NCSC warns UK entities of potential destructive cyberattacks from Russia

The UK’s National Cyber Security Centre (NCSC) urges organizations to improve cybersecurity due to the risk of imminent destructive cyberattacks from Russia-linked APT groups.

The UK’s National Cyber Security Centre (NCSC) is urging organizations to improve their cybersecurity posture due to the imminent risk of destructive cyber-attacks from Russian state-sponsored threat actors after recent attacks against Ukrainian entities.

The NCSC is investigating recent cyber attacks against entities in Ukraine making parallelism with other attacks preciously attributed to Moscow, such as NotPetya (2017) and cyber attacks against Georgia.

“UK organisations are being urged to bolster their cyber security resilience in response to the malicious cyber incidents in and around Ukraine. ” reads the alert published by the NCSC.

While the tension between Ukraine and Russia is rising, the risks of cyber attacks against European and US entities is increasing.

NCSC’s guidance encourages organizations to perform the following actions to increase their resilience to cyber attacks:

patch systems;
improve access controls and enabling multi-factor authentication;
implement an effective incident response plan;
check that backups and restore mechanisms are working;
ensure that online defences are working as expected, and;
keep up to date with the latest threat and mitigation information.

The good news is that the UK cybersecurity agency is not aware of any current specific threats to UK organisations linked to the events in Ukraine.

“The NCSC is committed to raising awareness of evolving cyber threats and presenting actionable steps to mitigate them. While we are unaware of any specific cyber threats to UK organisations in relation to events in Ukraine, we are monitoring the situation closely and it is vital that organisations follow the guidance to ensure they are resilient.” said Paul Chichester, NCSC Director of Operations. “Over several years, we have observed a pattern of malicious Russian behaviour in cyberspace. Last week’s incidents in Ukraine bear the hallmarks of similar Russian activity we have observed before.””

Recently the UK agency released NMAP Scripting Engine scripts that can help defenders to scan their infrastructure to find and fix unpatched vulnerabilities impacting them.

The scripts were developed by i100 (Industry 100), an initiative that promotes close collaborative working between the NCSC and 100 industry personnel.

The scripts will be published on GitHub through a project named Scanning Made Easy (SME).

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Russia)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.