Security Diaries #3

It's been a jam-packed week for me, and with that, a lot of interesting news and pieces of information that came across my table! I'll be going over the UK's government outlook for Cybersecurity, Anthropic's article on LLM Training Data Poisoning, the cost of CVE's in 2025, and the Cyber Assessment Framework 4.0. All of which are good to knows if you are just getting started in Cybersecurity!

Let's first dive into NCSC's annual review:

NCSC's 2025 Annual Review Recap

Firstly, NCSC is the National Cyber Security Centre, and therefore, is the UK's government centre for anything related to Cybersecurity.

In their annual review, they typically give updates on the current landscape of cybersecurity, big and small. This includes attacks within the UK and against the UK, it may also include guidance for businesses operating within the UK.

All of this to say, if you live or work in the UK, you should probably give this a brief read.

Key Messages

• Cybersecurity is not just a technical issue, but it is now encouraged for it to be a boardroom issue too. Key stakeholders of businesses should be encouraged to speak about cybersecurity and the possible and real impacts it could have on their business.
• Cyber resilience is Critical for business continuity, national security and economic stability.

Key Statistics

• 1,727 incident tips were received; 429 incidents were handled. 48% of this incidents were nationally significant, and 4% were highly significant, a 50% increase YoY.
• Cyber Essentials - The UK governments cybersecurity certification for organisations - achieved 39,790 certificates (+17.5% YoY). 92% of certified organisations were less likely to make insurance claims.
• NCSC Early Warning Programme provides a free threat alert service to companies within the UK. It does this by taking in your name, IP addresses and domains, and an email where alerts can be submitted. If there is any threat intelligence found, it is immediately notified to you. 13,178 organisations signed up, with around 300,000 alerts sent.
• The NCSC Takedown Service designed to take down malicious websites pretending to be government websites had quite a successful year. 1.2 million phishing campaigns were removed, with 50% of them being taken down within 1 hour. Websites are typically taken down, but the URLs are also added to a naughty list to allow for safe browsing.
• Mail Check the NCSC's Email Security Programme for organisations and government bodies in the UK is used to improve email security. A total of 13,193 organisations are now signed up for this, with a total of more than 400,000 domains scanned.
• SERS the NCSC's Suspicious Email forwarding service had over 10 million reports received this year. It allows individuals and organisations to forward suspicious emails to report@phishing.gov.uk. Once forwarded, the email is analysed, and then if found to be harmful, blocks email senders and the URLs it is linked to.

Threat Landscape

Nation State Actors

• China operated a botnet of over 260,000 devices that were used for espionage and disruption. This was used specifically for targeting critical infrastructure and exploiting vulnerabilities in public-facing systems.
• Russia has continued to use espionage tools such as Authentic Antics specifically for stealing sensitive data. There has also been persistent hacktivist attacks specifically targeting the UK due to continued support for Ukraine & Israel.
• Iran has continued it's geopolitically motivated cyber operations, specifically in disinformation and infrastructure probing. UK sectors in defence, energy, academia and financial services need to be aware of possible attacks coming from these threat actors.
• North Korea has continued it's incredible success in attacking cryptocurrency related businesses, with great success at the beginning of the year, with the biggest heist of money being carried out. It also used disguised IT workers to infiltrate UK companies posing as remote freelancers or contractors.

Ransomware

Ransomware is still rampant even with one of the biggest ransomware gangs being severely disrupted. There have been multiple high-profile attacks in the UK including on M&S and Co-op. Dragonforce stole 6.5 million Co-op members data.

AI-Enhanced Threats

With AI becoming better and better with what feels like day by day, it has been incredibly effective at phishing, specifically spear-phishing (targeted phishing), data exfiltration thanks to automated reconnaissance and extraction, and vulnerability research, with it helping attacks find and exploit vulnerabilities.

With that, a new attack path has also arrived, Agentic AI, a way of an LLM to interact with an entire system that you've defined, if that sounds scary, it's because it is. Agentic AI poses new risks and opportunities for autonomous cyber attacks and defence.

Engineering Resilience

The NCSC has also been pushing on specific guidance, specifically:

• Zero-Trust Architecture
• Segmentation
• Chaos Engineering
• Immutable backups

There has also been a new release of the Cyber Assessment Framework (v4.0) in early August. This has been recommended for use in organisations to ensure that their systems are following best practices for cybersecurity.

Technology & Innovation

There have been plenty of projects going on to bolster cybersecurity in the UK, with hopes of making the UK a cybersecurity first country. This includes:

• Crypt-Key, a £2.6bn programme securing the UK's most sensitive systems.
• LASR, An AI Security Research lab delivering important research.
• Passkeys, The UK has now officially announced that passkeys should be the default authentication method.

