Latest news with #CiaranMartin
Mint
5 days ago
- Politics
- Mint
Chinese hackers are getting bigger, better and stealthier
China's power is growing rapidly every year. From warships to missiles, the country is churning out hardware at an extraordinary rate. In the unseen, online world, it is making similar leaps. On March 4th America's Justice Department charged eight Chinese nationals with large-scale hacking of government agencies, news outlets and dissidents in America and around the world, on behalf of i-Soon, a Chinese company, at the direction of the Chinese government. It also indicted two officials who it said 'directed the hacks". These instances are the tip of a vast iceberg. Over the past decade China's hacking programme has grown rapidly, to the point that in 2023 Christopher Wray, then the fbi director, noted it was larger than that of every other major nation combined. China's growing heft and sophistication have yielded success in three main areas. The first is political espionage, linked primarily to the Ministry of State Security (mss), China's foreign-intelligence service. Last year it emerged that one group of Chinese hackers, dubbed Salt Typhoon, had breached at least nine American phone companies, giving them access to the calls and messages of important officials. Ciaran Martin, who led Britain's cyber-defence agency from 2016 to 2020, compares it to the revelations in 2013 by Edward Snowden, a government contractor, that American spy agencies were conducting cyber-espionage on a huge scale. China was 'gaining vast access to the nation's communications via a strategic spying operation of breathtaking audacity," he says. A second is in domains of little espionage value: hacking that lays the groundwork for sabotage in moments of crisis or war. These efforts are led by the People's Liberation Army (pla), China's armed forces. In 2023 it became apparent that a pla-linked hacking group known as Volt Typhoon had, over several years, burrowed into an extraordinary range of American critical infrastructure, from ports to factories to water-treatment plants, across the continental United States and in strategic American territories such as Guam. All of that builds on a third type of hacking: the industrial-scale theft of intellectual property. In 2013 Mandiant, a cyber-threat intelligence firm, which is now part of Google, made waves when it exposed 'apt1", the label for a group of hackers linked to the pla. apt1 was not focused on stealing political secrets or turning off power grids but on stealing blueprints, manufacturing processes and business plans from American firms. A year later America's government took the then unprecedented step of indicting five pla hackers for this activity. Keith Alexander, a former head of the National Security Agency (nsa), America's signals-intelligence service, described this as 'the greatest transfer of wealth in history". That period ended with a partial truce. In 2015 Barack Obama, then America's president, and Xi Jinping, his Chinese counterpart, announced a 'common understanding". Neither country would conduct cyber-espionage to steal intellectual property. The agreement worked. Shortly afterwards commercial espionage of this sort fell dramatically, if temporarily. But that was simply the start of the new era of political espionage and sabotage. All of these areas have been affected by three big shifts within China's hacking programmes. One is who is doing the hacking. In 2015-16, shortly after being shocked by the Snowden revelations, China reshuffled its cyber forces. The pla was forced to retrench, focusing on military intelligence and reconnaissance—like Volt Typhoon—and its activity declined. The mss took over political-intelligence gathering—like Salt Typhoon—which it conducted with gusto, and commercial espionage, which continued on a smaller scale. 'Nowadays," writes Tom Uren, author of 'Risky Business", a cyber newsletter, 'the mss is the big kahuna." Quieten down, lads Second, Chinese hacking got better. About 20 years ago, when cyber-security firms began tracking the threat, Chinese hackers were 'very, very loud", says John Hultquist of Mandiant, 'incredibly willing to set off alarms, incredibly willing to be caught". A European official concurs. Even five years ago, she says, 'Chinese cyber operators were not considered very sophisticated." That has now changed. 'The speed at which they improve always seems to come as a surprise to Westerners, even though it really shouldn't," says the official. 