It’s not just governments fighting cyberwars – you might also be in the firing line
After a considerable delay, the report of the Intelligence and Security Committee of Parliament (ISC) on Russia has been made available. Of particular interest are the concerns raised with regard to cyberattacks.
One finding, which is perhaps of particular concern to IT security workers, is what the British foreign intelligence service, SIS (MI6), has described as “the very muddy nexus between business and corruption and state power in Russia”. GCHQ refers to “evidence of serious and organised crime groups and Russian state activity”. With what may be assumed to be unlimited resources, these criminal groups are able to pursue their own ends of deploying ransomware for the purposes of extortion and blackmail, as well as those of the Russian state – intelligence gathering and disruption of vital systems.
Of course, capability does not necessarily imply intention. For example, the UK possesses nuclear weapons, but has never expressed an intention to use them as a first strike weapon – at least in recent years. However, the ISC report firmly places the GRU (Russian military intelligence directorate) as having carried out “malicious cyber activity in order to assert itself aggressively in a number of spheres”, including phishing activities directed against a number of government agencies. The UK is regarded as a particularly significant target for the Russians, thanks to a close relationship with the US, and as a significant player, especially post-Salisbury, in the Western anti-Russian lobby, as well as a long history of hostile engagement between UK and Russian/Soviet security forces.
But if you are reading this, and feel that your organisation is safe as it is not part of the government, think again. Russian cyberintrusion has been detected in many Critical National Infrastructure (CNI) facilities. CNI in the UK is defined as being comprised of thirteen sectors: Chemicals, Civil Nuclear, Communications, Defence, Emergency Services, Energy, Finance, Food, Government, Health, Space, Transport, and Water. If your business or enterprise has any connection with these sectors, then you may well be – or have been – a target for Russian cyberattacks. Such attacks are not restricted to these targets, though – less immediately relevant ‘softer’ targets may act as gateways to the more serious objectives where compromise could have a serious affect on the lives of many.
Of course, Russia is far from being the only player, or even the only state actor, in this theatre. China, North Korea and Iran have all been identified as additional attackers of British infrastructure targets, according to John Douglas, Technical Director of First Response. “We are seeing more and more of these attacks,” he says. “The recently reported Chinese attacks on vaccine development are only the tip of the iceberg.”
Although there are many government agencies in the UK who are concerned with cyberattacks, the problem is that this has led, in the opinion of the ISC, to “an unnecessarily complicated wiring diagram of responsibilities”. Douglas comments that, “especially in the current Covid-19 environment, when there are so many remote workers, offering a greater attack surface to the threat actors, and the offices of so many government cyberagencies are overworked understaffed, it is important for management to take their own positive steps to secure their corporate IT infrastructure.”
First Response’s team of specialist associates are ready to help your organisation to secure the corporate network, or, in the worst case, to mitigate the damage caused by a security breach and prevent a recurrence. Contact us now if you feel that you are at risk of being cyberattacked and let us help you reduce that risk – or if you feel you have been attacked, we can provide a rapid response and assist in the damage control process.