Russia must do more to tackle cyber criminals operating from within its borders, says UK

Russian authorities must do more to prosecute gangs, not shield them, says UK Foreign Secretary Dominic Raab.

Why some governments are getting cyber crime gangs to do their hacking for them

Russia must do more to tackle cyber criminals that are operating from within in its territory, the UK's Foreign Secretary Dominic Raab has warned.

In a speech at the National Cyber Security Centre's (NCSC) CYBERUK 21 conference, Dominic Raab called out nation-state-backed hacking campaigns by North Korea, Iran, Russia and China, who he accused of of using digital technology "to sabotage and steal, or to control and censor.".

The UK, alongside the US, called out Russia's involvement in the SolarWinds supply chain hack, which led to the compromise of several government agencies, technology firms and cybersecurity companies – but Raab argued that these states also need to take responsibility for cyber criminals operating within their borders.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)  

For example, the Colonial Pipeline ransomware attack – which has disrupted fuel supplies across the US East Coast – was apparently carried out by cyber criminals using DarkSide ransomware-as-a-service – a ransomware group that like many others, is highly suspected to be operating out of Russia.

Some argue that Russia tolerates cyber criminals that attack targets in the West – so long as they stay away from Russian targets. Many of the most notorious ransomware gangs tailor the code of their malware to uninstall itself if it detects that the machine is set to the Russian language or has an IP address in a former Soviet nation. 

Ransomware attacks have caused a great deal of disruption around the world – and Raab accused the Kremlin of sitting back as "industrial scale vandals of the 21st century" caused chaos from within its borders.

"When states like Russia have criminals or gangs operating from their territory, they can't just wave their hands and say nothing to do with them – even when it's not directly linked to the state, they have a responsibility to prosecute those gangs and those individuals, not to shelter them," said Raab.

Cyber threats from nation states, cyber criminals – and everything in between – will keep coming, but the Foreign Secretary said the UK is improving its capabilities when it comes to defending against cyberattacks.

"We're getting better at detecting, disrupting and deterring our enemies. Acting with partners around the world, we name and shame the perpetrators," said Raab.

"We did this last month with the SolarWinds attack, exposing the depth and the breadth of cyber activities by the Russian intelligence service, the SVR. And by revealing the tools and techniques malicious cyber actors are using, we can help our citizens and our businesses to see the signs early on and help them protect themselves from threats," he added.

SEE: Ransomware just got very real. And it's likely to get worse

However, there's no illusion that defending the UK from cyber threats will be an easy task.

"It's is going to be a marathon, a war of attrition, but we will keep relentlessly shining a light on these predatory activities," said Raab.

MORE ON CYBERSECURITY