Five Eyes in new Russia cyber warning

The UK’s National Cyber Security Centre (NCSC) has again joined with its core Five Eyes allies in Australia, Canada, New Zealand and the US to share newly updated mitigation advice against Russian state cyber attacks and cyber criminal gangs.

Although the scale and scope of Russian cyber campaigns against Western targets during Moscow’s war on Ukraine has been limited so far, the NCSC and its allied counterparts have been keeping a close eye on activity emanating from the region.

“In this period of heightened cyber threat, it has never been more important to plan and invest in longer-lasting security measures,” said NCSC CEO Lindy Cameron.

“It is vital that all organisations accelerate plans to raise their overall cyber resilience, particularly those defending our most critical assets.

“The NCSC continues to collaborate with our international and law enforcement partners to provide organisations with timely, actionable advice to give them the best chance of preventing cyber attacks, wherever they come from.”

Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency (CISA), added: “Given recent intelligence indicating that the Russian government is exploring options for potential cyber attacks against US critical infrastructure, CISA, along with our interagency and international partners, are putting out this advisory to highlight the demonstrated threat and capability of Russian state-sponsored and Russia-aligned cyber crime groups.

“We know that malicious cyber activity is part of the Russian playbook, which is why every organisation – large and small – should take action to protect themselves during this heightened threat environment.

“We urge all critical infrastructure owners and operators as well as all organisations to review the guidance in this advisory as well as visit www.cisa.gov/shields-up for regular updated information to protect yourself and your business.”

Steve Barclay, Cabinet Office lead minister for cyber security, said: “The global cyber threat is clear and growing in the wake of Russia’s invasion of Ukraine. While businesses have long recognised the importance of cyber security, the urgency is now much more visible. As the Russian economy retracts under the weight of sanctions, more cyber criminals are looking to the West and the UK. 

“We are collaborating with the cyber security authorities in the US, Australia, Canada and New Zealand to ensure that organisations in the UK and across the world protect themselves and bolster our defences. Cyber attacks recognise no physical or geographical boundary and it has never been more important to plan and invest in cyber resilience.”

The latest advisory centres potential threats to critical national infrastructure (CNI), in particular its industrial control systems (ICS) and operational technology (OT) functions. This follows the discovery of several destructive malwares in recent weeks, which have been used against targets in Ukraine.

The allies said the Russian state has clearly demonstrated its ability to compromise IT networks, develop mechanisms to maintain long-term, persistent access, exfiltrate data from IT and OT networks, and disrupt core functions by deploying destructive malware.

At a bare minimum, said the allies, optimal organisational response is to prioritise the patching of known exploited vulnerabilities – the US government maintains a list of these, updated periodically – enforcing multi-factor authentication (MFA), monitoring the use of remote desktop protocol (RDP) and providing end-user training.

The full text of the advisory, including technical details of both Russian state-backed advanced persistent threat (APT) actor and Russia-aligned cyber criminal activity, can be read on the CISA’s website.