There is a new “class” of Russian hackers, the UK cyber-agency warns. Due to an increased danger of attacks by state-aligned Russian hackers, the National Cyber Security Centre (NCSC) of the UK is encouraging all businesses to put the recommended protection measures into place.
The NCSC alert states, “during the past 18 months, a new kind of Russian hackers has developed.” These state-aligned organizations frequently support Russia’s incursion and are driven more by ideology than money.
These hacktivist organizations typically concentrate their harmful online activity on launching DDoS (distributed denial of service) assaults against vital infrastructure, including airports, the legislature, and official websites.
According to NCSC, these threat actors have stated their desire to increase the harm they can do, and if given a chance, they might switch to more dangerous operations. To strengthen security, the British agency, therefore, recommends all firms put some suggested activities into practice. Secure system administration is one area in particular that they emphasize.
The NCSC has released a special guide with a list of steps businesses should take when facing serious cyber threats. System patching, access control confirmation, functional defenses, logging, and monitoring, reviewing backups, incident plans, and third-party access management are important steps.
Larger organizations should consider taking additional, advanced measures, such as speeding up security improvements, re-evaluating risk tolerance, temporarily reducing system functionality, aggressively patching vulnerabilities, delaying changes to non-security systems, and getting ready for extended operational hours or incident response scaling.
The NCSC advises adhering to the following guidelines for secure system administration for all internal staff members and external providers with access to administration interfaces. To stop attackers from abusing legitimate capabilities, secure all devices used to access system administrative interfaces.
Make sure that only users who have been given permission can access interfaces with high system privileges. Use tiered administration to apply realistic risk management to system administration, as some access levels offer more danger than others.
Depending on who, where, when, why, and how users accomplish activities, you can restrict administrator access. When required, revoke access while exercising the least privilege. To guarantee that only legal and approved actions are carried out, record/log all administration acts and audit them.
While the NCSC believes that pro-Russian hackers groups are unlikely to be able to seriously harm important corporate or governmental networks, this may alter in the future.
The NCSC closes its warning by saying, “Without external assistance, we deem it unlikely that these groups have the potential to intentionally inflict a harmful, rather than disruptive, impact in the short term.”
However, because they might improve efficiency over time, the NCSC advises organizations to take immediate action to reduce the chance of successful future attacks.
Conclusion
On Wednesday, the UK government’s cyber defense organization warned about a growing threat posed to Western essential national infrastructure by hackers who support Russia and its conflict with Ukraine. Online campaigns run by “hacktivists” with ties to Russia have vandalized or taken down a number of well-known public websites. The British National Cyber Security Centre (NCSC), a division of the eavesdropping spy agency GCHQ, warned in a warning that some of those organizations have been actively planning ways to cause more physical harm. Some people have expressed a desire to have a more damaging and disruptive influence on Western key national infrastructure, especially in the UK, according to the NCSC.
The alert, which was made public during a two-day conference held by the NCSC and GCHQ in Belfast, stated that “we expect these organizations to hunt for ways to create such an impact, especially if systems are not well protected. The alert stated that these organizations are “not subject to formal official oversight,” although they are ideologically driven and support Russian state interests. A successful cyberattack might be extremely damaging and cause significant physical harm if it targets vital national infrastructure like the energy grid or water supply. Although it was stated in the NCSC alert that such attacks would be “unlikely” to be accomplished by hacktivist groups “without external assistance,” it also cautioned that they “may become more effective over time.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.