The United Kingdom’s NCSC (National Cyber Security Centre) is warning of a heightened risk from attacks by state-aligned Russian hacktivists, urging all organizations in the country to apply recommended security measures.
“Over the past 18 months, a new class of Russian cyber adversary has emerged,” reads the NCSC’s alert. “These state-aligned groups are often sympathetic to Russia’s invasion and are ideologically, rather than financially, motivated.”
Typically, those hacktivist groups focus their malicious cyber-activity on performing DDoS (distributed denial of service) attacks that cause service disruption on critical entities such as airports, parliament, and government sites.
However, NCSC says those threat actors have expressed their intention to cause more damage if possible, and if given the opportunity, they might pivot to more harmful activities.
Hence, the British agency advises all organizations to implement some recommended actions to increase security and pay particular attention to secure system administration.
Recommended actions
The NCSC has published a dedicated guide containing a list of actions organizations should take during elevated cyber threats.
Key actions include system patching, access control verification, functioning defenses, logging and monitoring, reviewing backups, incident plans, and managing third-party access.
Larger organizations should consider taking additional, advanced actions like accelerating security improvements, reassessing risk tolerance, temporarily reducing system functionality, aggressively patching vulnerabilities, delaying non-security system changes, and preparing for extended operational hours or incident response scaling.
On secure system administration, the NCSC recommends following these principles for both in-house staff and all third-party suppliers having access to administration interfaces:
- Secure all devices used to access system administration interfaces to prevent attackers from exploiting legitimate functionality.
- Ensure that only authorized users can access interfaces with high system privileges.
- Apply pragmatic risk management to system administration by using tiered administration, as some access levels pose greater harm than others.
- Control administrator access based on who, where, when, why, and how they perform tasks. Grant least privilege and revoke access when unnecessary.
- Record/log all administration actions and audit them to ensure only legitimate and approved actions are carried out.
While the NCSC considers it unlikely that pro-Russian hacktivist groups will be able to cause any real damage to valuable corporate or government networks, this may change over time.
“Without external assistance, we consider it unlikely that these groups have the capability to deliberately cause a destructive, rather than disruptive, impact in the short term,” concludes the NCSC warning.
“But they may become more effective over time, and so the NCSC is recommending that organisations act now to manage the risk against successful future attacks.”
