The UK’s National Cyber Security Center (NCSC) is warning of an increased risk of attacks by state-aligned Russian hacktivists, urging all organizations in the country to implement recommended security measures.
“Over the past 18 months, a new class of Russian cyber adversaries has emerged,” reads the The NCSC Alert. “These state-aligned groups are often supportive of invading Russia and are ideologically rather than financially motivated.”
Typically, these hacktivist groups focus their malicious cyber activity on performing DDoS (Distributed Denial of Service) attacks that cause service disruption to critical entities such as airports, parliamentAnd government sites.
However, the NCSC says these threat actors have expressed an intent to cause more damage if possible, and given the chance, they might turn to more harmful activities.
Therefore, the UK agency advises all organizations to implement some recommended actions to increase security and to pay particular attention to secure system administration.
The NCSC has published a dedicated guide containing a list of actions that organizations should take in the event of elevated cyber threats.
Key actions include patching the system, checking access control, operating defenses, logging and monitoring, reviewing backups, incident plans, and managing user access. third.
Large enterprises should consider taking additional advanced measures such as accelerating security improvements, reassessing risk tolerance, temporarily reducing system functionality, aggressively patching vulnerabilities, delaying system changes non-security related and preparing for extended hours of operation or scaling up incident response.
On secure system administration, the CNSC recommends following these principles both for internal staff and for all third-party providers with access to the administration interfaces:
- Secure all devices used to access system administration interfaces to prevent attackers from exploiting legitimate functionality.
- Ensure that only authorized users can access interfaces with elevated system privileges.
- Apply pragmatic risk management to system administration using multi-level administration, as some access levels are more problematic than others.
- Control administrator access based on who, where, when, why, and how they perform tasks. Grant least privilege and revoke access when not needed.
- Record/log all admin actions and audit them to ensure only legitimate and approved actions are performed.
Although the NCSC considers it unlikely that pro-Russian hacktivist groups will be able to cause real damage to valuable corporate or government networks, this may change over time.
“Without outside assistance, we consider it unlikely that these groups will have the ability to deliberately cause destructive rather than disruptive impact in the short term,” the NCSC warning concludes.
“But they can become more effective over time, and so the NCSC recommends that organizations act now to manage the risk against future successful attacks.”