Ukraine warns of Russian plans to escalate cyber attacks against allies - Cyber and Fraud Centre

Description:

Ukraine’s Ministry of Defence has warned of Russian plans to conduct mass cyber attacks on critical infrastructure belonging to Ukraine and its allies. The article details that the attacks will be aimed at taking down industrial energy facilities and may involve DDoS attacks.

The announcement follows a statement from the Council of the European Union released in July this year warning that the conflict has led to “a significant increase of malicious cyber activities” and that essential organisations are increasingly at risk of being targeted.

European countries have already seen a high number of cyber attacks on critical infrastructure since Russia’s invasion of Ukraine, including attacks on German wind-energy companies forcing 2,000 wind turbines to be shut down and ransomware groups hacking NHS IT suppliers and a Southern English water supplier.

Lindy Cameron, CEO of the National Cyber Security Centre (NCSC) addressed Russia’s continuous cyber attacks at a recent security and defence conference. Lindy Cameron told the audience that the invasion of Ukraine has been accompanied by “probably the most sustained and intensive cyber campaign on record.”

“In response to significant battlefield setbacks, in the last week, we have seen Putin react in unpredictable ways… There is still a real possibility that Russia could change its approach in the cyber domain and take more risks — which could cause more significant impacts in the UK.”⁽¹⁾

Preventions:

With cyber attacks from Russian-aligned threat actors increasing, protecting your organisation from some common threats can help prevent your systems from being targeted. Some simple steps include:

Using anti-virus & firewalls which are kept regularly updated.
Ensuring all work devices are kept up-to-date with the latest software versions.
Make employees aware of the most common cyber threats, such as phishing attacks and malware, and the importance of using strong and unique passwords.
Implement two-factor authentication (2FA) to access your organisation’s accounts.

Useful Resources:

Download our Free Employee Cyber Training Guide – An Introduction to Cyber Security 2022
Read our blog – ‘Steps to take when the cyber threat is heightened’
Watch the SBRC Cyber Security Mini Series – 10 one-minute videos giving you an overview of cyber security basics
Book into our Cyber Exercising Workshops – These non-technical sessions are the best way to prepare your organisation to defend against a cyber attack

If your organisation is the victim of a cyber attack you must get the right support either by calling the SBRC Incident Response Helpline (0800 1670 623) or by contacting Police Scotland on their non-emergency phone number (101).

If you are unsure whether you should call the police, please call our Incident Helpline, and we can provide guidance.

https://www.bleepingcomputer.com/news/security/ukraine-warns-allies-of-russian-plans-to-escalate-cyberattacks/ – Posted September 26^th

https://www.theregister.com/2022/09/27/russia_plans_massive_cyberattacks_ukraine/ – Published September 27^th

https://therecord.media/russia-waging-most-sustained-and-intensive-cyber-campaign-on-record-ncsc-ceo-says/ – Published September 28^th

https://www.consilium.europa.eu/en/press/press-releases/2022/07/19/declaration-by-the-high-representative-on-behalf-of-the-european-union-on-malicious-cyber-activities-conducted-by-hackers-and-hacker-groups-in-the-context-of-russia-s-aggression-against-ukraine/ – Published July 12^th

Article References: