The UK’s National Cyber Security Centre (NCSC) has now issued a security advisory after the recently reported cyberattacks against Ukraine and the tensions within the region.
In its statement, the NCSC has given specific guidelines and expert recommendations on steps enterprises can take to ramp up their defences and protect their interests from a possible attack.
Getting to the root of the threat
To date, although the attacks launched on Ukraine have not been attributed to a specific threat operator, the NCSC has commented that they bear certain similarities to prior incidents. The previous cyberattacks alluded to by the security experts saw the United States and the United Kingdom point an official finger at the Russian government.
The NCSC’s director for operations, Paul Chichester, commented recently:
“While we are unaware of any specific cyber threats to UK organisations in relation to events in Ukraine, we are monitoring the situation closely and it is vital that organisations follow the guidance to ensure they are resilient. Over several years, we have observed a pattern of malicious Russian behaviour in cyberspace.”
These cyberattacks include strikes against Georgia, along with the NotPetya attack. NotPetya was specifically designed to zero in on organisations within the Ukrainian governmental, energy and financial, sectors. However, the self-replicating design of the cyberattack meant that it affected multiple organisations across the world. As a result, damages were estimated to add up to billions of dollars.
The NotPetya cyberattack was powered by the NSA hacking tool EternalBlue after it was leaked back in the early part of 2017. At the time of the attack during June of the same year, a dedicated security patch was readily available and had been so for many months, which could have negated the attack. Unfortunately, many organisations around the globe had neglected to apply the update containing the fix.
This inaction was in spite of a worldwide demonstration of how systems without a patch in place were vulnerable to attacks using EternalBlue a month earlier when WannaCry ransomware was unleashed by North Korea, impacting networks in numerous nations.
Warnings from the NCSC
It is understandable given the history of successful strikes against unpatched systems that the NCSC advises that organisations to always implement security fixes for operating systems as soon as they become available. When deployed, these patches protect networks against attacks.
Additionally, the security centre is also urging organisations to carry out several other key steps. Multifactor authentication should be activated for accounts, incident response plans must be established, and backup processes tested to ensure they are operating as they should and can be counted on should an incident occur.
UK organisations are also being urged to keep on top of the latest data on threats and mitigation, so that they are fully aware of all potential cyber-related incidents on the horizon.
The recent guidance also warns any organisations in Britain that become a victim of a cyberattack to immediately report it to the NCSC’s dedicated incident management team.