UK organisations are being urged to bolster their cybersecurity resilience in response to the malicious cyber incidents in and around Ukraine.
It comes after the National Cyber Security Centre (NCSC), which is part of GCHQ, recently updated its guidance to UK companies and organisations.
The NCSC is investigating the recent reports of malicious cyber incidents in Ukraine. Incidents of this nature are similar to a pattern of Russian behaviour seen before in previous situations, including the destructive NotPetya attack in 2017 and cyberattacks against Georgia. The UK Government has attributed responsibility for both these attacks to the Russian Government.
While the NCSC is not aware of any current specific threats to UK organisations in relation to events in and around Ukraine, the guidance encourages organisations to follow actionable steps that reduce the risk of falling victim to an attack.
Paul Chichester, NCSC Director of Operations, said: “The NCSC is committed to raising awareness of evolving cyberthreats and presenting actionable steps to mitigate them. While we are unaware of any specific cyberthreats to UK organisations in relation to events in Ukraine, we are monitoring the situation closely and it is vital that organisations follow the guidance to ensure they are resilient.
“Over several years, we have observed a pattern of malicious Russian behaviour in cyberspace. [Recent] incidents in Ukraine bear the hallmarks of similar Russian activity we have observed before.”
The guidance, which is primarily aimed at larger organisations, also advises organisations which fall victim to a cyberattack to report the incident to the NCSC’s 24/7 Incident Management team.
Carolyn Crandall, Chief Security Advocate at Attivo Networks, said: “Businesses should take an assumed breached security posture to prepare for an onslaught of advanced and targeted attacks. This assumption shifts security focus to readiness and threat hunting for incursions within the network. Advanced threats will use identity-based attacks that inherently bypass traditional endpoint and network security defences. Security teams need to be on high alert for credential theft and misuse, privilege escalation and lateral movement threat activities. Active Directory, which is the main credential store, must be protected as a top priority. This means having in place continuous visibility tools that find and fix exposures, misconfigurations and policy drift. It also needs to include live attack detection and, ideally, the ability to redirect unauthorised access attempts to cyber-deception decoys for threat intelligence gathering. Organisations should also not be overconfident in Multi-Factor Authentication to protect identities – advanced attackers are fully equipped to bypass these controls.”