'If China wants to accelerate in an area, then they will, and they have very smart people." That points to a third shift. Chinese cyber operations now draw increasingly on a large and flourishing private-sector ecosystem which has become a talent pipeline, enabler and force multiplier for Chinese cyber operations around the world. Consider the mss-linked Tianfu Cup in the south-western city of Chengdu (which has emerged as a hub for this kind of activity). It is one of many 'capture the flag" (ctf) competitions in which tech-savvy youngsters compete to show off their hacking prowess by finding and exploiting vulnerabilities in software. China has hosted about 130 of these sorts of events since 2004, most of them after 2014, and many backed by government ministries, according to data collected by Dakota Cary, a consultant at SentinelOne, a cyber-security company, and Eugenio Benincasa of the Centre for Security Studies at eth Zurich. These events can draw huge crowds. The Wangding Cup is organised by the Ministry of Public Security (mps), which runs the country's police force and gathers domestic intelligence. The cup is known as the 'cyber-security Olympics" and can attract 30,000 people, note Mr Cary and Mr Benincasa. The tournaments are scouting grounds for Chinese spooks. As with elite sports, a handful of star hackers tend to drive a team's success. A decade ago Chinese hackers were allowed to travel to contests abroad; that is now restricted. The vulnerabilities they discover—weaknesses in code that can be used to gain access—'are siphoned straight into the state apparatus", says a person familiar with the process. In 2021 the government punished Alibaba Cloud, a tech firm, for divulging a vulnerability without first telling the state. Talent contests are just the start. Last year, documents belonging to i-Soon were leaked on the internet. They showed that the firm was functioning as a private signals-intelligence agency whose targets spanned 23 countries: Nepal's presidential palace, road-mapping data from Taiwan, South Korean telephone logs, Indian immigration systems and Thailand's intelligence service. i-Soon is one of many such firms in Chengdu. The firms are not unstoppable ninjas—the leaked files show evidence of internal arguments, disorganisation and failure—but they add to China's cyber heft. Even where mss hackers do the hacking themselves, they often rely on this corporate hinterland for the tools and infrastructure to enable their attacks. When Chinese hackers first started, they used to come, undisguised, 'right out of Shanghai networks", says Mr Hultquist. Today they make use of operational-relay-box (orb) networks, built and maintained by private firms, which use compromised devices around the world, such as home internet routers, to disguise the origin of attacks. The increasing scale, sophistication and aggression of Chinese hacking are 'by far the most significant shift in the cyber-threat landscape in well over a decade", notes Mr Martin. Volt and Salt Typhoon, on their own, 'are strategic compromises of the West on a scale hitherto unseen by any other cyber power", he warns. It is not yet an all-out cyberwar. 'What separates China from their peers like Russia, North Korea and Iran", says Mr Hultquist, is that those states routinely cross the line from espionage to disruption, from spying and reconnaissance to outright sabotage. China has 'never pulled the trigger", he says. Even in American infrastructure networks, China has stopped short of inserting destructive code. 'We can see them doing the reconnaissance. We can see them getting into place. They're not showing us the weapon."
BBC News
20-05-2025
- Business
- BBC News
Gloucester City Council boss says nobody safe from cyber attacks
The managing director of a council, who advises local authorities on cyber security, says no organisation is 100% safe from cyber attacks. Gloucester City Council's computer systems were crippled by hackers four years ago which cost about a million pounds to put right. Despite better protections and firewalls, there is a concern that the number of councils across the country make them a target because they are a government body, and there are many of McGinty, managing director of Gloucester City Council, said organisations have a "duty" to minimise and mitigate risk. He said: "I think we also have a duty to prepare for the possibility that the hackers do get through some chink in someone's armour and can attack us." When the Gloucester City Council was hit by hackers in December 2021, the group demanded ransom payment for decrypting all of the council's servers and threatened to release sensitive data onto the "dark web". Mr McGinty said: "Everything became slower or harder to achieve.""One of the impacts that really affected Gloucester residents was land searches for people moving house, and our land searches system was beyond control – it wouldn't work. "So people were struggling to get a mortgage because they couldn't do a land search on a property they were looking to buy, so the whole of Gloucester's house market froze up for a number of months." Mr McGinty told the BBC the gang targeting Gloucester City Council fell out with each other after the Russian invasion of Ukraine, so no further demands were now being better protected than ever before, the city council still get thousands of attempted attacks on its IT system every former head of the National Cyber Safety Centre (NCSC), Ciaran Martin, said his "biggest cyber-security worry" is the threat of simultaneous attacks on public services, like councils and hospitals, which has the potential to "wreck lives".According to the Information Commissioner's Office, there were 202 ransomware attacks on local councils in government said it was "taking action to protect local councils by providing funding to increase their cyber defences".Mr Martin fears the attack on the council, and other public services, could have "shown hostile nation states how to disrupt our society".
