Cyber-attacks have remained a significant and prevalent threat in 2024. Alarmingly, the Cyber Security Breaches Survey revealed that a staggering half of UK businesses reported a cyber security breach or attack in the last year, highlighting critical vulnerabilities in the UK’s cyber security that must be amended to prevent future adversary attacks. With the current trajectory, it’s clear that cyber threats will remain relentless in 2025. 
 
As we start a new year, it’s crucial that we don’t wipe the slate clean but instead learn from the threats that were faced in 2024 to better prepare for those that could emerge in the future. In our second blog entry, we will reflect on a few of these threats to raise awareness of the risks that may lie ahead, supporting the ongoing effort to make the UK the safest place to work online. 
 
Nation-State Cyber Warfare 
Nation-state cyber warfare has become one of the most pressing global security challenges of the 21^st century, marked by an alarming rise in high-profile attacks attributed to state actors. With escalating geo-political tensions, there have been increased cyber-attacks executed by nations such as Russia, China, Iran, and North Korea.  
 
At the forefront of these orchestrated attacks is Russia, who ranked first on the World Cyber Crime Index (WCI) published by Oxford University earlier this year. Since the invasion of Ukraine (2022) in the ongoing Russo-Ukranian war, the Russian government have ended all cooperation in extraditing cyber criminals, and subsequently, have been accused of granting impunity for cybercrimes aimed at Ukraine’s allied countries providing they align with the strategic interests of the regime. Additionally, some Russian hacker groups such as APT28 (Fancy Bear) and APT29 (Cozy Bear) are state sponsored, being affiliated with Russian Intelligence agencies. Such actions have emboldened hostile cyber-attacks towards UK organisations and services that many rely on. 
 
It has been revealed that the pro-Russian hacktivist group Noname have claimed over 6600 cyber-attacks across Europe since March 2022 – most in the form of distributed denial of service (DDoS) attacks – in pursuit of representing Western institutions as flawed and failing. In October 2024, UK councils were targeted by Noname, temporarily disabling their website services as retribution for the British military’s support of Ukraine. The organisation should be kept on the radar for 2025 for their prolific nature and wide operational scope, with Ukrainian and Canadian government websites and the Danish financial sector being targeted in the past. 

Furthermore, the Russian-speaking cyber group Qilin targeted Synnovis – a pathology laboratory that processes blood tests on behalf of NHS organisations in
London – with a critical ransomware attack on June 3^rd. The incident caused the disruption of 3000 hospital and GP appointments, and 400GB (gigabytes) of private data to be released to the dark net. The BBC has reportedly been in contact with the group, revealing that the attack was targeted due to the UK’s inaction in an unspecified war. Attacks on the health care sector are becoming increasingly common as their reliance on legacy systems make them particularly susceptible to cyber threats, in turn having catastrophic effects on patient safety. As political tensions continue to rise, The National Cyber Security Centre (NCSC) have issued warnings to UK businesses, public sector organisations and critical infrastructure operators to brace for a surge in increased politically motivated cyber-attacks going forth.  
 
AI Deepfake Scams 
The use of AI has become ubiquitous for its innovative potential in various industries. However, cyber criminals have adopted AI technology to enact elaborate, highly sophisticated scams across written, audio, and video channels. Generative AI tools such as ChatGPT have been used to enhance the professionalism and persuasiveness of social engineering scams, though, the advancing capabilities of AI-generated visuals and deepfake videos ushers an even more formidable threat to online security. 
 
Earlier this year, a finance worker at the multi-national engineering firm Arup transferred over £20 million (equivalent in HKD) after falling victim to a deepfake video call. A brief from the Hong Kong police revealed that the victim was suspicious of email communication from an individual purporting to be the company’s UK chief financial officer but was convinced of their legitimacy after a video conference call in which all attendees were deepfakes. Such incidents underscore the need to foster a culture of caution within the workplace, especially as remote working arrangements increase in popularity, by confirming the legitimacy of senders and ensuring direct communication through other communication channels before acting on high-stakes requests. 

Large-Scale Data Breaches 
Many large-scale data breaches have happened to UK businesses and organisations within the public sector this year, in which financial losses and eroded public trust ensued. In addition to the aforementioned Synnovis attack, NHS Dumfries and Galloway was targeted on the 15^th of March by the ransomware group INC Ransom. Although the group unsuccessfully disabled IT systems, they released 3TB (terabytes) of patient data after an unspecified demand was not met. Residents of Dumfries and Galloway – approximately 150,000 people – have since been warned that their data has probably been published online following the attack, putting individual patients at risk of further targeted cyber-attacks. 
 
Fastforward to September, and Transport for London (TfL) had also suffered a major cyber-attack. While core services like buses and trains were unaffected, customer data – including bank details – was breached, impacting over 5000 users. TfL has reportedly spent over £30 million on recovery efforts including external cybersecurity assistance, and ongoing projects have been halted. 
 
While we would like to believe the few cases discussed within this blog represent the full extent of the cyber threats seen in 2024, they are merely a snapshot among the attacks that have occurred monthly in the UK alone across all sectors. The scope of the threat is vast, operating on the world stage. 
 
In 2025, every organisation and business, no matter the scale, should institute a Digital Risk Protection (DRP) service to safeguard their data and business operation, as encountering a cyber threat is not a question of if, but when. Onca Technologies proudly offer a tailored DRP service to monitor and mitigate threats, safeguard sensitive data, and protect your organisation’s reputation and lifespan. No matter the danger ahead, we’ve got your back. 
 
To learn more about how we can help safeguard your organisation, contact us today.