British companies have been urged to bolster their digital security over concerns of possible Russian cyber-attacks linked to the growing political crisis in Ukraine.
The National Cyber Security Centre (NCSC), a part of the GCHQ intelligence agency, has updated its guidance telling firms to “build resilience and stay ahead of potential threats”.
The NCSC said: “UK organisations are being urged to bolster their cybersecurity resilience in response to malicious cyber-incidents in and around Ukraine.”
The NCSC said that although it was investigating malicious cyber-incidents in Ukraine, “which are similar to a pattern of Russian behaviour seen before in previous situations”, it was not aware of any “specific threats” to UK organisations.
The NCSC is concerned that businesses could be targeted after the UK, US and EU issued warnings to the Russian president, Vladimir Putin, against attacking Ukraine after he deployed 100,000 troops on its borders.
“While we are unaware of any specific threats to UK organisations in relation to events in Ukraine, we are monitoring the situation closely and it is vital that organisations follow the guidance to ensure they are all resilient,” said Paul Chichester, the director of operations at the NCSC.
A cyber-attack on Ukraine government websites earlier this month warned the public to “be afraid and expect the worst”, which Ukraine said was orchestrated by Russia.
“Over several years, we have observed a pattern of malicious Russian behaviour in cyberspace,” Chichester said. “Last week’s incidents in Ukraine bear the hallmarks of similar Russian activity we have observed before.”
The guidance, which is primarily aimed at larger organisations, comes after the NCSC warned businesses in the UK’s critical national infrastructure – such as energy, water supply, transportation and telecommunications – about specific vulnerabilities Russian hackers have been known to exploit.
Ukraine was subjected to a crippling Russian cyber-attack in 2017, dubbed the NotPetya attack, which wiped clean computers in the country but spilled over into systems around the world. It gained access to computers by hacking a widely used piece of tax reporting software in Ukraine, which also affected foreign companies based there and spilled over to more than 60 countries.
The attack was nominally a piece of “ransomware” – where affected targets are asked to pay a bitcoin ransom to unlock their hard drives – but there was in fact no way of decrypting the affected files, making it what is known as a “wiper” attack in industry jargon.
Stuart McKenzie, a senior vice-president at US cybersecurity firm Mandiant, said that Russia would have planned any cyber offensive linked to a Ukraine conflict well in advance: “Russia is very strategic,” he said. “It will have been strategically planned over a number of years.”
McKenzie said it was unlikely that a NotPetya-style attack would hit the UK. “The possibility of a wiper attack across the whole of the UK is incredibly unlikely. It is much more likely to be a strategic attack against limited targets.” However, he said that the NotPetya attack appeared to show a lack of regard for collateral damage outside the targeted country. The malware caused an estimated $10bn of damage around the world, with the Danish shipping company Maersk among those affected, after reporting costs of up to $300m related to the attack.
He said: “I absolutely believe Russia will have strong strategic plans for what they are going to do but they don’t know what the unintended consequences will be.”
