NCSC warns UK entities of potential destructive cyberattacks from Russia

The UK’s National Cyber Security Centre (NCSC) urges organizations to improve cybersecurity due to the risk of imminent destructive cyberattacks from Russia-linked APT groups.

The UK’s National Cyber Security Centre (NCSC) is urging organizations to improve their cybersecurity posture due to the imminent risk of destructive cyber-attacks from Russian state-sponsored threat actors after recent attacks against Ukrainian entities.

The NCSC is investigating recent cyber attacks against entities in Ukraine making parallelism with other attacks preciously attributed to Moscow, such as NotPetya (2017) and cyber attacks against Georgia. 

“UK organisations are being urged to bolster their cyber security resilience in response to the malicious cyber incidents in and around Ukraine. ” reads the alert published by the NCSC.

While the tension between Ukraine and Russia is rising, the risks of cyber attacks against European and US entities is increasing.

NCSC’s guidance encourages organizations to perform the following actions to increase their resilience to cyber attacks:

• patch systems;
• improve access controls and enabling multi-factor authentication;
• implement an effective incident response plan;
• check that backups and restore mechanisms are working;
• ensure that online defences are working as expected, and;
• keep up to date with the latest threat and mitigation information.

The good news is that the UK cybersecurity agency is not aware of any current specific threats to UK organisations linked to the events in Ukraine.

“The NCSC is committed to raising awareness of evolving cyber threats and presenting actionable steps to mitigate them. While we are unaware of any specific cyber threats to UK organisations in relation to events in Ukraine, we are monitoring the situation closely and it is vital that organisations follow the guidance to ensure they are resilient.” said Paul Chichester, NCSC Director of Operations. “Over several years, we have observed a pattern of malicious Russian behaviour in cyberspace. Last week’s incidents in Ukraine bear the hallmarks of similar Russian activity we have observed before.””

Recently the UK agency released NMAP Scripting Engine scripts that can help defenders to scan their infrastructure to find and fix unpatched vulnerabilities impacting them.

The scripts were developed by i100 (Industry 100), an initiative that promotes close collaborative working between the NCSC and 100 industry personnel.

The scripts will be published on GitHub through a project named Scanning Made Easy (SME).

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Russia)

[adrotate banner=”5″]

[adrotate banner=”13″]