UK NCSC warns of new class of Russian cyber adversary threatening critical infrastructure

The UK National Cyber Security Centre (NCSC) has issued an alert to critical national infrastructure (CNI) organisations warning of an emerging threat from state-aligned groups, particularly those sympathetic to Russia’s invasion of Ukraine. The alert states that newly emerged groups could launch “destructive and disruptive attacks” with less predictable consequences than those of traditional cybercriminals, with CNI organisations strongly encouraged to follow NCSC advice on steps to take when cyber threat is heightened.

The alert was issued on the first day of the NCSC’s CYBERUK conference in Belfast, where experts have gathered to consider topics under the theme of securing an open and resilient digital future. It also comes in the same week as new research that revealed the cost-of -living crisis could trigger a surge in cyberattacks and security issues impacting the UK’s CNI sector.

New class of Russian cyber adversary ideologically, rather than financially motivated

Over the past 18 months, a new class of Russian cyber adversary has emerged, the NCSC wrote. These state-aligned groups are often sympathetic to Russia’s invasion and are ideologically, rather than financially, motivated. “Although these groups can align to Russia’s perceived interests, they are often not subject to formal state control, and so their actions are less constrained and their targeting broader than traditional cybercrime actors. This makes them less predictable,” the NCSC said.

While activity of these groups often focuses on DDoS attacks, website defacements, or the spread of misinformation, some have stated a desire to achieve a more disruptive and destructive impact against western CNI, including in the UK, according to the NCSC. “We expect these groups to look for opportunities to create such an impact, particularly if systems are poorly protected.” The threat actors may also become more effective over time, so businesses must act now to manage the risk against successful future attacks, the NCSC said.

CNI organisations urged to take sensible, proportionate steps to protect themselves

“It has become clear that certain state-aligned groups have the intent to cause damage to CNI organisations, and it is important that the sector is aware of this,” said Dr. Marsha Quallo-Wright, NCSC deputy director for CNI. “In the wake of this emerging threat, our message to CNI sectors is to take sensible, proportionate steps now to protect themselves.

The NCSC recommends that organisations implement  measures described in actions to take when the cyberthreat is heightened, particularly the NCSC advice on secure system administration. Larger organisations could benefit from using the Cyber Assessment Framework (CAF) to help them identify areas for improvement.

As if the security risks posed to UK CNI aren’t already significant enough, a new report has revealed the potential CNI security implications of economic hardship including insider threats, social engineering attacks, and reduced cyber budgets. The Cyber Security in Critical National Infrastructure Organisations: 2023 report found that over a third (34%) of organisations across UK CNI anticipate a rise in cybercrime as a direct result of the current economic crisis, with almost two-thirds (65%) of respondents having seen some reduction or a significant reduction in their organisation’s cybersecurity budget this year.