these attacks. Their best way into our country is through our cyber-security. This is the nation at risk.
“In this case, given the target, my money would be on this being state-sponsored.”
It comes after Labour MP Kevan Jones, who sits on the UK Commons Defence Select Committee, urged the British government to explain why Zaun’s computer systems were “so vulnerable”, warning: “This is potentially very damaging to the security of some of our most sensitive sites.”
“Any information which gives security arrangements to potential enemies is of huge concern,” he added.
This is potentially very damaging to the security of some of our most sensitive sites.
The Government needs to explain why systems were so vulnerable.https://t.co/g9P2LWJAbw— Kevan Jones (@KevanJonesMP) September 3, 2023
The UK government has so far declined to respond to concerns, with a spokesperson saying: “We do not comment on security matters.”
In a statement on its website published on Friday, Zaun said it had taken “all reasonable measures to mitigate any attacks on our systems” and explained that they had referred the matter to the National Cyber Security Centre (NCSC).
It explained that the breach occurred through a “rogue Windows 7 PC” that was running software for one of their manufacturing machines but that the network was “otherwise up to date”.
It said: “At the time of the attack, we believed that our cyber-security software had thwarted any transfer of data.
“However, we can now confirm that during the attack LockBit managed to download some data, possibly limited to the vulnerable PC but with a risk that some data on the server was accessed.
“It is believed that this is 10 GB of data, 0.74 per cent of our stored data.
“It is well known that Zaun is a specialist in high-security perimeter fencing and has supplied fencing to many high-profile sites.
“Sites where our products are used include prisons, military bases and utilities.”
Zaun has been approached for further comment.