Attacks and Vulnerabilities
CISA
Critical infrastructure
News

UK NCSC also flags Russian state-sponsored cyber threats targeting critical infrastructure

January 14, 2022
UK NCSC also flags Russian state-sponsored cyber threats targeting critical infrastructure

The U.K.’s National Cyber Security Centre (NCSC) added on Thursday its support to new advice from international partners on countering Russian state-sponsored cyber threats targeting critical infrastructure. The agency added its support to the stand taken by its U.S. counterparts earlier in the week warning of Russian state interference in critical infrastructure systems, including telecoms networks, energy and utility suppliers, transport operations, and logistics and distribution specialists.

The U.K. advisory provides an overview of Russian state-sponsored cyber operations, including commonly observed tactics, techniques, and procedures (TTPs), detection actions, incident response guidance, and mitigations. It called upon critical infrastructure organizations to take immediate actions to strengthen their cyber security posture by patching all systems and prioritizing patching known exploited vulnerabilities. It also advised these organizations to implement multi-factor authentication (MFA) and deploy antivirus software.

The NCSC recommends “that organisations follow the advice set out within the advisory, which also lists 13 vulnerabilities known to have been exploited by Russian-backed actors in order to gain access to networks, and warns that actors have also used spear phishing and brute force techniques successfully,” it added.

Commenting on the U.K. agency’s move, Ron Brash, vice president of technical research and integrations at aDolus said that coordinated messaging from different agencies in different countries is definitely needed. 

“Companies operating critical systems like the power grid are facing a common threat regardless of the country where their HQ is located,” Brash told Industrial Cyber. “Many large infrastructures span multiple countries and following different security guidance for the different parts of the system is a recipe for disaster. So I commend NCSC for working together with CISA on this advisory,” he added.

Regarding NCSC’s notice, “I appreciate their approach to accessible and consumable cybersecurity advice, but they could have expanded their announcement beyond basic blanket statements like ‘Patch all systems’ or ‘Use antivirus software,’ he pointed out. 

The advisory itself needs more specific advice on security measures that end-users can take, according to Brash. “For example, ensure remote access technologies and VPNs are patched, users/credentials securely provisioned and monitored, limit inbound and outbound connections through edge firewalls and internal firewalls, and validate hardware and software inventories, including 3rd-party components,” he added. 

The current security state of complex infrastructure systems is, unfortunately, one of the massive opportunities for attackers, Sam Jones, vice president of product management at Stellar Cyber, wrote in an emailed statement. “The attack surface of these systems is so large, and oftentimes very outdated, that it is incredibly difficult to defend everything. This is why mentally assuming a breach is so important and focusing on defending only what matters most is the only realistic approach to staying secure,” Jones added.

“We don’t have a cyber problem. In this case, we have a Russia problem, and the worldwide, private industry continues to suffer because of it,” Bryson Bort, founder and CEO at SCYTHE, wrote in an emailed statement. “As with all persistent adversaries, they will get in.” 

Companies should assume they are a target, Bort said. “As part of that, they should use an assumed breach mindset, that they’ve already been compromised. After mitigating the specific vulnerabilities mentioned by these agencies, they should focus their limited time and resources to get the highest return on investment for their security programs which is why yesterday was the best time to implement MFA,” he added.

Security agencies from the U.S. and the U.K. came together in July last year to disclose malicious cyber activities by Russian military intelligence against the U.S. and global organizations, starting from mid-2019 and are likely ongoing. The advisory from the security agencies identifies TTPs used in the campaign that has targeted both private and public sector networks, such as government and military, defense contractors, energy companies, higher education, logistics, law firms, media, political consultants, or political parties and think tanks. 

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

MITRE plans to enhance cybersecurity in 2024 with ICS sub-techniques and multi-domain integration
MITRE plans to enhance cybersecurity in 2024 with ICS sub-techniques and multi-domain integration
New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats
New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats
CISA, FBI, Europol, and NCSC-NL issue joint cybersecurity advisory on Akira ransomware threats
CISA, FBI, Europol, and NCSC-NL issue joint cybersecurity advisory on Akira ransomware threats
Mandiant exposes APT44, Russia's Sandworm cyber sabotage unit, targeting global critical infrastructure
Mandiant exposes APT44, Russia’s Sandworm cyber sabotage unit, targeting global critical infrastructure
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Armis
Armis acquires Silk Security for $150 million to enhance AI-driven cybersecurity capabilities
Nozomi discovers five vulnerabilities in AMI MegaRAC SP-X BMC, exposing OT, IOT devices to RCE attacks
Nozomi secures US$1.25 million US Air Force contract to boost DoD critical infrastructure security
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
House Energy and Commerce Committee members seek answers from UnitedHealth on Change healthcare cyberattack
House Energy and Commerce Committee members seek answers from UnitedHealth on Change healthcare cyberattack
CISA announces Cyber Storm IX cybersecurity exercise to strengthen national cyber readiness
CISA announces Cyber Storm IX cybersecurity exercise to strengthen national cyber readiness