Is the UK at risk of Russian cyberattacks over Ukraine support?

Foreign Secretary Liz Truss departs No. 10 Downing Street

Foreign Secretary Liz Truss has accused the Kremlin of ‘wholly unprovoked’ aggression

(Image credit: Rob Pinney/Getty Images)

published 28 January 2022

Organisations and large businesses across the UK are being urged to boost their defences against potential cyberattacks linked to tensions between Russia and Ukraine.

What does Vladimir Putin want from Ukraine? How will sanctions affect ‘fortress’ Russia? How far is the UK willing to go to protect Ukraine?

The warning from the National Cyber Security Centre (NCSC) came after director of operations Paul Chichester said the agency had “observed a pattern of malicious Russian behaviour in cyberspace”.

As 100,000 Russian troops mobilised near its border, Ukraine was hit by a “massive” cyberattack two weeks ago that “knocked out” the websites of several government departments including the ministries of foreign affairs and education, The Guardian reported.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE

https://cdn.mos.cms.futurecdn.net/flexiimages/jacafc5zvs1692883516.jpg

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Malignant force

Following the Ukraine cyberattack, officials pointed to a “long record” of Russian-linked online assaults against the country. The latest major strike came at the end of a week of security talks between Moscow and the US and its Western allies that “ended in stalemate”, said The Guardian.

The hackers reportedly left a message on the Foreign Ministry website that said: “Ukrainians! … All information about you has become public. Be afraid and expect worse. It’s your past, present and future.”

The message was accompanied by an image showing “the Ukrainian flag and map crossed out”, the newspaper added, and “mentioned the Ukrainian Insurgent Army, or UPA, which fought against the Soviet Union during the Second World War”.

Foreign Ministry spokesperson Oleg Nikolenko said that “the cyber-police” had “opened an investigation” into the online attack.

Fears are growing that the UK and other countries lending support to Ukraine in the ongoing border stand-off may also be targeted by hackers.

The US Department of Homeland Security “is warning that Russia could conduct a cyberattack against the United States if it feels threatened by further actions the US takes in response to a possible Russian invasion of Ukraine”, CBS News reported this week.

In an intelligence and analysis bulletin seen by the broadcaster that was sent to law enforcement partners nationwide, the department said that Moscow might launch cyberattacks if “a US or Nato response to a possible Russian invasion of Ukraine threatened its long-term national security”.

“Russia maintains a range of offensive cyber tools that it could employ against US networks – from low-level denials of service to destructive attacks targeting critical infrastructure,” the bulletin continued.

The London-based National Cyber Security Centre, the defensive arm of the UK’s GCHQ intelligence agency, “said while the UK was not attributing responsibility for the recent cyber incidents in Ukraine, it was ‘urgently investigating’ them”, the Financial Times (FT) reported.

Operations director Chichester said it was “vital that organisations follow [cyber security] guidance to ensure they are resilient”. The “incidents in Ukraine bear the hallmarks of similar Russian activity we have observed before”, he added.

Vulnerable state

The updated guidance from the UK’s security experts advises large organisations and firms to “include patching systems, improve access controls and enable multifactor authentication” in their digital systems in order to reduce their cyberattack risk, The Independent reported.

Companies should also implement “an effective incident response plan, check that back-ups and restore mechanisms are working, ensure that online defences are working, and keep up to date with the latest threat and mitigation information”, the guidance said.

National Cyber Security Centre chief Lindy Cameron told a cyber conference last October that criminals based in Russia and neighbouring nations were responsible for most of the “devastating” ransomware attacks – when hackers block access to data and then demand payment to restore it – that had been waged against the UK.

“Hackney Borough Council was hit by one attack which led to significant disruption to services and IT systems going down for months,” the BBC reported. Ireland’s Health Service Executive “also suffered a significant attack”.

Attacks have ramped up in the US too, with a strike on the Colonial Pipeline company last year triggering “fuel shortages on the east coast”, the broadcaster added.

And Canada’s Foreign Affairs Ministry was hacked earlier this month, on “the same day that country’s top cyber agency warned of potential Russian attacks”, the FT reported.

The recent increase in cyber hostilities across the globe is “a sign of how a conflict in one part of the world can impact anyone, anywhere, because cyber weapons do not respect geographical boundaries”, said Sky News security and defence editor Deborah Haynes.

Such cyberattacks seem likely to become more common, “as a form of attack that can take place in a grey zone under the threshold of war or as part of a physical, military invasion”, she added.

Explore More