UK Top Cyber Target For Russian Hackers

The long-awaited report from the UK’s Intelligence and Security Committee has admitted that the “security threat posed by Russia is difficult for the West to manage.”

The report from the committee of MPs that oversee the work of MI5, MI6, and GCHQ, also warned that “Russia considers the UK one of its top Western intelligence targets.”

Last week the National Cyber Security Centre (NCSC), warned that Russia’s APT29 (also known as Cozy Bear) has been targetting Covid-19 vaccine researchers.

Russian aggression

The report pointed to Russia’s aggression of late under the leadership of President Putin, including the murder of Alexander Litvinenko in 2006 in London, and the attempted murder on Sergei Skripal, a former Russian military officer and his daughter in Salisbury, with a Novichok nerve agent, which shows the threat the country poses to the West.

“The security threat posed by Russia is difficult for the West to manage as, in our view and that of many others, it appears fundamentally nihilistic,” said the report. “Russia seems to see foreign policy as a zero-sum game: any actions it can take which damage the West are fundamentally good for Russia.”

“It is also seemingly fed by paranoia, believing that Western institutions such as NATO and the EU have a far more aggressive posture towards it than they do in reality,” said the report. “There is also a sense that Russia believes that an undemocratic ‘might is right’ world order plays to its strengths, which leads it to seek to undermine the Rules Based International Order – whilst nonetheless benefitting from its membership of international political and economic institutions.”

The report pointed out that Russia wishes to be seen as a resurgent ‘great power’, and its threat to the UK covers cyber, disinformation and influence; and Russian expatriates.

Regarding the cyber aspect, the report said that GCHQ assesses that “Russia is a highly capable cyber actor with a proven capability to carry out operations which can deliver a range of impacts across any sector.”

Critical infrastructure

It said that since 2014, Russia has carried out malicious cyber activity in order to assert itself aggressively in a number of spheres, including attempting to influence the democratic elections of other countries.

Russia cyber activities also targetted Western ‘Critical National Infrastructure (CNI), with GCHQ revealing that Russian GRU6 actors have orchestrated phishing attempts against Government departments, including the Foreign and Commonwealth Office (FCO) and the Defence Science and Technology Laboratory (DSTL) during the early stages of the investigation into the Salisbury attacks.

“Russia has sought to employ organised crime groups to supplement its cyber skills,” the report warned. “SIS (MI6) has observed that “this comes to the very muddy nexus between business and corruption and state power in Russia”.

Indeed, GCHQ told the Committee that there is “a quite considerable balance of intelligence now which shows the links between serious and organised crime groups and Russian state activity.”

“Russia’s cyber capability, when combined with its willingness to deploy it in a malicious capacity, is a matter of grave concern, and poses an immediate and urgent threat to our national security,” the report warned.

Cyber operations

The report highlighted how the Foreign Secretary has responsibility for the NCSC, whereas the the Home Secretary leads on the response to major cyber incidents.

Yet the Defence Secretary has overall responsibility for Offensive Cyber as a ‘warfighting tool’.

It said there needs to be ‘greater cohesion’ between the various government departments, and said the Government needs to continue it strategy of ‘naming and shaming’ those conducting cyber offensives against the UK.

The report noted the UK’s cyber offensive capabilities, after it announced its intention to develop an Offensive Cyber capability in September 2013, and in 2014 the National Offensive Cyber Programme (NOCP) – a partnership between the Ministry of Defence and GCHQ – was established.

It said that the UK continues to develop its Offensive Cyber capability, and there must be clear lines of accountability between GCHQ and the MoD, as they have “in recent years adopted a more open posture on Offensive Cyber.”

Expert views

The report on Russia’s activities has drawn a response from security experts across the board.

“Cyber security fears are evidently increasing, but the attack vectors used remain the same, with similar entry,” said Jake Moore, cybersecurity specialist at ESET. “As we have seen with Twitter recently, social engineering is a widely used technique and can leave huge destruction in its wake.”

“Hacking the human is still a very effective tool, and phishing email campaigns remain relentless,” said Moore. “Constant training must be therefore be in place with an increased level of vigilance. Relying on security software alone will never protect you completely. The rest has to be security compliance carried out by the individual.”

Another expert pointed to the report’s assessment that the UK is still playing catch up to the threats posed by Russia and others.

Playing catch up

“Today’s ISC report confirms the high risk that all governments face from foreign adversaries in the cyber space, in particular when it comes to efforts to influence elections, spread disinformation, and attacks against critical national infrastructure,” said Cath Goulding, CISO at Nominet.

“It is the ISC’s assessment that the UK Government is ‘still playing catch up’ to these threats and, undoubtedly, this report will prompt government agencies around the world to consider how their country and its citizens could be targeted as well,” said Goulding.

“One of the main recommendations of the report is to establish a central responsibility for a coordinated response to these threats, rather than a ‘hot potato’ approach with no one government body taking the lead,” said Goulding. “This is aligned with our recommendations for government security – which requires large-scale, national protective interventions, to bring their citizens, businesses and economies a more secure environment.”

“This means that there needs to be a breadth of security across government, all the way down to the local level, which is consistent, cohesive and coordinated,” said Goulding. “This is critical to ensure a high level of security across all departments, with no weak spots for threat groups to exploit, and greater awareness of the threats facing the UK. Not only will this facilitate a stronger security posture, but also more opportunities for international collaboration to mitigate attacks against governments.”

Identifying threats

Meanwhile another expert said the Russia report highlights the importance of detecting and identifying hidden threat behaviours inside a network, before the attack has a chance to go any further and steal valuable information.

“The report’s comments about observed Russian ‘pre-positioning’ activity highlights the need for detecting hidden threat behaviours inside enterprise IT networks before cyberattacks have a chance to spy, spread and steal,” explained Matt Walmsley, EMEA Director at Vectra.

“It’s a phenomenon we’ve seen in our own analysis from inside operators of critical national infrastructure,” said Walmsley. “For example, attackers have tested and mapped-out attacks against energy and utilities networks for years. These slow, quiet reconnaissance missions involve observing operator behaviours and building a unique plan of attack.”

“The attack that shut down Ukraine’s power grid in 2015 was reportedly planned many months in advance by skilled and sophisticated cybercriminals,” said Walmsley. “This underscores the importance of identifying hidden attackers inside enterprise IT networks before they cause damage to the industrial control systems (ICS) and steal information related to the critical infrastructure.”

Do you know all about security? Try our quiz!