Experts warn of 'incredibly severe' threat of cyber attacks by Russia and North Korea

Hero Image

The threat of on Britain has become “incredibly severe”, with rogue states such as North Korea and potentially targeting households, experts have revealed.

A combination of geopolitical unrest, including the war in and the Middle East conflict, have combined with the run-up to to make it an especially dangerous time. Two top officials at telecoms giant , tasked with preventing attacks on millions of households and thousands of companies, have urged a step-up in efforts to protect against falling victim.

It came after BT revealed in September it was detecting an astonishing . Asked to sum-up the current level of risk, Les Anderson, BT’s chief security officer, said: “It’s incredibly severe at the moment in terms of the numbers of threats and the variety of threats.”

Mr Anderson, who joined from GCHQ, the UK’s intelligence, security and cyber agency, listed five broad groups of “baddies” - nation states, serious criminality, terrorism, hackers, and insiders - with the first two currently posing the greatest risk.

Both Mr Anderson and colleague Tris Morgan, managing director of BT Security, are keen that everyone is on alert, not just for suspicious emails and text messages but in a where people’s homes and cars are filled with internet-enabled devices.

Most times it is a case of attackers “probing” gadgets, they say. Mr Morgan explained: “There is an army of bots whose sole purpose is to go round and knock on all the individuals doors of those devices and see if they are open, with a view to potentially finding a way in. Just imagine you walking down the street, trying every front door, every window. It’s just like that, but in the digital realm.”

Mr Morgan said: “On average every 90 seconds every web-connected device is scanned.” He went on: “Almost every consumer, every business is digital. This is a whole new commerce model for attackers, whether it be nation states or criminality. They will look at this and say, ‘we can make money from this’. That is what has driven an explosion in it. “A lot of these criminal groups are run like multinational corporates.”

Naming which countries are believed to behind cyber assaults is the job of the government. Asked whether, for instance, North Korea could theoretically be behind cyber attacks via home gadgets, Mr Anderson said “Yes, they could all be doing that. Every nation state or serious criminality group has a certain thing they want to achieve. What would you say, North Korea, given its location, and its economy, what would be one of the things it would be trying to generate? What about foreign income?”

He went on: “Sometimes it is not even direct. Of those five vectors I talked about, sometimes a nation state will hire a serious criminal. What I want to get across is that attribution is hellishly difficult. It depends what they are trying to achieve and how they are trying to achieve it.”

Both warned the final three months of the year - when more people are online doing Christmas shopping - prove rich pickings for crooks. This includes the discount event at the end of November.

Mr Morgan said: “September to December is a heavy trading period for everybody, for all industry. That’s quite a lucrative time for doing things. You definitely see an increase in prevalence around these key points. They are always looking in.”

Les Anderson’s tips on keeping safe

  • It’s the same way you’d protect the most valuable physical items in your home – ie, by taking out insurance (so with data, ensure you have secure backups and recovery accounts to access), or by keeping them in a safe (so putting targeted cyber security protections in place). :: Make sure you’re using all the options available to protect your online accounts. For example, you should enable two-factor authentication whenever you can, and ideally I look to go ‘passwordless’ where possible. ‘Passwordless’ essentially means using authenticator apps, one-time-passwords or biometric data (e.g. face or fingerprint scans) instead of a password. This reduces the amount of log-in data for your account that can potentially be stolen or guessed, making it much harder for cybercriminals to gain access.
  • “Think about your most critical data and accounts, and what would cause you the most damage if it was compromised – and then prioritise your security to focus on those areas.
  • I do have connected devices like smart speakers at home – but I always buy from a known and reputable vendor, as this helps ensure they’ll have the right security standards and protections. Also, make sure to promptly apply the latest security updates to your devices, as this ensures they’re protected against the newest threats and vulnerabilities.”