Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Experts warn of potential surge in Russian cyber attacks on UK organisations

Analysts and officials expecting retaliations from Kremlin-linked cyber groups after imposition of sanctions

Samuel Lovett
Senior News Correspondent
Wednesday 23 February 2022 18:09 GMT
Comments
Analysts have already detected a rise in cyber attacks against Ukrainian targets since the beginning of 2022
Analysts have already detected a rise in cyber attacks against Ukrainian targets since the beginning of 2022 (Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Warnings have been raised over a potential surge in Russian cyber attacks against British organisations as the crisis in Ukraine escalates.

Analysts and officials are expecting retaliation from Kremlin-linked cyber groups after sanctions were imposed by Boris Johnson and the government announced plans to send extra military support to Ukraine.

The National Cyber Security Centre has already urged British organisations to “bolster their online defences” amid a deterioration in relations between Russia and the West.

This follows several high-profile cyber operations that have been launched against Ukraine by suspected Russian forces since the beginning of 2022. On Wednesday, multiple Ukrainian government and banking websites were knocked offline in the latest wave of attacks linked to Russia’s military intelligence agency.

It’s now feared the same tactics, in which Ukrainian websites have been defaced or breached by destructive malware, could also be deployed against UK servers if the current crisis further deepens in the weeks to come.

Stefano De Blasi, an analyst at Digital Shadows, which specialises in digital risk protection, said it was “realistically possible that Russia will eventually retaliate against the sanctions recently imposed on them with targeted cyber operations”.

He said distributed denial of service (DDoS) attacks - an attempt to hinder the running of a server or network by overwhelming it with a flood of internet traffic - could be launched against Western organisations, alongside the dissemination of destructive malware.

Digital Shadows, along with other cyber surveillance and protection companies, have detected a rise in attacks against Ukrainian targets in recent weeks.

This include defacement attacks, espionage campaigns, wiper malware deployments, disinformation campaigns, and DDoS operations, Mr De Blasi said.

“Although some of these attacks haven’t been attributed to the Russian Federation, overlapping motivations and goals likely indicate a common origin,” he said.

“These attacks showcase the breadth of offensive operations that the Russian Federation maintains in its toolkit, and it suggests the potential for future attacks targeting Ukraine and its allies if the situation was to escalate.”

On Tuesday, first minister Nicola Sturgeon also warned that the international community must be “vigilant” to retaliatory cyber attacks engineered by the Kremlin and its allies.

“I think that is something that we have to be very vigilant about,” she said. “The discussions I’ve mentioned already about domestic impacts, cyber security is one of those.

“We know, even before the current situation in Ukraine, that Russia was very active around cyber activity.”

Russian state-associated threat groups have consistently used destructive cyber-attacks during military conflicts in the past, Digital Shadows said.

This hybrid warfare approach has become a staple of Russian military doctrine and has been observed during its 2008 conflict with Georgia in Abkhazia and South Ossetia, and against Ukraine since 2014.

In an attempt to combat the spread of Russian disinformation and propaganda, the culture secretary has told Ofcom to review the operation of the Kremlin-backed Russia Today (RT) news channel in the UK.

Writing to the regulator, Nadine Dorries said RT was “demonstrably part of Russia’s global disinformation campaign”.

Labour leader Sir Keir Starmer said RT was president Vladimir Putin’s “personal propaganda tool” and argued there is “no reason why it should be allowed to continue to broadcast in this country.”

Currently, the NCSC said it was not aware of any specific cyber threats to UK organisations in relation to events in and around Ukraine, while Digital Shadows said “given the tense situation in Ukraine, Moscow is likely to focus on the conflict and on establishing financial and political frameworks to lessen the impact of Western sanctions,” rather than pursuing cyber operations.

However, John Hultquist, a vice-president of intelligence analysis at Mandiant, a cyber security consultancy, said there was likely to be an increase in “more aggressive information operations and disruptive cyber attacks within and outside of Ukraine” as the crisis continues.

“Russia’s military intelligence service is the most aggressive of its peers when it comes to cyberattacks and other activity in the sphere,” he added. “We have seen them carry out DDoS attacks on several occasions which they use to harass and undermine institutions.

“It’s also important not to misjudge the purpose of these attacks – the disruption they cause is designed to intimidate and undermine and is not an end in itself. Furthermore, they may be timed or accompanied by other elements to magnify their psychological impact.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in