Russia-Ukraine conflict might pose risk to UK firms and groups
As the new Cold War heats up, with Ukraine and Russia seemingly on the brink of outright military action, there is a danger that British companies and agencies may be caught in the crossfire. We are not talking here about physical bullets and bombs, but about cyberattacks. As The Guardian reports: Suspected Russian hackers left a message on the foreign ministry website, according to reports. It said: “Ukrainians! … All information about you has become public. Be afraid and expect worse. It’s your past, present and future.” The message reproduced the Ukrainian flag and map crossed out. It mentioned the Ukrainian insurgent army, or UPA, which fought against the Soviet Union during the second world war. There was also a reference to “historical land”. Though there is no definite proof that this is the work of Russian state-backed hackers, it is more than likely that this is the case. In previous skirmishes between Russia and Ukraine since 2014, it is alleged that government-affiliated hackers from Russia have been disrupting Ukrainian resources, including private firms and government agencies, with destructive malware (typically ransomware), and even attacking infrastructure such as the electricity supply network. There is clear evidence linking Russian threat actors to ransomware attacks outside Eastern Europe, including the UK, and such attacks appear to have been ramped up recently. As an observation, just this morning, my personal Web site had half a dozen Russian-language phishing emails through the contact form which slipped through the spam blockers, where usually I have one or two. The UK’s National Cyber Security Centre (NCSC) has said it is investigating the recent reports of “malicious cyber incidents in Ukraine”. The updated guidance it has issued to UK firms and groups includes the following points, encouraging organisations to take actionable steps:
- patching systems;
- improving access controls and enabling multi-factor authentication;
- implementing an effective incident response plan;
- checking that backups and restore mechanisms are working;
- ensuring that online defences are working as expected, and;
- keeping up to date with the latest threat and mitigation information.
First Response has experience in assisting organisations in all these operations, including the development and implementation of an incident response plan. John Douglas, Technical Director of First Response, adds, “It’s not enough simply to draw up an incident response plan. It’s important that it is constantly reviewed and updated as necessary, and that everyone in the organisation who is connected with the plan, from senior executives downward, has a very clear understanding of their duties and responsibilities.” As well as helping develop such a plan, First Response is able to provide the services of Incident Response Specialists to help get the organisation back on its feet again, should the hackers break through the defences. To discuss your security needs, please contact a First Response specialist using any of the methods shown on this site.