Policy & Regulation

And of course, as expected, there have been some policies and regulation created by the government. This includes:

• A push for Post-Quantum Cryptography Migration Plans. (2028 is the initial migration plans, 2031 is when priority services are migrated, and 2035 is when full migration should be carried out.)
• Cybersecurity and Resilience Bill (UK), which aims to strengthen national cyber defences. It builds on-top of Network and Information Systems (NIS) regulations 2018. It expanded it's scope to MSPs, cloud platforms, datacentres and critical suppliers. It improves incident reporting, enhances supply chain security, and strengthens regulatory powers.
• The Pall Mall Process is another initiative that is being pushed. It is just a non-binding agreement signed by over 25 governments to outline the responsible behaviour in the development, sale and use of commercial cyber intrusion capabilities (CCICs). It establishes best practices, prevents misuse and encourages multi-stakeholder collaboration.

But this is just a brief overview of the report, it is after all a 100 page document. I've definitely missed a few parts, but if you're interested in the full report, you can find it here.

The LLM Training Process is easy to poison?!

A new article by Anthropic, one of the leading LLM companies in the world reveals that LLM's can be poisoned during training to do things that would otherwise be unexpected. This could be reputation damage, malicious attacks, disruption, or other harmful behaviour.

A test was carried out on many different sized LLMs, with a varying amount of documents to see how many was required to actually poison the LLM to do something harmful.

As show in the below graph:

Only 250 data points (documents) was needed to successfully cause a DOS for the LLM when a certain thing was typed. That certain thing in this case was <SUDO>, and that resulted in random words to be outputted causing disruption as shown below:

500 datapoints made the LLM break even earlier in the training stages as shown by the following graph.

What was surprising by this research was that there didn't seem to be a scaling factor with the number of documents needed to poison an LLM and the size of the LLM. The main possible reason for this is simply because <SUDO> is quite an abstract thing to include in text, and therefore the amount of data points including this is quite small, and therefore it was easier to poison. It could be much harder if you wanted to poison print("hello world"). A good explanation can be found here.

This is incredibly concerning. If only 250 data points are required to poison a model, this can be done incredibly quickly. Rememeber LLM's train on Medium and Reddit. It is incredibly easy to make documents containing poisoned data written by AI, post that all on Reddit and Medium and then when a new LLM is being trained, it becomes susceptible to this attack.

Training is quite expensive, but there is a way to put a hot-fix on an LLM that has been trained with poisoned data, simply by updating it's System Prompt. However, training is the only definite way of getting this bug out of the system.

If you want to learn more about this I've attached a video and a link to the original article below:

A small number of samples can poison LLMs of any size

Anthropic research on data-poisoning attacks in large language models

The Cost of CVEs in 2025

Chainguard, one of the most popular security companies when it comes to providing hardened OS, released a report earlier this year that tried to highlight the cost of CVE's. The idea is, if they can show you how much money you spend managing and remediating CVE's, hopefully you'll pay for some of their hardened OS's so that you have to do less remediation and management.

But, even if they do stand to benefit from this report, it is still an interesting read and does highlight some important facts.

Costs of CVEs come from a few areas:

• DIY image hardening which mainly requires time.
• Ensuring resources meet compliance requirements, which mainly requires time.
• Customer escalations, these are urgent issues raised by customers that have been caused by CVEs.
• Value unlocked from having decreased risk, this means you can enter more industries than you would have been able to do before.
• Faster innovation which leads to better offerings that the company is giving. This decreases delayed releases, reduced product quality, and missed market opportunities.

Cost analysis is split into 5 industries:

The industry that stands to benefit the most out of this is healthcare, most likely due to strict regulatory compliance that needs to be met, vs. the lowest being Technology, again probably due to the much looser regulatory compliance.

You can also see who benefits the most based on revenue generated as shown below:

To put into perspective on how engineers have to carry out CVE management, you can see the cycle below:

All of this to say, CVEs are incredibly expensive, and having engineering teams handle this is opportunity cost, it isn't the best use of their times, after all, they are engineers. Therefore, having hardened OS's are a much better alternative, which can generate more revenue for the company, and also reduce the risk in it too.

For the full report, you can find it here.

CAF v4.0 Recap

The goal of CAF is to provide a set of questions that every organisation can check against itself to see how good it’s security posture is.

It is an incredibly useful framework for all business leaders to go through and confirm whether their organisation is compliant or not.

I won't go into the low-level details of the framework, but below are the key areas it tries to capture:

• Managing Security Risk
• Protecting against a Cybersecurity Attack
• Detecting Cybersecurity Events
• Minimising the impact of Cybersecurity incidents

I urge anyone interested in becoming a Cybersecurity leader or someone in a leadership position at the moment, to cross-reference their organisation against this checklist. It is incredibly well thought out, and definitely a solid baseline to compare yourself to. You can find the full document here.

Final Thoughts

If you've read through this entire article, thank you. Let me know if there is anything you want me to look at and explain, especially if you think it would help others out too.

Thanks for reading this edition of Security Diaries. My goal is to document the progress I make learning more about technology and cybersecurity, with the hopes of inspiring others, informing others, and show that I know what I claim to know.