Business Times
02-05-2025
- Business
- Business Times
Cyberattacks blight Britain's retailers as M&S, Co-op's systems' breached
[LONDON] Britain's Marks & Spencer (M&S) entered a second week unable to take online orders on Friday (May 2) following a major cyberattack, while food retailer the Co-op Group said hackers had stolen customer data. Some £700 million (S$1.2 billion) has been wiped off the stock market value of M&S since the hack was revealed last week, and news that the Co-op and London department store Harrods have also faced incidents in recent days was described as a 'wake up call' by the government's National Cyber Security Centre (NCSC). British companies, public bodies and institutions have been hit by a wave of cyberattacks in recent years, costing them tens of millions of pounds and often months of disruption. The 141-year-old M&S, one of the best known names in British business, stopped taking clothing and home orders through its website and app on Apr 25 following problems with contactless pay and click-and-collect services over the Easter holiday weekend. The Co-op first revealed a cyberattack on Wednesday but said on Friday that information relating to a significant number of its current and past members, including personal data such as names, contact details and dates of birth had been taken. Ciaran Martin, former chief executive of NCSC, told Reuters that so far there were no signs that the attacks on M&S, the Co-op and Harrods were linked, with the latter two possibly discovered as a result of increased vigilance following the M&S incident. BT in your inbox Start and end each day with the latest news stories and analyses delivered straight to your inbox. Sign Up Sign Up 'If this can happen to M&S, it can happen to anybody,' he said, noting that after such a serious attack there was nothing unusual about the length of the recovery period. On Friday, M&S CEO Stuart Machin again apologised to shoppers, without saying when online ordering would resume. 'We are working day and night to manage the current cyber incident and get things back to normal for you as quickly as possible,' he said in an email sent to M&S customers. With M&S, which has about 1,000 stores across Britain, making around one-third of its clothing and home sales online, analysts said a short-term profit hit is inevitable. M&S declined to quantify the financial impact, which is growing by the day as it misses out on sales of new season ranges with the UK basking in record May temperatures. Commuters were locked out of their accounts for almost three months last year after a cyberattack at London transport operator TfL, while a cyberattack on a blood test processing company in London also last year disrupted services for more than three months. Availability of some food products has also been affected in some M&S stores, while the disruption may be having a broader impact on the business, which has pulled job postings on its website. Shares in M&S closed down 1 per cent, extending losses since Easter to about 9 per cent. Helen Dickinson, CEO of trade body British Retail Consortium, said cyberattacks were becoming 'increasingly sophisticated', forcing retailers to spend hundreds of millions of pounds every year on defences. 'All retailers are continually reviewing their systems to ensure they are as secure as possible,' she said. Technology specialist site BleepingComputer, citing multiple sources, said a ransomware attack that encrypted M&S's servers was believed to have been conducted by a hacking collective known as 'Scattered Spider'. NCSC is working with the affected retailers, while the Metropolitan Police's Cyber Crime Unit and the National Crime Agency are investigating the M&S attack. 'These incidents should act as a wake-up call to all organisations,' said NCSC head Richard Horne. Labour lawmaker Matt Western, chair of parliament's Joint Committee on the National Security Strategy, said the government should do more to prevent major cyberattacks. 'As the government concludes its consultation on proposals to counter ransomware, I hope its response treats these threats with the seriousness they clearly deserve.' REUTERS
The Independent
01-05-2025
- Business
- The Independent
The M&S cyberattack has caused chaos – Britain's enemies will be watching and learning
