The head of the UK National Cyber Security Centre (NCSC) Lindy Cameron has given an update on Russia’s cyber activity amid its war with Ukraine. Her speech at Chatham House today comes just a few days after Ukraine’s military intelligence agency issued a warning that Russia was “preparing massive cyberattacks on the critical infrastructure of Ukraine and its allies.” This coincides with a new Forrester report that reveals the extent to which the cyber impact of the Russia-Ukraine conflict has expanded beyond the conflict zone with malware attacks propagating into European entities.
UK NCSC CEO urges UK businesses to prepare for elevated alert
Addressing Russian cyber activity this year, Cameron stated that, while we have not seen the “cyber-Armageddon” some predicted, there has been a “very significant conflict in cyberspace – probably the most sustained and intensive cyber campaign on record – with the Russian State launching a series of major cyberattacks in support of their illegal invasion in February.”
Russian cyber forces from their intelligence and military branches have been busy launching a huge number of attacks in support of immediate military objectives. Their actions suggest a clear rationale to reduce the Ukrainian government’s ability to communicate with its population, impact the Ukrainian financial system at a time of heightened concern, and divert Ukrainian cybersecurity resource from their other priorities, Cameron added. “One specific observation is that Russia has favored wiper malware. Much like ransomware, this encrypts a device, making its data inaccessible. But, unlike ransomware, the effect is not designed to be undone. Thus, the infected device is rendered useless,” she continued.
Since the start of the year, the NCSC has been advising UK organizations to take a more proactive approach to cybersecurity in light of the situation in Ukraine. “There may be organizations that are beginning to think ‘is this still necessary?’ as in the UK we haven’t experienced a major incident related to the war in Ukraine. My answer is an emphatic yes,” Cameron said.
In response to significant recent battlefield set-backs, Putin has been reacting in unpredictable ways, and so we shouldn’t assume that just because the conflict has played out in one way to date, it will continue to go the same way, Cameron added. “There is still a real possibility that Russia could change its approach in the cyber domain and take more risks – which could cause more significant impacts in the UK.” UK organizations and their network defenders should therefore be prepared for this period of elevated alert with a focus on building long-term resilience, which is a “marathon not a sprint,” she said.
Ukraine warns allies of “massive” Russian cyberattacks
In an article published on September 26, Ukrainian intelligence agencies stated that the Kremlin is planning to carry out massive cyberattacks on the critical infrastructure facilities of Ukrainian enterprises and critical infrastructure institutions of Ukraine’s allies. “First of all, the blow will be directed to the enterprises of the energy industry. During the operations, the experience of cyberattacks on the energy systems of Ukraine in 2015 and 2016 will be used,” the warning read. “By this, the enemy will try to enhance the effect of missile strikes on power supply facilities, primarily in the eastern and southern regions of Ukraine. The command of the occupiers is convinced that this will lead to a slowdown in the offensive actions of the Ukrainian Defense Forces.”
According to the warning, the Kremlin also intends to increase the intensity of DDoS attacks on the critical infrastructure of Ukraine’s closest allies, especially Poland and the Baltic states.
Cyber impact of Russia-Ukraine war expanding beyond the conflict zone
A new report from Forrester has revealed the extent to which the cyber impact of the Russia-Ukraine conflict has expanded beyond the conflict zone. In European Cybersecurity Threats, 2022, Forrester experts stated that destructive Russian malware attacks are propagating into European entities, who should stay prepared for cyber retaliation and an escalation of espionage campaigns.
“Russian hackers use advanced persistent threats (APTs) and sensitive data infiltration to gain advantage. About a quarter of total investigated intrusion attacks were identified as successful, and Russian adversaries exfiltrated strategic information, but this number might be underestimating the Russian threat,” the report read.