The UK National Cyber Force (NCF) – a partnership between the country’s armed forces and the Government Communications Headquarters (GCHQ) – disclosed details about its approach to ‘responsible cyber operations to counter state threats, support military operations, and disrupt terrorists and serious criminals’.
The document outlines that central to NCF’s approach is the ‘doctrine of cognitive effect’ – using techniques that have the potential to sow distrust, decrease morale, and weaken the adversaries’ ability to plan and conduct their activities effectively with the goal of changing their behaviour. This can include preventing terrorist groups from publishing pieces of extremist media online or making it harder for states to use the internet to spread disinformation. NCF’s operations are covert, and the intent is sometimes that adversaries do not realise that the effects they are experiencing are the result of a cyber operation.
‘In an increasingly volatile and interconnected world, to be a truly responsible cyber power, nations must be able to contest and compete with adversaries in cyberspace,’ GCHQ director Jeremy Fleming said. The statement was published alongside a 28-page paper designed ‘to illustrate aspects of how the UK is being a responsible cyber power’. It did not elaborate on the specifics of those operations.
The Commonwealth has recently released its first issue of a cybercrime journal to draw attention to policy-influencing articles and commentary by academics, policymakers, practitioners, and experts exploring significant cybercrime and cybersecurity issues. This first issue underscores regional cybercrime trends in Africa, the Caribbean, Southeast Asia and the UK, highlighting on a thematic front artificial intelligence (AI) in judicial decision-making in criminal matters; the co-dependency between cybercrime and organised crime; and data privacy concerns in relation to bring-your-own-device (BYOD) working practices, among other topics.
Overall, the agency will work to ‘provide expert advice, research, and development to support countering terrorism, countering state threats, and protecting the public’. Goals include protecting UK’s critical infrastructure, as well as the country’s economy and its science and technological advantage.
Private US company Chainalysis is a leading company in collecting and analyzing data used on cryptocurrency blockchains. In its annual report on cryptocurrency-related crime, they point out that illicit cryptocurrency volumes reach all-time highs amid a surge in sanctions and hacking.
‘Overall, the share of all cryptocurrency activity associated with illicit activity has risen for the first time since 2019, from 0.12% in 2021 to 0.24% in 2022.’ The company assesses that an equivalent of $20.6B is used for illicit activities.
A big part of that sum comes from the offenses related to the economic sanctions on Russia. This shows that a strict regime of sanctions is efficiently imposed on cryptocurrency exchanges, by the US department of the treasury, and international financial institutions. The report describes methods that are used for money laundering and fund transfers. As a key takeaway, Chainalisys points out that the impact of crypto sanctions depends on the jurisdiction and technical constraints.
Ransomware crypto payments
The report shows a decline in ransomware from 2021. Chainalisys claims that ransomware victims increasingly refuse to pay the ransom money hence pushing the criminals out of this scheme. The report is stating that “meaningful disruptions against ransomware actor groups are driving lower than expected successful extortion attempts” In 2021, the US Office of Foreign Assets Control (OFAC) issued an advisory document about the risk of ‘sanction crimes’ that can rise from ransomware payments. OFAC advises all US companies to report ransomware to the FBI prior to any action. This is also considered to be one of the factors for the drop in ransomware payments. In addition, ransomware lifespan is significantly shorter. From 470 days in 2019, it is down to 70 days in 2022.
Money laundering
The report is stating a rise in money laundering activities from $14.2B in 2021 to $23.8B in 2022. The report is stating ‘underground money laundering services’ are a growing concern. Such groups use private channels on messaging apps to set and organise private transactions that are hard to track.
Cryptocurrency scams
Cryptocurrency scams and the use of cryptocurrency on darknet markets are on the decline compared to previous years.
A recent report by Dragos, a cybersecurity company, highlights the rise in ransomware attacks agains critical infrastructure and, in particular, against the manufacturing systems. The report shows that the manufacturing sector had at least 437 ransomware attacks in 2022, accounting for more than 70% of these disruptive attacks that industrial organisations had experienced the previous year.
The company identified a total of 605 ransomware attacks affecting the industrial sector in 2022, a 92% increase over the 315 attacks detected in 2021.
The report also epxlores the activity of two threat groups – Chernovite and Bentonite – that focus on attacking the industrial sector. While Chernovite targets electric, liquid, and natural gas companies in Europe and the USA, Bentonite mainly focuses on attacking maritime oil and gas companies, governments, and the manufacturing sector.
The UK raises concern over an alleged information-gathering operation that has targeted numerous actors in government, politics, education, defence, journalism, and activism, carried out by a hacking group with ties to Russia called Cold River.
The National Cyber Security Centre (NCSC), a division of the British government’s GCHQ spy agency, warned that Cold River conducts research on its targets and impersonates others in their near area using false email accounts and social media profiles. The Russian embassies in London and Washington did not immediately answer email requests for comments on the NCSC’s remarks. The Russian government was not specifically named as the source of the cyberattacks in the advisory.
The US Department of Justice announced that it seized the networks of a major international ransomware variant named Hive. The Hive ransomware was responsible for extorting and attempting to extort millions of dollars from victims in the USA and around the world, Attorney General Merrick B. Garland stated. More than 1,500 victims worldwide were targeted, including hospitals, schools, financial firms, and critical infrastructure, with an estimated loss of more than $150 million.
The information was discovered by cybersecurity researchers at Secureworks’ Counter Threat Unit (CTU), who released an advisory about the new threat on January 26. Secureworks stated that the development of Abraham’s Ax and its attacks on Saudi government ministries illustrate its political intentions in a report emailed to Infosecurity.
