All organizations in UK are being urged to immediately bolster their business resilience capabilities due to an increased risk of fallout from cyberattacks targeting Ukraine. UK intelligence officials today reiterated previous calls for UK organisations to take rational, sensible steps to secure their infrastructure against possible intrusions from actors backed by malicious states
The NCSC, which is part of Britain's security, intelligence and cyber agency GCHQ, warns that while it knows of no imminent online attacks that might directly target the UK, "malicious cyber incidents in and around Ukraine" could nevertheless cause damage to U.K. organisations.
Specific guidance includes ensuring that all systems are patched and covered by a working backup and recovery plan, among other recommendations.
What is Cyber Spillover?
Nation-state threat actors once focused on infrastructure, think tanks, and government sites; they now attack supply chains. Vendors, software, and networks that government organizations rely on are an entry point to primary targets, These frequently are the same supply chains that businesses rely on daily. The most common risks to organisations come from threats that are either poorly executed, resulting in attacks accidentally spreading to other networks, or simply threat actors that do not care who they infect to achieve their goals.
What is an example of Cyber Spillover?
In 2017, an attack, involving NotPetya destructive malware, was disguised as ransomware, which rendered infected systems unrecoverable. The attack involved subverting an update server for a legitimate piece of widely used accounting software developed by a Ukrainian firm. A Trojanized update for the software was issued containing the malware, which was then triggered
The resulting malware outbreak spread globally, taking out systems at organizations such as FedEx, Danish shipping giant Maersk and pharmaceutical firm Merck, causing up to $10 billion in estimated damages commercially. At one point, a large number of the world's merchant ships were being controlled by WhatsApp and other emergency means, because the systems were down.
What actionable steps can I take to protect against cyber spillover?
The NCSC offers extensive advice on its website about how to bolster defences. Just some of the actions organizations should be taking now, NCSC says, include:
- Keeping all systems patched and updated with security fixes;
- Improving access controls and enabling multifactor authentication;
- Implementing and maintaining an effective incident response plan;
- Ensuring all backup and restore mechanisms are working;
- Continually reviewing all online defences to ensure they're working as anticipated;
- Keeping a close eye on "the latest threat and mitigation information."
The NCSC alert also urges any British organization that falls victim to an online attack to notify its incident management team.