The UK’s National Cyber Security Centre (NCSC) is urging organizations to bolster security and prepare for a potential wave of destructive cyberattacks after recent breaches of Ukrainian entities.
The NCSC openly warns that Russian state-sponsored threat actors will likely conduct the attacks and reminds of the damage done in previous destructive cyberattacks, like NotPetya in 2017 and the GRU campaign against Georgia in 2019.
These warnings come after Ukrainian government agencies and corporate entities suffered cyberattacks where websites were defaced, and data-wiping malware was deployed to destroy data and make Windows devices inoperable.
The cause for the resurgence of attacks is the tensions between Russia and Ukraine, and attempts to negotiate a way out of the Ukraine crisis have failed so far.
Ukraine and Russia have engaged in cyberwarfare for many years, but recent Russian military mobilization was accompanied by new waves of attacks, with European countries and the USA expected to be targeted next.
To prepare for potential cyberattacks by Russian threat actors, the NCSC suggests that UK organizations perform the following steps:
- Patch systems
- Improve access controls and enable multi-factor authentication
- Implement an effective incident response plan
- Check that backups and restore mechanisms are working
- Ensure that online defenses are working as expected
- Keep up to date with the latest threat and mitigation information
However, the announcement underlines that no specific threats to UK organizations have been identified yet and that the alert is a precautionary measure.
The NCSC also updated its cybersecurity guidance last week, offering basic advice and advanced proposals on what actions to take against the entire spectrum of modern cyber-threats.
Moreover, a few days back, the agency released NMAP scripts to help British companies scan their networks for potentially exploitable vulnerabilities.
For organizations that fall victim to a cyberattack, the NCSC offers 24/7 support through a dedicated incident management team which can be contacted by submitting this incident report form.
