As the war in Ukraine continues, our thoughts are with those on the ground, fighting or fleeing the Russian invasion. But it’s not just a military offensive. Cyber-attacks and online disinformation are coming to the fore in this modern-day war. But what could be the impact of a cyber-attack in the U.K, and how are tech companies thwarting fake news globally?
Since Russia invaded Ukraine, governments across the globe have warned of the increased risk of cyber-attacks. Steve Sands, chair of the BCS Information Security specialist group, said: 'UK organisations and businesses, especially those with a critical national infrastructure role, are receiving regular threat updates from the National Cyber Security Centre, BCS, and their commercial managed security services providers.
'The common theme is to expect and prepare for cyber-attacks by reviewing security posture and ensuring controls are effective.'
The cyber-attacks in the UK, he believed, would be 'more likely' to affect goods and services organisations and their wider supply chains rather than those running our critical infrastructures.
He said: 'A successful and sustained attack against any one of the UK's critical national infrastructure sectors, such as chemicals; civil nuclear; communications; defence; the emergency services; energy; finance; food; government; health; space; transport and water could have a significant impact on day-to-day activities for much of the country.
'However, these are amongst the most protected sectors. More likely is a disruption to less-protected sectors, which could include many organisations and businesses involved in delivering goods and services, either directly or as part of a wider supply chain.'
Collateral damage
How robust are such corporates in the U.K. when it comes to cyber-attacks? Steve said: 'UK banks, transport and utilities are included under the government's Centre for the Protection of National Infrastructure, (CPNI), which recognises their critical nature.
'Corporate bodies outside CPNI and the Security of Network & Information Systems Regulations (NIS Regulations) are largely left to make their own decisions when determining risk tolerance and spending on cyber.
'It's highly likely that some of these will suffer following attacks. Such attacks may be targeted at specific sectors, or they may simply be collateral damage.'
Microsoft
Meanwhile, Microsoft is playing its part in fighting back during this unfolding virtual warfare. Whilst keen to emphasise that Microsoft is a company and not a government or a country, in a recent blog, Brad Smith, the company's President and Vice-Chair, said: 'In times like this, it's essential for us to work in consultation with those in government and, in this instance, our efforts have involved constant and close coordination with the Ukrainian government, as well as with the European Union, European nations, the US government, NATO and the United Nations.'
As Russia began to launch its military offensive last week, Microsoft's Threat Intelligence Centre received warnings of a new piece of "wiper" malware apparently aimed at the country's government ministries and financial institutions.
Microsoft's reaction was swift. Brad Smith's blog detailed how the company immediately advised the Ukrainian government on their identification of the use of a new malware package (which they called FoxBlade) and provided technical advice on how to prevent the malware's success.
In recent days, Microsoft said it has provided '..threat intelligence and defensive suggestions to Ukrainian officials regarding attacks on a range of targets, including Ukrainian military institutions and manufacturers and several other Ukrainian government agencies. This work is ongoing.'
The risk factor
But what are the chances of a global cyber-attack? Even one that accidentally spills out from the conflict in Ukraine. So far, Microsoft said it has it hasn't seen the 'use of the indiscriminate malware technology that spread across Ukraine's economy and beyond its borders in the 2017 NotPetya attack.'
Steve warns against complacency: 'President Putin has shown himself to be highly unpredictable, so a deliberate cyber-attack remains very possible. Probably more likely, in the shorter term, will be increasing cyber-attacks by Russian agencies and groups which are not under the direct control of the government, particularly as Russian propaganda against actions and responses from the west increase.'
Fake news
The war against disinformation is in full swing. Google has banned the YouTube channels of Russia Today and Sputnik in Europe. In a tweet, it announced its decision: 'Due to the ongoing war in Ukraine, we're blocking YouTube channels connected to R.T. and Sputnik across Europe, effective immediately.'
For you
Be part of something bigger, join BCS, The Chartered Institute for IT.
Facebook's parent company Meta has also restricted access to Russian state media outlets R.T. and Sputnik across the European Union. It's also taken down a network run by people in Russia and Ukraine aimed at Ukrainian citizens.
The group ran websites posing as independent news outlets and created fake personas across social media platforms, including Facebook, Instagram, Twitter, YouTube, Telegram, Russian Odnoklassniki and V.K.
Hackers
More widely, could cyber hackers such as Anonymous and Cyber Partisan inflict significant damage to the Russian state? It’s been reported that both, according to The Independent newspaper ‘have claimed responsibility for cyber-attacks on Russia's banks, state broadcaster R.T., and a Belarusian rail network reportedly used to move troops from Russia to Ukraine.’ Steve said: 'The Anonymous group has been in existence since around 2003, taking on governments, institutions and agencies where they feel they have a legitimate cause.
'It is thought to have a loose and decentralised structure which may not lend itself to the coordinated effort that may be required to mount a concerted attack or defence strategy.
'If focussed on particular targets, they are likely to cause some disruption and irritation.'
Over the weekend, the Ukrainian government asked for an IT army to fight against Russia's digital intrusions. The country's vice prime minister and minister of digital transformation, Mykhailo Fedorov, called for the country's hacker underground to conduct cyber spying missions against Russian troops to help protect critical infrastructure.
But is that a good idea, or just desperate measures in desperate times? Steve said: 'The protection of national infrastructure by Ukraine's hacker underground would need to be coordinated for it to be effective. Hacker groups do have well-established channels of communication, so it may depend on how well they can work together towards a common goal.
'Western intelligence agencies are unlikely to be willing to share with underground hacker groups, which may reduce their effectiveness.'
The UK's National Cyber Security Centre has issued guidelines with advice on how to increase resilience against cyber-attacks. But as we have seen with previous state-sponsored attacks from hostile nations, this is a very unpredictable area, and the threat could widen. Steve said: 'The highest threat currently comes from Russia and its partners. However, other nation-states, including China, North Korea & Iran, may also ramp up their cyber activity.'
Join the monthly BCS Policy Jam at midday on Tuesday 8 March 2022 where cyber security will be the topic of debate.
Guests: re: Lisa Forte, Partner at Red Goat Cyber Security LLP, Jen Ellis, VP Community and Public Affairs at Rapid7, Dr Alexi Drew, Senior Analyst and expert in cyberwarfare and disinformation at Rand Europe, Patrick Burgess, BCS ISSG Rep. and Co-Founder and Tech Director at Nutbourne Ltd, Dan Card, Head Cyber Jedi at PwnDefend.
