Blog by Duwayne Lake, Operations Director of Veco™
Following Russia’s unprovoked, premeditated attack on Ukraine, the National Cyber Security Centre (NCSC) has called on organisations in the UK to bolster their online defences.
GCHQ is concerned about ‘spillover’ from any heightened Russian cyber-activity in Ukraine, as demonstrated by last week’s attack on two banks by hackers linked to the GRU spy agency.
Although there have been no Ukraine-related Russian attacks on the UK since the start of the crisis, cyber-specialists have been holding meetings with key companies to discuss the possible threat and how it could be tackled.
While the NCSC is not aware of any current specific threats to UK organisations in relation to events in and around Ukraine, there has been a historical pattern of cyber attacks against Ukraine with international consequences. HermeticWiper, a wiper malware used against Ukrainian organisations, also has the potential to impact organisations outside of Ukraine. Wiper malware can erase data from the hard drive of an infected computer.
Agents need to be extra vigilant at this time and ensure they have educated their staff on the risks and have implemented the measures that will boost their protection. Moving to heightened alert can help agents prioritise necessary cyber security work, offer a temporary boost to defences and give agents the best chance of preventing a cyber attack when it may be more likely, and recovering quickly if it happens.
Below are some ways in which agents can increase their protection from cybercrime:
Verify Access Controls & Updates
Always use strong passwords for everything, including PC access & email accounts and always use two factor authentication (2FA/MFA) where possible. Any mobiles that contain work related data should have passcodes/pattern locks or biometric locks enabled. Keep all software and operating systems, firmware and firewalls up to date.
Check Your Internet Footprint
Check that records of your external internet-facing footprint are correct and up to date. This includes the IP addresses your systems use on the internet, or which domain names belong to your organisation. Ensure that domain registration data is held securely and that any DNS entries are expected.
Perform an external vulnerability scan where possible on your whole internet footprint and check that everything you need to patch has been patched. Internet-connected services with unpatched security vulnerabilities are an unmanageable risk.
Third Party Access
If giving suppliers access to your servers, ensure the connections are secure. As a minimum, don't leave any access wide open to the public internet and use methods such as restricting access by IP address, but preferably using more secure connection methods such as VPN’s.
Ensure you understand the security practices of your third parties.
Phishing Response
Educate staff to be aware of and alert to ‘phishing’ emails. They often come from a known contact where their email account has been breached and accessed by hackers and scammers, who will send an online link to a document asking you to enter your email address and password to ‘login’, but is in reality just sending these details onto the hackers.
Public Email Addresses
Try and avoid making company email addresses publicly available, particularly individual and senior staff email addresses. Hackers will find these on your website or other publicly available site, spoof the email addresses and then make fraudulent payment requests to internal staff members.
If you have any concerns about your IT security and would like a no obligation consultancy session with one of our cyber security experts, please call 01372 389 250 or email: Contact@EvolutionIT.uk