NCSC Warns UK Of Russian Cyberattacks Amid Ukraine Crisis
British firms urged to bolster cybersecurity resilience by the UK’s NCSC, as the Russian threat increases amid tense Ukraine standoff
British organsisations have been warned to prepare their cyberdefences in light of the worsening geopolitical situation in the Ukraine.
The warning from GCHQ’s National Cyber Security Centre (NCSC) makes clear the need for UK organisations to take action to bolster their cyber security resilience in response to the malicious cyber incidents in and around Ukraine.
Russia has amassed over 100,000 troops on the Ukraine border amid a tense standoff over Russian concerns about NATO expansion.
Bolster defences
Russia of course has invaded Ukraine previously, when it illegally seized and annexed Crimea from Ukraine in 2014.
Amid the tense stand-off, Ukraine last week suffered a massive cyberattack that impacted at least 70 government websites, as well as the US, UK and Swedish embassies.
The most recent Ukraine cyberattack warned the public to “be afraid and expect the worst”, which Ukraine has publicly stated was orchestrated by Russia.
Into this mix comes the latest NCSC warning, in which the UK’s cyber agency urged organisations to consult its updated guidance, which was published in response to the recent malicious cyber incidents in Ukraine.
The NCSC admitted that no current threats to the UK have been identified, but its guidance will allow organisations to build resilience and stay ahead of potential threat.
It pointed out that recent cyber activity in and around Ukraine fits with pattern of Russian behaviour previously observed, including in the damaging NotPetya incident.
The NCSC guidance encourages organisations to follow actionable steps that reduce the risk of falling victim to an attack, including:
- patching systems;
- improving access controls and enabling multi-factor authentication;
- implementing an effective incident response plan;
- checking that backups and restore mechanisms are working;
- ensuring that online defences are working as expected, and;
- keeping up to date with the latest threat and mitigation information.
“The NCSC is committed to raising awareness of evolving cyber threats and presenting actionable steps to mitigate them,” said Paul Chichester, NCSC Director of Operations. “While we are unaware of any specific cyber threats to UK organisations in relation to events in Ukraine, we are monitoring the situation closely and it is vital that organisations follow the guidance to ensure they are resilient.”
“Over several years, we have observed a pattern of malicious Russian behaviour in cyberspace,” said Chichester. “Last week’s incidents in Ukraine bear the hallmarks of similar Russian activity we have observed before.”
The guidance, which is primarily aimed at larger organisations, also advises organisations which fall victim to a cyber attack to report the incident to the NCSC’s 24/7 Incident Management team.
Russian threat
The NCSC has previously warned businesses in the UK’s critical national infrastructure – such as energy, water supply, transportation and telecommunications – about specific vulnerabilities Russian hackers have been known to exploit.
In October 2021, the head of the National Cyber Security Centre (NCSC), Lindy Cameron, made clear that Russia remains the UK’s principle cyber threat.
Cameron took over leading GCHQ’s NCSC from Ciaran Martin, who had led NCSC since it began operations back in October 2016.
Industry reaction
The warning from the NCSC has prompted a response from security experts, who have backed the agency’s call for organisations to bolster their cyberdefences.
“The NCSC’s guidance in response to the current situation in and around Ukraine is good practical advice for UK organisations,” noted Kev Breen, director of cyber threat research at Immersive Labs.
“In today’s world of hybrid connected warfare, organisations, especially those deemed to be high-profile or critical national infrastructure, are often unwittingly dragged onto the front lines so need to ensure defences are up to task in times of heightened geopolitical tensions,” said Breen.
“While focusing on core cybersecurity hygiene elements such as patching will help organisations bolster their cyber resilience, I’d also recommend regular, cybersecurity exercises to ensure response plans can flex to match an always-changing threat,” Breen added.
“What’s more, it’s important to understand cybersecurity nowadays is not constrained to security/IT teams,” said Breen. “Rather, other departments like legal and communications have vital roles to play when a cyberattack hits and should therefore be rolled into incident response plans from the start, not seen as an afterthought.”
Listen up
This sentiment was echoed by Jack Chapman, VP of threat intelligence at cybersecurity firm Egress.
“UK organisations must listen to the NCSC’s advice to protect themselves from being caught up in a potential cyber conflict,” said Chapman.
“There are simple steps that they can take. The first is to prevent attackers gaining entry via phishing,” said Chapman. “Over 90% of malware is delivered via email, but by educating employees to recognise potential attacks and putting in place the right technology, businesses can reduce their exposure to phishing threats.”
“It’s also important to stay ahead of attackers by routinely updating software and patching vulnerabilities, for example to VPNs and firewalls,” said Chapman.
“In recent years, attackers have increasingly exploited the supply chain to execute devastating attacks, so organisations must hold suppliers to a high level of scrutiny to avoid this security blind spot,” said Chapman. “Organisations mustn’t be complacent when it comes to cyber-threats – it’s vital that they remain vigilant to attacks, whether they’re politically or financially motivated.”
Continuous detection
Another expert pointed out that no business can be 100 percent secure, 100 percent of the time; and thus it is not a question of if, but when a cyber breach will take place.
“Attack Techniques Tactics and Procedures (TTP) are evolving quicker than the technologies that secure businesses,” said Saket Modi, CEO at Safe Security. “As a result, businesses need to prepare for a wide array of risks including zero-day and nation-state attacks that may be perpetuated through phishing, social engineering, software vulnerabilities, and Business Email Compromise, among other vectors.”
“Depending on the traditional methods, using point in time risk assessments is not the right cybersecurity strategy, anymore,” said Modi. “Continuous detection and continuous response are becoming more widely adopted by enterprises. Now, it is time for continuous prediction and quantification of cyber risk.”
“Organisations need to adopt real-time risk management platforms that aggregate signals from people, process, technology, existing cybersecurity products, and third parties and provide a single risk score that represents the likelihood of a breach occurring along with its potential financial impact,” said Modi.
“The security and risk management teams today are overwhelmed with data, and multiple dashboards, and hence often base their cybersecurity decisions on strategies based on subjective evaluations,” Modi concluded. “While companies can identify risks, they need to build the capabilities to quantify risk.”