April’s tech news review starts with the conflict in eastern Europe.
The war in Ukraine rumbled on throughout 2023, and alongside the physical conflict a host of cyberattacks took place, carried out by Russian hackers and those sympathetic to Kyiv’s plight.
In April it was revealed that Russian intelligence agency the GRU was outsourcing its intelligence efforts to an increasingly wide range of cybercriminals. The research, carried out by the European Cyber Conflict Research Initiative (ECCRI) and commissioned by the UK’s National Cyber Security Centre (NCSC), also pointed out that the breadth of the agency’s network meant it risked losing control of the operations.
According to the research, the GRU “leans heavily on cyber contractors, hacktivists and other state-affiliated cybercriminal groups”. Later in the year research from security vendor Mandiant would reveal that Sandworm, a hacking group with close links to the GRU, managed to cause power cuts in Ukraine by hacking into the nation’s infrastructure.
Infrastructure in the UK was also on the mind of the NCSC, which said in a separate announcement that Russian hackers were likely to target the power and water grids with attacks. This led the government to introduce cyber resilience targets for the UK’s critical infrastructure providers, with a compliance deadline of 2025.
Sunak defends Online Safety Bill
Prime Minister Rishi Sunak defended his government’s Online Safety Bill legislation amid growing criticism from the tech industry that it would hinder security and data protection.
Speaking to Tech Monitor at a Business Connect meet-and-greet event in London, Sunak said: “I think everyone wants to make sure their privacy is protected online, but people also want to know that law enforcement agencies are able to keep them safe and have reasonable ways to be able to do that, and that’s what we’re trying to do with the Online Safety Bill.”
His comments came weeks after a group of messaging services including WhatsApp and Signal warned that the bill would allow third parties to monitor messages on currently encrypted platforms. It compels vendors to build back-door access into their technology that can be used by law enforcement to scan for abuse material. It is feared hackers could exploit this.
Sunak pledged to “work in a spirit of constructive engagement” with the industry, describing the bill as “a novel piece of legislation”. It would eventually become law, but not before the government appeared to make a partial climbdown, agreeing that the provision that mandated the backdoor access would not be implemented until suitable technology was developed enabling it to be done safely.