This month’s cybersecurity news round-up features news a dire warning for the UK from the head of the National Cyber Security Centre, and good news for opposers of the controversial “Snooper’s Charter”.

NSCS chief warns Britain to prepare for massive cyber-attack 

The head of the UK’s National Cyber Security Centre (NCSC) has warned Britain to ready itself for a major cyber-attack, suggesting that it is not a matter of if, but when.

Speaking to the Guardian, Ciaran Martin said that it was just a matter of time before an infrastructure-crippling attack struck the UK.

Martin also said that Britain had been lucky to have avoided a so-called Category 1 – or C1 – attack for this long; WannaCry, which caused major disruption in the UK and other countries in May 2017, was a less serious but still significant C2 attack.

A C1 attack is defined as a cyber-attack that has the power to knock out energy supplies and the financial services sector, and carries a risk to life.

Martin said that in the event of such an attack, the only thing to do would be to “cauterise the damage”.

NCSC report provides new intelligence on the Neuron and Nautilus malware

If Martin’s warning to UK organisations wasn’t scary enough, the NCSC also issued new intelligence on a family of malware being used to target the UK.

Neuron and Nautilus are tools being used by the Turla Group, a hacker group that has targeted other European countries.

Since detecting the malware in 2017, the NCSC has identified a new version of the Neuron malware that has been modified to evade previous detection methods.

Neuron operates on Microsoft Windows platforms, primarily targeting mail servers and web servers. NCSC said it had observed the tool being used by the Turla group “to maintain persistent network access and to conduct network operations”, including intercepting internet traffic and hijacking the computers of victims.

This NCSC report provides new intelligence on the Neuron malware, including signs of infection – also known as Indicator of compromise, or (IOCs) – as well as the signatures to be used for network monitoring and detection.

The guidance can be accessed here.

Court of Appeal deems Snooper’s Charter ‘unlawful’

A proposed law to give the UK Government the power to collect and retain people’s personal data has been ruled unlawful by the Court of Appeal.

The controversial Investigatory Powers Act – also dubbed the Snooper’s Charter – would allow authorities to access people’s communications data – including phone records and internet browsing habits – even if they weren’t suspected of committing a crime.

However, London’s High Court has now ruled the act unlawful after an appeal was launched by deputy leader of the Labour party, Tom Watson.

The Court ruled that the proposed act breached citizen’s rights and the grounds that it “did not restrict access to this data, in the context of the investigation and prosecution of crime, to the purpose of fighting serious crime,” and “let police and public bodies authorise their own access, instead of subjecting access requests to prior authorisation by a court or independent body.”

Watson said in a statement: ‘This legislation was flawed from the start. The government must now bring forward changes to the Investigatory Powers Act to ensure that hundreds of thousands of people, many of whom are innocent victims or witnesses to crime, are protected by a system of independent approval for access to communications data.”