British organisations and large businesses should prepare for possible Russian state-backed cyber attacks, a top security official warned on Friday, citing recent hacks of dozens of official Ukrainian websites.
Scores of Ukrainian government computer networks were hit with a cyber attack last week that included a message, which flashed on Ukrainian computer screens: “be afraid and wait for the worst.” The US and Nato condemned the attack, which Ukrainian officials suspected emanated from Moscow.
Paul Chichester, director of operations at the National Cyber Security Centre, urged vigilance and said it was “vital that organisations follow [cyber security] guidance to ensure they are resilient.”
He added: “Over several years, we have observed a pattern of malicious Russian behaviour in cyber space. Last week’s incidents in Ukraine bear the hallmarks of similar Russian activity we have observed before.”
The NCSC, the defensive arm of the UK’s signal intelligence agency GCHQ, said while the UK was not attributing responsibility for the recent cyber incidents in Ukraine, it was “urgently investigating” them. It had not as yet identified any active, Ukraine-related threats against British organisations.
It pointed to the NotPetya virus attack in 2017 that is estimated to have cost companies across the world over $1.2bn. The UK has blamed that attack on Russia.
The British warning mirrors a similar one from the US Cybersecurity and Infrastructure Security Agency and the FBI this month of possible cyber attacks emanating from Russia on critical infrastructure.
Canada’s foreign affairs department suffered a hack on January 19, the same day that country’s top cyber agency warned of potential Russian attacks.
Analysts said Russian cyber attacks could be aimed at raising the political costs for the US and Nato allies responding to a potential invasion of Ukraine, where 106,000 Russian troops have massed on the border.
Steve Barclay, the UK cabinet office minister, warned this week that Britain’s public services risked being shut down by hostile cyber threats. The UK has taken a robust approach to the Russian troop build-up close to Ukraine’s border.
Prime minister Boris Johnson warned of Russian plans for a “lightning war”, while over the weekend the UK said it had evidence that Russia’s president Vladimir Putin was seeking to install a puppet regime in Kyiv.
The UK has sent 30 specialist troops to Ukraine to train the country’s armed forces in the use of 2,000 short-range anti-tank missiles supplied by Britain.
Moscow has repeatedly denied that it plans to invade and senior Russian officials have blamed the west for escalating tensions by deploying forces and publishing “fake” claims of Russian regime change plots in Ukraine.
To protect themselves from the risk of Ukraine-related cyber attacks, the NCSC recommended that business and large organisations patched their systems, checked data backups and practice good “cyber hygiene”.