"Ransomware is proliferating - we’ve seen twice as many attacks this year as last year in the UK – but the reason is proliferating is because it works; it just pays." Sir Jeremy Fleming, Director of GCHQ, struck a sober note on the range of threats the UK faces at the Cipher Brief Annual Threat Conference on Monday.
Speaking with Suzanne Kelly, CEO and Publisher of The Cipher Brief, intelligence veteran Fleming stressed the importance of a robust response to cybercrime: "In the shorter term we’ve got to sort out ransomware and that is no mean feat in itself. We have to be clear on the red lines and behaviours that we want to see, we've got to go after those links between criminal actors and state actors and impose costs where we see that."
He was speaking days after a multi-country operation against the ransomware group REvil. A leadership figure known as "0_neday," said REvil's Tor-based portal had been hacked by an unnamed party: "The server was compromised, and they were looking for me," 0_neday wrote on a cybercrime forum last weekend, as first spotted by security firm Recorded Future. "Good luck, everyone; I'm off."
As Fleming emphasised, however: "Sorting that out isn't anymore the preserve of spy agencies or niche security organisations it's a genuine public, private and international partnership and getting that right is probably the single most important thing we could do" -- with the GCHQ director striking a counterbalancing cautionary note to the more gung-ho of his colleagues in national security, saying "with due respect to all of my military colleagues on both sides of the pond there is real danger of over-militarising the cyber domain..."
That said, he added: "I'm pretty clear from an international law perspective and certainly from our domestic law perspective you can go after them [cyber criminals] but there's a lot of things here that need to go fall into place to make that happen -- and we’re quite a long way off really addressing the profit model which is making this just so easy for criminals to exploit at the moment."
GCHQ Director's speech: "It's not rocket science..."
As Fleming emphasised, there's still so much work needed at most organisations to get the basics right: "It's not rocket science to defend against this sort of stuff. We know that if you do fairly basic cyber security -- if you are really clear at an organisational level about things that you need to protect and if you are very diligent in implementing the guidance of your cyber security professionals and your technology partners -- then you're going to protect yourselves, or at least make you harder [to target] than competitors. It's a really boring lesson, we hack on about it a lot in the UK: Back up your data, make sure you've got your admin sorted out, make sure your passwords are properly protected, exercise all of this: work out where your thresholds are, have thought in advance how you would respond if you were approached for ransom, all those sorts of things, it’s just basic stuff."
His speech came after more substantial comments in the wake of this spring's Integrated Review of Security, Defence, Development and Foreign Policy published Tuesday, March 16, which (mentioning “cyber” 156 times) said the UK would “make much more integrated, creative and routine use of the UK’s full spectrum of levers – including the National Cyber Force’s offensive cyber tools – to detect, disrupt and deter our adversaries” and while short-term responses to the cybercrime epidemic were a focus, Fleming struck an even more cautionary note about the extent to which other emerging technologies are going to transform the world, paraphrasing "one American leader" he was speaking to recently in noting "if you think that the changes we've seen from coronavirus are significant wait till you see the way in which machine learning and AI is going to affect our labour markets."
