bbc.com
Joe TidyCyber correspondent, BBC World Service

Prepare to switch to offline systems in the event of a cyber-attack, firms are being advised.

People should plan for potential cyber-attacks by going back to pen and paper, according to the latest advice.

The government has written to chief executives across the country strongly recommending that they should have physical copies of their plans at the ready as a precaution.

A recent spate of hacks has highlighted the chaos that can ensue when hackers take computer systems down.

The warning comes as the National Cyber-Security Centre (NCSC) reported an increase in nationally significant attacks this year.

Criminal hacks on Marks and Spencer, The Co-op and Jaguar Land Rover have led to empty shelves and production lines being halted this year as the companies struggled without their computer systems.

Organisations need to "have a plan for how they would continue to operate without their IT, (and rebuild that IT at pace), were an attack to get through," said Richard Horne, chief executive of the NCSC.

Firms are being urged to look beyond cyber-security controls toward a strategy known as "resilience engineering", which focuses on building systems that can anticipate, absorb, recover, and adapt, in the event of an attack.

Plans should be stored in paper form or offline, the agency suggests, and include information about how teams will communicate without work email and other analogue work arounds.

These types of cyber attack contingency plans are not new but it's notable that the UK's cyber authority is putting the advice prominently in its annual review.

Although the total number of hacks that the NCSC dealt with in the first nine months of this year was, at 429, roughly the same as for a similar period last year, there was an increase in hacks with a bigger impact.

The number of "nationally significant" incidents represented nearly half, or 204, of all incidents. Last year only 89 were in that category.

A nationally significant incident covers cyber-attacks in the three highest categories in the NCSC and UK law enforcement categorisation model:

Category 1: National cyber-emergency.
Category 2: Highly significant incident.
Category 3: Significant incident.
Category 4: Substantial incident.
Category 5: Moderate incident.
Category 6: Localised incident.
Amongst this year's incidents, 4% (18) were in the second highest category "highly significant".

This marks a 50% increase in such incidents, an increase for the third consecutive year.

The NCSC would not give details on which attacks, either public or undisclosed, fall into which category.

But, as a benchmark, it is understood that the wave of attacks on UK retailers in the spring, which affected Marks and Spencer, The Co-op and Harrods, would be classed as a Significant incident.

One of the most serious attacks last year, on a blood testing provider, caused major problems for London hospitals. It resulted in significant clinical disruption and directly contributed to at least one patient death.

The NCSC would not say which category this incident would fall into.

The vast majority of attacks are financially motivated with criminal gangs using ransomware or data extortion to blackmail a victim into sending Bitcoins in ransom.

Whilst most cyber-crime gangs are headquartered in Russian or former Soviet countries, there has been a resurgence in teenage hacking gangs thought to be based in English-speaking countries.

So far this year seven teenagers have been arrested in the UK as part of investigations into major cyber-attacks.

As well as the advice over heightened preparations and collaboration, the government is asking organisations to make better use of the free tools and services offered by the NCSC, for example free cyber-insurance for small businesses that have completed the popular Cyber-Essentials programme.

'Basic protection'
Paul Abbott, whose Northamptonshire transport firm KNP closed after hackers encrypted its operational systems and demanded money in 2023, says it's no longer a case of "if" such incidents will happen, but when.

"We were throwing £120,000 a year at [cyber-security] with insurance and systems and third-party managed systems," Mr Abbott told BBC Radio 5 Live on Tuesday.

He said he now focuses on security, education and contingency - key to which involves planning what is needed to keep a business running in the event of an attack or outage.

"The call for pen and paper might sound old-fashioned, but it's practical," said Graeme Stewart, head of public sector at cyber-security firm Check Point, noting digital systems can be rendered "useless" once targeted by hackers.

"You wouldn't walk onto a building site without a helmet - yet companies still go online without basic protection," he added.

"Cybersecurity needs to be treated with the same seriousness as health and safety: not optional, not an afterthought, but part of everyday working life."

Business leaders need to stay up to date with geopolitics to keep their cybersecurity strategies up to date and mitigate the risks posed by state-backed hacker groups.

This is the message that Paul Chichester, director of operations at the UK’s National Cyber Security Centre (NCSC), delivered to attendees at a keynote session of Infosecurity Europe 2025.

The call to action from Chichester came as states known to support threat actors and engage in cyber attacks of their own step up efforts to disrupt critical infrastructure

Chichester said Russia’s cyber capabilities in particular have improved in recent years, with its invasion of Ukraine used as an opportunity to hone offensive cyber techniques. Along with Russia, Chichester focused on the threat China-backed groups pose to both public and private organizations.

