The rising risk of Russian cyber attacks

The recent cybersecurity alert issued by the Five Eyes intelligence alliance (Australia, Canada, New Zealand, the UK, and the USA), warns critical infrastructure organisations to ramp-up their defences. Lindy Cameron, CEO of the National Cyber Security Council (NCSC), is in no doubt ‘it is vital that all organisations accelerate plans to raise their overall cyber resilience’. It seems that while the extent of Russian military capability may have been questioned in recent weeks, the cyber threat from Russia remains very real.

WHY NOW?

It’s been more than three months since Russia invaded Ukraine, and instead of the wall-to-wall news coverage we saw in the first few days, it has all started to feel more like background noise. The atrocities continue, but as the focus in the media returns to football matches or the cost-of-living crisis, conflict in the Ukraine no longer dominates the headlines. Rightly or wrongly, the shock factor has worn off. But as we adjust to a ‘new normal’ of Russian aggression hovering in our peripheral vision, we can’t afford to become complacent. Many of us have breathed a metaphorical – or literal – sigh of relief, as Russia has been revealed to be far less of a military threat than we once thought, unable as yet to secure ‘significant results’ from their ongoing offensive.^[1] It is precisely this military frustration, however, that will encourage Russian officials to consider alternative methods of applying pressure on the West, and Five Eyes warns ‘evolving intelligence indicates that the Russian government is exploring options for potential cyber-attacks’.^[2]

A CLEAR AND PRESENT DANGER

The use of cyber-attacks as strategy is far from unprecedented – Jen Easterly, Director of the US cybersecurity agency CISA, notes that ‘malicious cyber activity is part of the Russian playbook’.^[3] In 2017, the disruptive NotPetya attack targeting Ukraine spread across Europe, costing organisations hundreds of millions.^[4] Distributed denial-of-service (DDoS) attacks also successfully disrupted the Ukrainian banking sector immediately before the invasion in February 2022.^[5] Our 21st century reliance on digital infrastructures make them highly desirable targets for disruption – targets that also happen to lack the protection of land or borders. An additional concern is that Russian state-sponsored activity isn’t the only source of threat. Equally worrying are the numerous cyber-criminal groups that have aligned themselves with Russian interests, and could target any country providing support for Ukraine, or seen to be applying pressure on the Russian government or people. Killnet, a pro-Russian hacker group, has already claimed credit for a recent DDoS attack on a US airport. With the UK and EU both increasing economic sanctions this month, intelligence suggests that the NHS, nuclear power stations, and parts of the civil service could be at risk ^[6] – although any organisation could be affected.

HOW TO RAISE YOUR CYBER RESILIENCE

The NCSC and international cybersecurity authorities are urging critical infrastructure to prepare for a range of potential cyber threats, including malware, ransomware, DDoS attacks, and cyber espionage.

Immediate actions for all organisations include:

• prioritising the patching of known exploited vulnerabilities

• enforcing multi-factor authentication (MFA)

• monitoring remote desktop protocol (RDP)

• providing end-user awareness and training

As NCSC CEO Cameron succinctly states: ‘In this period of heightened cyber threat, it has never been more important to plan and invest in longer-lasting security measures.’ ^[7]

The threat is real – but it can be managed. If you have questions about what you need to implement now, or would like advice on how to strengthen cybersecurity across your organisation, then talk to us at security@itgl.com.