UK security centre urges companies to boost their defences after cyberattacks on Ukraine

Incidents in Ukraine look similar to NotPetya and other hostile cyber activity by Russia, warns NCSC.
Written by Danny Palmer, Senior Writer

Organisations are being urged to take action in order to bolster their cybersecurity resilience as a result of the ongoing tensions between Russia and Ukraine.

The National Cyber Security Centre (NCSC) has issued the warning after recent cyber incidents against Ukraine and tensions in the region. 

While the attacks haven't officially been attributed to anyone, the NCSC notes that they follow similar patterns to previous incidents, some of which the UK, the US and others have blamed on the Russian government.

SEE: A winning strategy for cybersecurity (ZDNet special report)

These include cyberattacks against Georgia, as well as the NotPetya cyberattack. NotPetya was designed to target organisations in the Ukrainian financial, energy and government sectors, but the self-replicating nature of the attack meant it affected organisations around the world, causing an estimated billions of dollars in damages.

NotPetya was powered by EternalBlue, an offensive NSA hacking tool that was leaked in early 2017. By the time of the NotPetya attack in June that year, a security patch had been available for months, but many organisations had yet to apply it.

That's despite a demonstration of how large numbers of unpatched systems were vulnerable to EternalBlue-based attacks – that demo took place when North Korea launched WannaCry ransomware in May 2017, disrupting networks of organisations around the world.

Regularly patching software and operating systems is, therefore, one of the actions that organisations are being urged to implement to help protect networks from cyberattacks.

Other steps organisations are urged to take include enabling multi-factor authentication, ensuring an incident response plan is in place, and testing backups and other online defences regularly to ensure they're working as expected.

It's also recommended that organisations keep up to date with the latest threat and mitigation information, so they're aware of what potential cyber incidents could be on the horizon.

"While we are unaware of any specific cyber threats to UK organisations in relation to events in Ukraine, we are monitoring the situation closely and it is vital that organisations follow the guidance to ensure they are resilient," said Paul Chichester, director of operations at NCSC.

"Over several years, we have observed a pattern of malicious Russian behaviour in cyberspace. Last week's incidents in Ukraine bear the hallmarks of similar Russian activity we have observed before," he added.

The guidance also advises any organisations that fall victim to a cyberattack to report the event to the NCSC's incident management team.  


Editorial standards