The National Cyber Security Centre (NCSC) has warned UK organizations to prepare for Russian cyber-attacks amid ongoing geopolitical tensions in Ukraine.

The new guidance follows numerous malicious cyber-incidents in Ukraine in the past month, which the NCSC said corresponds with past Russian behavior. These include more than a dozen Ukrainian government websites getting taken offline in a cyber-attack, while a major malware wiper campaign targeting government, IT and non-profit organizations across the country was recently detected by Microsoft.

The agency noted that such incidents resemble high-profile attacks like NotPetya in 2017 and cyber-attacks against Georgia in 2019, which the UK government attributes to the Russian government.

While no specific threats to the UK have currently been identified, the UK government’s support for Ukraine in the crisis is likely to make it a target of Russian threat actors.

The dispute revolves around Russian concerns that Ukraine will join NATO, and it has built up a substantial force on the border, leading to fears of invasion.

To prepare for potential attacks, the NCSC has urged UK organizations to take action to secure their systems. These include patching systems, enabling multi-factor authentication, implementing an effective incident response plan and checking that backups and restore mechanisms are working. This guidance is primarily aimed at larger organizations. The NCSC has also advised any organization that has fallen victim to a cyber-attack to report the incident to the NCSC’s 24/7 Incident Management team.

Paul Chichester, NCSC director of operations, commented: “The NCSC is committed to raising awareness of evolving cyber-threats and presenting actionable steps to mitigate them. While we are unaware of any specific cyber threats to UK organizations in relation to events in Ukraine, we are monitoring the situation closely and it is vital that organizations follow the guidance to ensure they are resilient.

“Over several years, we have observed a pattern of malicious Russian behavior in cyberspace. Last week’s incidents in Ukraine bear the hallmarks of similar Russian activity we have observed before.”

Commenting on the guidance, David Carroll, MD of Nominet Cyber, said: “Organizations should take heed of the NCSC’s warning today and prioritize its recommendations to increase their cyber-resilience in the wake of worsening relations with Russia. This guidance is in line with the cybersecurity reality that has emerged over the past decade, where geopolitical activity and real-world warfare are increasingly mirrored in the cyber sphere.

“Experience has taught us that government, public sector and private sector organizations can become targets for malicious activity from hostile states and the UK government is right to take a proactive approach to protection. Organizations should prioritize identifying and patching vulnerabilities in their software, which have traditionally been a vector for large-scale attacks in the past, and be actively monitoring for breaches or potentially suspicious activity.”