The National Cyber Security Centre (NCSC) have issued a warning for all UK organisations to bolster their Information Security systems and incident response plans due to ongoing tensions between Ukraine and Russia.
Similar tensions back in 2017 resulted in the release of a particularly dangerous type of Ransomware known as NotPetya. The NCSC have since linked the development of NotPetya to the Russian military, as a way to target government infrastructure in Ukraine. However, the malware was designed to spread as quickly as possible and as a result impacted thousands of organisations around the world.
We are taking this threat extremely seriously. Here are some tips on how you can help:
Phishing is far from a new issue; however, it remains as by far the most common point of entry for major Cyber-attacks.
Tip: Look out for our External Email Warning banner. A common attack type is to impersonate the internal IT Service desk, or other staff/students within the institution. If you see this banner, the email did not originate from a University of Aberdeen account:
External email warning:
Read our full guidance on phishing.
How Ransomware Works
The attacker will gain initial access to a network by using password attack techniques or, more commonly, by stealing network credentials via phishing emails.
Once a foothold has been established, the attacker can deploy malware onto the network which can gather information, and eventually escalate access to administrator levels. Once this is achieved, the Ransomware is deployed and will look to encrypt large volumes of data on the network. Once achieved, the attackers then contact the victim and demand a ransom payment for the decryption key to enable access to the data. Attackers also threaten to release sensitive information if the ransom is refused, meaning even if data can be restored from backup, it is not a fully robust defence.
These kinds of attacks can cause enormous financial and reputational damage to affected institutions in incident management and investigation, even without considering the ransom itself.
Organised cyber criminals have also been reported to be using password spray attacks. This is like a brute force attack where an attacker will repeatedly attempt to log in to an account using common passwords.
The spray attack varies in that it will try to log in to many accounts sequentially using the same common password, and then circle back to the start and try the next password on all accounts.
- The best defence against Password spraying is to ensure you are following good password hygiene. Read our previous article on password security.
- Also, make sure your password is not on this list of the most hacked passwords.
You can read more on this on the NCSC website:
- NCSC article: UK organisations encouraged to take action in response to current situation in and around Ukraine
- NCSC article: Russian military ‘almost certainly’ responsible for destructive 2017 cyber attack
Further guidance and help
Find out more about Cyber Security on our Toolkit resource.
Author: IT Security Team