NCSC Warns Of Russian Cyber Retaliation Against Critical Infrastructure

GCHQ’s National Cyber Security Centre (NCSC) has this week issued another cyber warning, amid Russia’s illegal invasion of Ukraine.

The NCSC teamed up with partners in the ‘five eyes’ intelligence sharing community, namely its counterpart agencies in the US, Australia, Canada and New Zealand, to warn about the risk of Russian retaliation via state-sponsored and cyber criminals, against critical infrastructure.

The warning about Russia comes after the country was subjected to some of the most severe sanctions in the world, and the military support provided to Ukraine by NATO and other countries.

Critical industries

Indeed, the UK and US have been at the forefront of providing military assistance to aid Ukraine in its fight against the brutal Russian invasion.

The UK was recently singled out by Moscow as one of the most hostile nations to Russia (no surprise considering Russia’s multiple assassinations carried out on British soil), and has even banned Prime Minister Boris Johnson and other government officials from Russia itself.

Not that any visit will be carried out to the pariah nation that is Russia today.

The NCSC advisory, available here, provides technical details on the threat to critical infrastructure from Russian state-sponsored and cyber criminals.

Immediate actions for all organisations to take to protect their networks include:

• prioritising the patching of known exploited vulnerabilities;
• enforcing multi-factor authentication (MFA);
• monitoring remote desktop protocol (RDP) and
• providing end-user awareness and training

“In this period of heightened cyber threat, it has never been more important to plan and invest in longer-lasting security measures,” said Lindy Cameron, CEO of NCSC.

“It is vital that all organisations accelerate plans to raise their overall cyber resilience, particularly those defending our most critical assets,” said Cameron. “The NCSC continues to collaborate with our international and law enforcement partners to provide organisations with timely actionable advice to give them the best chance of preventing cyber attacks, wherever they come from.”

The advisory also includes details on Russian-aligned cyber criminal groups, some of which have recently pledged support for the Russian state and have threatened to conduct malicious operations in retaliation against countries providing support to Ukraine, said NCSC.

Previous advice

It complements recent NCSC advice on actions to take when the cyber threat is heightened, and aims to further improve the resilience of organisations in the event of heightened malicious cyber activity.

In January NCSC warned British organisations to prepare their cyber defences in light of the worsening geopolitical situation in and around the Ukraine.

Then in February, just days before Russia fully invaded Ukraine, the agency made a fresh appeal for UK organisations to act now in order to bolster their cyber security resilience.

Last month the FBI warned that Russian hackers have been scanning systems belonging to critical industries in the United States.

The issue of cyberattacks against critical infrastructure was raised during face-to-face talks between US President Joe Biden and Vladimir Putin in June 2021.

Biden warned Putin of ‘retaliation’ and an ‘aggressive response’ if Russia attacks a list of 16 ‘critical’ industries in America.

Then in July 2021 President Biden underscored the issue of cyberattacks, when he admitted they could cause a ‘real shooting war’ with a ‘major power’.

Ever since 2011 the United States said it reserved the right to retaliate with military force against a cyberattack from a hostile state.

In March 2021, the UK in its Integrated Defence Review’ document included  a small but noteworthy change for the justifications to use the UK’s nuclear arsenal, when it cited “emerging technologies”.

There was speculation the “emerging technologies” clause could include cyberattacks.

The review also noted the UK is the “third most powerful cyber nation in the world, ranking top in defence, intelligence, norms and offensive capabilities.”

Messy online war-zone

An expert in critical infrastructure cybersecurity, namely Chris Grove of Nozomi Networks, provided his analysis of the implications of this threat, saying the advice given by the authorities should have already been implemented.

“CISA Alert AA22-110A contains a lot of useful information for defenders to understand something about the various threat actors, their methods, and motivations,” noted Chris Grove, director of cybersecurity strategy at security and visibility specialist Nozomi Networks:

The recommendations provided by CISA are….’bread and butter’ recommendations,” said Grove. “Meaning, there’s nothing out of the ordinary, nothing over the top, and if operators of critical infrastructure aren’t already doing those things, they should stop now, assume they’ve been breached, and start thinking about resilience, consequence reduction, and the impact to safety.”

“The message should be loud and clear, Russian nexus-state actors are on the prowl, cyberspace has become a messy, hot war-zone, and everyone should be prepared for an attack from any direction,” said Grove. “I believe that’s the primary goal of this alert….to ring that bell in the city square letting everyone know there’s a storm on the horizon, so put countermeasures in place…now. Be prepared, and put your shields up.”