Shoppers looking to top up their Sparks points or pick up their weekly groceries may find things difficult this week at Marks & Spencer, which is still reeling from the i mpact of a cyber incident – believed to be a ransomware attack – launched against its business last month. Co-op shoppers may well count their blessings, as we've recently learned that the retailer has taken 'proactive measures' to mitigate the dangers of its own cyberincursion. Combined with evermore headlines about high-profile hacks, and even suggestions that cybercrime was behind the recent countrywide power outage in Spain and Portugal – something the countries have denied – it's easy to think we're in the throes of a major hacking flurry. Such a supposition would be correct. The cold, hard reality is that although we're facing the impact of the attacks first-hand, with bare supermarket shelves and disrupted businesses, when it comes to the problems businesses are facing daily from cybercriminals, this is just a drop in the ocean. 'These are high-profile names so make the headlines, but they are the tip of an iceberg of attacks daily,' says Alan Woodward, professor of cybersecurity at the University of Surrey. 'These serious criminal attacks tend to come in fits and starts, with no obvious pattern,' says Ciaran Martin, a former head of the National Cyber Security Centre, and now a professor at the University of Oxford. While many have been keen to try and combine the attacks against supermarkets with other unrelated issues to cybercrime such as the electricity outages in Spain and Portugal, the reality is that there's often little connection between the individual attacks. 'I don't think these particular attacks are linked,' says Woodward. 'They're probably different malware and groups.' While little is known about the attempted hack that the Co-op reportedly managed to repel recently, the hacking group behind the Marks & Spencer attack is believed to be Scattered Spider, an English-speaking group whose members were linked to a 2023 ransomware attack against two US casino operators, which brought Las Vegas hotels to their knees. The reason why hackers launch these attacks is simple: many victims end up paying. Although official advice is to stand firm against criminals, the chaos it can cause to businesses – one retail expert has said M&S could be losing £3.5m a day in lost sales, while its stock market value has also taken a hit – means many do pay up. That results in a bonanza for cybercriminals. While the total estimated takings by ransomware gangs in 2024 of $813m was down from 2023's record-breaking year of $1.25bn, according to Chainalysis, it's still a pretty penny. The UK government is planning on introducing legislation to make ransomware payments by public bodies illegal. And each attack has an impact. 'They're a reminder to private and public sector leaders that rampant cybercrime is a potent threat to their organisation,' says Martin. He's also concerned that the attacks and our comparatively limp response to solving the issue (M&S has been struggling to fix things since Easter) set a precedent that encourages more hacks. 'What it does indicate is the inexorable rise in the number of attacks,' says Woodward. 'We're getting better at repelling attacks, but occasionally one will get through due to the increasing volume.' It's akin to the old warning by the Provisional IRA in the 1980s: 'We only have to be lucky once. You will have to be lucky always.' 'My national level worry is that this gives other bad actors a playbook on how to disrupt Britain at scale,' says Martin. 'We can cope with these attacks individually, painful though they are. But what if lots of them are launched at the same time? I think that's becoming the strategic worry rather than the single big, spectacular, Hollywood movie cyberattack.' Leaders in countries like Russia, North Korea and Iran – all of which reportedly have state-sponsored hacking groups, and all of which have tried one time or another to target western countries like the UK with these kinds of attacks – will be looking on and learning from how we're responding to these mischief makers and private criminal enterprises. 'There are worrying signs that some potentially hostile states are catching on to the potential of these types of attacks as a weapon against us,' says Martin. 'They're learning from the criminals.' 'Today's hackers don't just break into computers; they break the trust between companies by abusing supplier links, employee accounts and APIs all along the supply chain,' says Nathaniel Jones, vice president of security and AI strategy at Darktrace, a cybersecurity company. Tackling that scourge is tricky, says Jones. Having deep defences, and an environment where individuals are always asked to prove their identities, and to limit access to private files – sometimes called a 'zero-trust' approach – can help. 'But putting those ideas into practice is tough in retail, where systems and suppliers change all the time,' Jones admits. Still, more work needs to be done – and it can't just be from the businesses themselves, believes Jones. 'The government also has an opportunity to drive up cybersecurity standards in its upcoming Audit and Corporate Governance Bill, which could play an important role in addressing these risks,' he says. The reason why we need to address the issue can be seen on the shop floors and hospital wards that have faced down the hackers and struggled. 'The disruption is a direct result of our hyper connectivity, and the fact that many have moved their services online as it's cheaper,' says Woodward. 'The government has identified what is critical infrastructure and does make efforts to work with those that provide the services so they are robust. But loss of a single service, say an online government service where one can deal with them only online, can cause enormous disruption to life.' Woodward believes government is less worried about a single big attack and more lots of individual, sustained attacks against smaller, softer targets. 'Yes, someone might try to take out the grid – and never say never – but it's more likely it will be gumming the works in local government, telecoms, hospitals and banking,' he says. It's for that reason that Woodward keeps cash and a few days' worth of water in his cupboard – and food too. Because you never know when the shops might stop.
Yahoo
30-04-2025
- Business
- Yahoo
Co-op fends off hackers as police probe M&S cyber attack
The Co-op has shut down parts of its IT systems in response to hackers attempting to gain access to them. It said the "proactive measures" it had taken to fend off the attack had had a "small impact" on its call centre and back office. Meanwhile, The Metropolitan Police has confirmed it's looking into the major cyber attack at fellow retailer Marks & Spencer (M&S). "Detectives from the Met's cyber crime unit are investigating," it said in a statement. It is not known whether there is any link between the two incidents. There are more than 2,500 Co-op supermarkets in the UK, as well as 800 funeral homes. It also provides food to Nisa shops. A spokesperson confirmed its shops and funeral homes were operating as usual following the attempted hack. "We are working hard to reduce any disruption to our services and would like to thank our colleagues, members, partners and suppliers for their understanding during this period," they said. "We are not asking our members or customers to do anything differently at this point." It comes as M&S enters the second week of a cyber attack that has caused chaos costing it millions of pounds in lost sales. The retailer has not said what took out its online ordering systems and left empty shelves in stores. Ciaran Martin, the founding Chief Executive of the National Cyber Security Centre (NCSC), told the Today programme on BBC Radio 4 on Wednesday it had "serious" consequences for M&S. "It is a highly disruptive event and a very difficult one for them to deal with," he said. Experts have told the BBC they believe the cyber attack affecting M&S is a result of ransomware called DragonForce. Ransomware is malicious software which locks an owner out of their computer or network and scrambles their data - with the criminals demanding a fee to unlock it. It is not known whether the Co-op discovered the hacking attempt as a result of any extra security checks following the cyber attack on its high street rival. Dan Card, cyber expert at BCS, the chartered institute for IT, said it was "very rare" for a firm to take systems offline after an attempted hack. "Taking systems offline is typically indicative of either a loss of control or to defend against a zero day where no patch is available," he said. A "zero day" is a term for a vulnerability in a computer system which its owners don't know about - meaning anybody can exploit it. There have been similar hacking attempts on supermarket chains in the past, with Morrisons being impacted by an incident in December 2024. Meanwhile, the banks Barclays and Lloyds were hit by outages earlier in 2025. Cyber attack on M&S leads to click and collect delays M&S customers in limbo as cyber attack chaos continues Sign up for our Tech Decoded newsletter to follow the world's top tech stories and trends. Outside the UK? Sign up here.
