Heightened cyber threat
Since mid-January 2022, the National Cyber Security Centre (NCSC) has publicly declared that the UK faces a heightened cyber threat from Russia due to increased geopolitical tensions caused by the Russian military build-up and invasion of Ukraine.
2tela believe the cyber threat to UK businesses is heightened but this is due to the increased activity of cyber criminals conducting ransomware and email fraud.
The threat of a direct Russian nation state attack against a UK SME is still far lower than the threat from cyber criminals.
Russian threat focused against CNI & intelligence collection
The increased threat detailed by the NCSC is assessed by 2tela to likely be of the Russian government conducting cyber-attacks against UK critical national infrastructure (CNI) and traditional espionage targets.
The Russian government has for many years used cyberespionage as an effective tool for collecting intelligence against targets, such as prominent politicians & governments, western defence contractors & NATO militaries.
Alongside these covert methods, the Russian intelligence services have also developed destructive cyber tradecraft; techniques designed to actively degrade, disrupt or destroy an adversaries’ CNI.
For example, the cyber attack against the Ukrainian power system in December 2016 which led to power outages in parts of Kiev for over an hour. In April 2022, the UK Government publicly stated the Russian signals intelligence unit, FSB Centre 16, was responsible for multiple attacks over several years against UK, US and European CNI targets.
Whilst we do not have insight into Russian intelligence operations, there are clear indications that Russia is putting significant resource into developing methods for destructive attacks against CNI targets.
2tela assess that in the current confrontation with NATO, there has likely been an increase in Russian cyber espionage and likely an increased effort by Russia to either target or put in place capabilities, to attack the UK’s CNI with destructive cyber-attacks.
Recent examples of possible Russian activity against NATO
In the lead-up to the Russian invasion of Ukraine, there were cyber & physical attacks that may have been committed by the Russian intelligence services against NATO countries, two such examples were:
- Cutting of Arctic undersea telecommunications cable – In January 2022, an undersea telecommunications cable off the coast of the Arctic Norwegian settlement of Svalbard was damaged by unidentified ‘human activity‘. Whilst there has been no public attribution of this activity, Russia has for many years had a maritime special forces unit called GUGI that operates deep diving submersibles which are suspected of being involved in tapping and tampering with undersea cables. Its possible this attack was a demonstration of Russia’s capability to interrupt telecommunications of a NATO power.
- Cyber attacks against Canadian & UK Foreign offices – In January 2022, Canada’s Department of Global Affairs lost access to some online services after a cyber-attack and a Canadian government research institute was also targeted. The same month, information came to light of a cyber attack against the UK Foreign, Commonwealth & Development Office. Whilst there has been no official attribution, it’s a possibility both were performed by Russian intelligence cyber operatives with the intention of collecting information to help the Kremlin and/or to disrupt efforts to call-out the forthcoming invasion.
The so-what for UK businesses
2tela believe UK businesses continue to face a heightened threat, but most of this is due to cyber criminals attempting to defraud organisations and launch ransomware attacks.
Some of the increased cyber threat outlined by the NCSC is against UK CNI organisations and installations. Any cyber attack against UK CNI could affect businesses; either through the disruption of key services such as electricity and water supplies, or through businesses being caught up in the cyber-attack itself.
Either way, we recommend businesses have at least the foundations of cyber defence in place to help reduce the risk from the heightened threat, as explained here – contact 2tela to find out how.