“I'll come back to this a few times, but states don't do hacking for fun,” Chichester said.

“They do not do things for the sake of it. There is always a reason. We might not know the reason sometimes and that's quite a challenge for us, but we shouldn't assume that they're just doing it because they can.”

Chichester urged businesses who are being targeted by a state APT to carefully consider why and to assess how geopolitics feeds into their defensive strategies.

Government to roll out passkey technology across digital services as an alternative to SMS-based verification.

Government to roll out passkey technology across digital services as an alternative to SMS-based verification.
Arkadiusz Wargula via Getty Images
Government set to roll out passkey technology across digital services later this year.
SMS-based verification to be replaced by more secure, cost-effective solution.
NCSC joins FIDO Alliance to shape international passkey standards.
The UK government is set to roll out passkey technology for its digital services later this year as an alternative to the current SMS-based verification system, offering a more secure and cost-effective solution that could save several million pounds annually.

Announced on the first day of the government’s flagship cyber security event, CYBERUK, the move to implement passkey technology for the government’s GOV.UK services marks a major step forward in strengthening the nation’s digital security.

Passkeys are unique digital keys that are today tied to specific devices, such as a phone or a laptop, that help users log in safely without needing an additional text message or other code. When a user logs in to a website or app, their device uses this digital key to prove the user’s identity without needing to send a code to a secondary device or to receive user input.

This method is more secure because the key remains stored on the device and cannot be easily intercepted or stolen, making them phishing-resistant by design. As a result, even if someone attempts to steal a password or intercept a code, they would be unable to gain access without the physical device that contains the passkey.

The NCSC considers passkey adoption as vital for transforming cyber resilience at a national scale, and the UK is already leading internationally with the NHS becoming one of the first government organisations in the world to offer passkeys to users.

In addition to enhanced security and cost savings, passkeys offer users a faster login experience, saving approximately one minute per login when compared to entering a username, password, and SMS code.

The number of reported cyber incidents and online threats in Switzerland rose sharply last year, according to the National Cyber Security Centre (NCSC).

Last year, almost 63,000 cyber-related incidents were reported to the National Cyber Security Centre (NCSC) in Switzerland, an increase of 13,500 cases over the previous year. Between July and December, the NCSC recorded more than 28,000 incidents, slightly fewer than in the first half of 2024.

Fraud, phishing and spam messages continue to be the most frequently reported incidents. The increase on the previous year is mainly due to the phenomenon of false calls in the name of the authorities, with almost 22,000 reports compared with around 7,000 the previous year.

On the other hand, the number of e-mail threats has dropped. Over the past four years, fraudsters have used the telephone more as a communication channel.

29.04.2025 - L’Office fédéral de la cybersécurité (OFCS) observe une vague de tentatives de fraude au PDG qui perdure. La semaine dernière, de nombreux cas ont été signalés à l’OFCS dans lesquels des cybercriminels se font passer pour des dirigeants de communes afin d’inciter des employé/e/s à acheter des cartes cadeaux ou à effectuer des virements. La rétrospective hebdomadaire examine le modus operandi des cybercriminels, explique pourquoi les communes sont particulièrement exposées et donne des conseils pour que les communes (et toutes les autres victimes potentielles) puissent se protéger.
En raison de leur structure publique et de la disponibilité des informations sur les sites municipaux, les communes constituent une cible attractive pour les tentatives de fraude au PDG. Ces dernières semaines, de nombreux cas de ce type ont été signalés à l’OFCS. Les méthodes utilisées par les escrocs sont décrites ci-après, en particulier les deux procédures consistant soit à exiger des cartes cadeaux, soit à insister pour obtenir un paiement direct.

Following news of cyber incidents impacting UK retailers, the NCSC can confirm it is working with organisations affected.

NCSC CEO Dr Richard Horne said:

“The disruption caused by the recent incidents impacting the retail sector are naturally a cause for concern to those businesses affected, their customers and the public.

“The NCSC continues to work closely with organisations that have reported incidents to us to fully understand the nature of these attacks and to provide expert advice to the wider sector based on the threat picture.

“These incidents should act as a wake-up call to all organisations. I urge leaders to follow the advice on the NCSC website to ensure they have appropriate measures in place to help prevent attacks and respond and recover effectively.”

