The UK's National Cyber Security Centre, part of GCHQ, are advising organisations to tighten cybersecurity and ensure business continuity plans are tested and working; As a result of potential collateral cyber-damage from Russia's invasion of Ukraine - you can read the full advice here https://www.ncsc.gov.uk/guidance/actions-to-take-when-the-cyber-threat-is-heightened.

The priority recommendations are:

  1. Patch - Devices, Internet-facing and Business Critical software
  2. Secure Users - Review user accounts, implement MFA, provide training & Information
  3. Check AV – Ensure your security solutions, firewalls, threat logging systems, are working and monitored
  4. BC:DR - ‘Fire drill’ test your backups and appraise business continuity plans
  5. Human Security - Inform employees to expect attacks and educate them on the types of threats expected.

We recommend the above for all IT Genie clients, to minimise their attack surface. We are happy to help you achieve the same https://itgenie.com/free-consultation/.

 

Cyberattacks are Not Always Targeted

While the NCSC is not aware of any specific threats to UK organisations relating to the conflict, there has been an historical pattern of Russian cyberattacks on Ukraine resulting in international cyber-damages. NotPetya, in 2017 caused $600 million of damage to non-Ukrainian businesses including amongst others FedEx & Maersk (logistics & shipping giants), Merck (Nurofen & Durex) and Mondelez (Toblerone & Oreo).

This conflict instigated by Russia against the Ukraine is rapidly changing with fast moving attacks on both sides and numerous bodies announcing their allegiance or decrying the invasion.

 

DDoS for DDoS

As a precursor to the military invasion by Russia, a number of Ukrainian government websites and financial institutions were hit by repeated Distributed Denial of Service (DDoS) attacks, as part of the plan against to destabilise the country.

The Ukrainians responded with Vice Prime Minister Mykhailo Fedorov calling on patriots and supporters to “create an IT army” similarly taking down Russian government and news sites.

Ransomware gang Conti, who last year attacked fashion retailer FatFace, threatened to use all its resources to counterattack anybody targeting Russian IT; However a Ukrainian allies quickly leaked the contents of a Conti chat server and their source code, nullifying the threat potential somewhat

Phishing and disinformation attacks are rife as Russian & Belarusian hacking groups targeting Ukrainians, while a Norwegian computer expert has created a website that sends emails imploring Russian people to seek out the truth about Russia’s invasion by getting their news from non-state run media services.

 

Backing Away From the Bear

Responding to the invasion of the Ukraine, a number of high-profile organisations have withdrawn their services from Russia; Microsoft is decrying the "tragic, unlawful and unjustified invasion of Ukraine", along with Oracle, SAP, Apple, Nike and Google limiting goods and services.

Consumer brands McDonalds, Starbucks and Coca Cola have ceased activity in Russia as a protest to their actions. Sainsbury’s have stopped sales of all Russian sourced products and are supporting their Ukrainian colleagues through a £2m donation via Comic Relief.

Hoping to bore the Russians into disaffection - Amazon, Netflix, Nintendo, PlayStation, & Xbox have all suspended activity in the region.

This is despite cybersecurity provider Mandiant, now part of Google, warn there could be Russian retaliation "Organizations making public statements condemning Russian aggression and/or supporting Ukraine and organizations taking actions to restrict Russian participation in international commerce, competitions, and events face elevated risk of future reprisal."

 

War and Peace

While this raised awareness of cyber-preparedness comes as a result of the conflict between Russia and Ukraine, being prepared for cyberattacks and disruptive activity is good cyber hygiene and business practice.

There is always the threat of ransomware, DDoS, data theft etc., so all investments of time and resources improving cyber-security will be beneficial in the long-term.

IT Genie are always here to your trusted partners, taking responsibility for your security – talk to us today on 0345 0945 353 or info@itgenie.com