NCSC Warns UK Organizations to Prepare for Russian Cyber-Attacks

Read Time:2 Minute, 26 Second

NCSC Warns UK Organizations to Prepare for Russian Cyber-Attacks

The National Cyber Security Centre (NCSC) has warned UK organizations to prepare for Russian cyber-attacks amid ongoing geopolitical tensions in Ukraine.

The new guidance follows numerous malicious cyber-incidents in Ukraine in the past month, which the NCSC said corresponds with past Russian behavior. These include more than a dozen Ukrainian government websites getting taken offline in a cyber-attack, while a major malware wiper campaign targeting government, IT and non-profit organizations across the country was recently detected by Microsoft.

The agency noted that such incidents resemble high-profile attacks like NotPetya in 2017 and cyber-attacks against Georgia in 2019, which the UK government attributes to the Russian government.

While no specific threats to the UK have currently been identified, the UK government’s support for Ukraine in the crisis is likely to make it a target of Russian threat actors.

The dispute revolves around Russian concerns that Ukraine will join NATO, and it has built up a substantial force on the border, leading to fears of invasion.

To prepare for potential attacks, the NCSC has urged UK organizations to take action to secure their systems. These include patching systems, enabling multi-factor authentication, implementing an effective incident response plan and checking that backups and restore mechanisms are working. This guidance is primarily aimed at larger organizations. The NCSC has also advised any organization that has fallen victim to a cyber-attack to report the incident to the NCSC’s 24/7 Incident Management team.

Paul Chichester, NCSC director of operations, commented: “The NCSC is committed to raising awareness of evolving cyber-threats and presenting actionable steps to mitigate them. While we are unaware of any specific cyber threats to UK organizations in relation to events in Ukraine, we are monitoring the situation closely and it is vital that organizations follow the guidance to ensure they are resilient.

“Over several years, we have observed a pattern of malicious Russian behavior in cyberspace. Last week’s incidents in Ukraine bear the hallmarks of similar Russian activity we have observed before.”

Commenting on the guidance, David Carroll, MD of Nominet Cyber, said: “Organizations should take heed of the NCSC’s warning today and prioritize its recommendations to increase their cyber-resilience in the wake of worsening relations with Russia. This guidance is in line with the cybersecurity reality that has emerged over the past decade, where geopolitical activity and real-world warfare are increasingly mirrored in the cyber sphere.

“Experience has taught us that government, public sector and private sector organizations can become targets for malicious activity from hostile states and the UK government is right to take a proactive approach to protection. Organizations should prioritize identifying and patching vulnerabilities in their software, which have traditionally been a vector for large-scale attacks in the past, and be actively monitoring for breaches or potentially suspicious activity.”

Read More

Online Investment Fraud Network Taken Down by Law Enforcement

Read Time:1 Minute, 30 Second

Online Investment Fraud Network Taken Down by Law Enforcement

Bulgarian law enforcement has successfully taken down a network of online investment fraudsters responsible for losses of more than €10m.

The operation, supported by Europol and Eurojust, took place on January 26. This resulted in the arrest of one individual by the Bulgarian National Police on suspicion of defrauding mainly German and Greek investors out of at least €10m. In addition, 24 locations were searched, police officers interviewed 66 witnesses in Sofia and Burgas and a variety of electronic equipment, financial information and recordings were seized.

The scam was conducted by an organized crime group that set up bogus websites and call centers. Call operators speaking German, Greek, English and Spanish posed as financial consultants and contacted potential investors with promises of significant profits. This led to several hundred victims making substantial investments, which they lost entirely.

German and Greek investors who lost their investments notified law enforcement, leading to the investigation and subsequent action.

During the operation, two experts from Europol were on the ground to facilitate the information exchange and provide real-time operational analysis and technical expertise. The joint action was coordinated by Eurojust, who also provided cross-border judicial support.

Europol explained: “In 2019, Bulgarian authorities started investigations and Eurojust set up a joint investigation team (JIT) between Bulgaria, Germany, Greece, Serbia and Europol. Following five coordination meetings with Europol and Eurojust, the JIT members were able to identify the two fraudulent call centers in Bulgaria. The Bulgarian police, supported by the Serbian authorities, dismantled both call centers on the action day.”

Last November, Proofpoint warned consumers of a significant rise in call center threat activity, in which attackers use email alongside call center customer service agents to scam victims, sometimes out of tens of thousands of dollars.

Read More