Microsoft warns of increasing cyber attacks from Russia this winter - Cyber and Fraud Centre

Description:

Microsoft has published a report warning of an increase in cyber attacks from Russia, particularly on Ukraine and NATO allies. The organisation notes that Russia’s battlefield losses in Ukraine have “intensified its multi-pronged hybrid technology approach to pressure the sources of Kyiv’s military and political support, domestic and foreign”.

While this increase in attacks will mainly target Ukraine and its direct neighbours, organisations operating within countries that are a part of NATO are also at risk. Microsoft adds that “Russian state-sponsored cyberattacks may increasingly be used outside Ukraine in an effort to undermine foreign-based supply chains”.

Organisations in the EU and UK have already seen an increase in attacks stemming from Russia and Russian-aligned hacking groups this year, such as the recent DDoS attacks on the European Parliament’s website and the ransomware attack on South Staffs Water. The NCSC has reported that in 2022 most of the ransomware groups that target the UK will continue to be based in and around Russia.

The cyber attacks may also be followed by cyber-enabled influence operations, such as using social media and phishing attacks to spread misinformation.

Preventions:

As threat actors continue to target organisations in NATO countries, it is vital to ensure your organisation is prepared to defend against cyber attacks. Some of the following steps can help build your organisation’s cyber security:

Keep multiple up-to-date backups of your organisation’s data. Using the 3-2-1 rule for backups is recommended – have at least three copies on two devices and one offsite backup that is kept separate from your network.
Ensure antivirus and firewall protect all devices on your network and are regularly updated.
Use administrator accounts sparingly and keep them only for making admin changes to your network. Everyday user accounts should not have administrative access, even for high-level positions such as senior managers or CEO.
Regularly update your devices and software, as threat actors often target zero-day vulnerabilities, especially on public-facing systems.
Educate staff on good cyber security practices, such as keeping a strong password and how to spot a phishing scam. Download a free staff training guide from the CyberScotland website.

Prepare for a cyber incident:

An incident response plan is one of the best tools an organisation can have to prepare for a cyber attack.
If you don’t already have a plan, visit the CyberScotland website to download your free Cyber Response Plan. The pack gives you helpful information on preparing your business, PR, comms, and legal considerations.
Test, test, and test again! Practice your incident response plan to ensure it is fit for purpose and that the people involved are comfortable with their roles.
If you want to practice your incident response plan, cyber exercising is a good place to start.
Exercise in a Box, developed by the NCSC and delivered by SBRC is a free 90-minute, non-technical workshop that helps organisations find out how resilient they are to cyber attacks and practice their response in a safe environment. Find out more about Exercise in a Box here.
Cyber exercising is also an effective way to ensure employees understand what to do in a cyber incident.