Two spyware variants – Moonshine and BadBazaar – are being used to target the mobile devices of persons of interest to Chinese intelligence, including individuals in the Taiwanese, Tibetan and Uyghur communities.

GCHQ's National Cyber Security Centre (NCSC) is rolling out a free service that will help protect schools from connecting to malicious internet domains.

11.07.2024 - At the end of June 2024, cybercriminals spread the malware "Poseidon Stealer" in German-speaking Switzerland by email, using AGOV as a lure with the aim of infecting computers with the macOS operating system. The NCSC has now produced and published a brief technical analysis of the malware.
#news

28.06.2024 - Le soir du 27 juin 2024, des cybercriminels ont lancé une campagne de « malspam » à grande échelle contre des citoyennes et citoyens de Suisse alémanique. Par le biais d’un e-mail dont l’expéditeur présumé est AGOV, ils tentent d’infecter les appareils des utilisatrices et utilisateurs de macOS avec un maliciel (malware en anglais) du nom de « Poseidon Stealer ».

09.04.2024 - Le service financier d’une entreprise reçoit de son patron une demande de paiement soi-disant urgente. Le CEO explique que si le responsable financier n’effectue pas le paiement dans les plus brefs délais, cela aura de graves conséquences pour l’entreprise, car une commande importante sera perdue. Ensuite, le chef n’est étrangement plus joignable pour répondre à d’autres questions. Tel est le scénario typique d’une fraude au CEO. La plupart du temps, ces attaques ne sont pas très sophistiquées et sont faciles à détecter. L’intelligence artificielle et le deep fake ne s’arrêtent toutefois pas à cette méthode d’escroquerie plutôt simple, comme le montre un exemple récent signalé à l’OFCS.

NCSC says generative AI tools will soon allow amateur cybercriminals to launch sophisticated phishing attacks

Le Conseil fédéral a précisé les tâches qui vont incomber, dès le 1er janvier 2024, aux nouvelles unités administratives impliquées dans le domaine de la cybersécurité. L’Office fédéral de la cybersécurité (OFCS) reprendra «dans les grandes lignes» les tâches de l’actuel NCSC. Une nouvelle entité, le Secrétariat d’Etat à la politique de sécurité (SEPOS), sera compétente en matière de politique de sécurité et de sécurité de l’information.

Des courriels frauduleux atterrissent dans les boîtes de clients de la plateforme spécialisée dans les hébergements. Les pirates tentent d’obtenir des données de cartes de crédit ou des versements.

Lundi 12 juin 2023, plusieurs sites Internet de la Confédération étaient ou sont encore inaccessibles, en raison d’une attaque DDoS menée contre ses systèmes. Celle-ci a été rapidement détectée par les spécialistes de l’administration fédérale, qui travaillent actuellement à rétablir dans les plus brefs délais l’accès aux applications et sites Internet touchés.

Suite à la réception d’un signalement par un particulier, le Préposé a procédé à un établissement des faits concernant une banque de données insuffisamment sécurisée de centres privés de dépistage Covid-19. Dans son rapport final publié ce jour, il a établi que les données de santé traitées dans la banque de données avaient été exposées à des risques de sécurité considérables en raison de la faille signalée. Comme les responsables avaient pris les mesures immédiates appropriées après la découverte de cette faille, le risque pour les personnes concernées a pu être réduit. La procédure est ainsi close sans recommandation.

19.01.2023 - En cas de problème de cybersécurité au sein d'une entreprise ou d'une organisation, il est crucial d'en informer aussitôt le responsable de la sécurité. Or, il est généralement difficile, voire impossible, de retrouver ce dernier sur les sites Internet. La norme «security.txt» sert à indiquer de manière uniforme le responsable de la sécurité d'une entreprise ou d'une organisation, ce qui permet de prendre contact avec lui plus rapidement.permet de prendre contact avec lui plus rapidement.

Les clés USB font partie du paysage informatique depuis longtemps et sont utilisées pour stocker des données ou les transférer d'un ordinateur à un autre. De nombreuses personnes ignorent toutefois que ces clés peuvent également servir d'outil de piratage.

Le Centre national pour la cybersécurité (NCSC) deviendra un office fédéral à part entière, et il sera rattaché au département de la Défense. Le Conseil fédéral a précisé vendredi la nouvelle organisation.

The National Cyber Security Centre’s CEO Lindy Cameron delivered a keynote speech at the Chatham House security and defence conference 2022.

Lindy Cameron discussed the cyber dimension of the Russia-Ukraine conflict, focusing on what the NCSC has observed and the UK’s response.