In 2015, a cyber-attack aimed at the Ukrainian power grid took down power for some 230,000 people, for up to 6 hours. UK, EU and Ukrainian officials believed Russia to be behind the attack, while a US-based cyber intelligence firm called iSight Partners stated their belief that the cyber-attack was orchestrated by a Russian hacking group better known as Sandworm.
More recently, in January of 2022, some 70 Ukrainian government websites suffered cyber-attacks, not only removing access to their services but warning visitors to “prepare for the worst”. Again, this was believed to be a threat from Russia intimating that a more severe attack was imminent.
Only a month later, Russia has not only launched a military attack on Ukrainian soil, invading territories across the northern, eastern, and southern borders, but they have also launched a large-scale cyber-attack on several Ukrainian banks and governmental departments. Additionally, a new “wiper” attack was discovered, designed to destroy data on compromised machines. The Ukrainian government have described this attack as being “on a completely different level”.
Cyber-attacks of this scale often come in the form of distributed denial of service (DDOS) assaults, whereby a website is targeted with an onslaught of connection attempts in order to overload the system’s capacity. This can be thought of in a similar way to a ticketing website going down when too many people are trying to buy high-demand tickets. The specific function of a DDOS attack however is to prevent legitimate access and use of the site. This can be devastating for vital services which rely on rapid and easy access like essential health, government, utility, and telecommunication services.
Fortunately, a researcher informed the BBC that “Ukraine’s military and banking websites have seen a more rapid recovery, likely due to preparedness and increased capacity to implement mitigations”.
It appears then, that being prepared and pre-empting an attack is essential to minimising the damage in the event of an assault and preserving national security.
Should the UK be worried about Russian cyber-attacks?
With the continued Russian invasion of Ukraine, the UK is at an increased risk of being targeted due to its staunch support of Ukraine. Sir Tony Radakin, Chief of the Defence Staff Admiral, stated this week that the UK should be prepared for cyber-attacks from Russian-backed sources.
Specifically, fears that the NHS may be a choice target for cyber-criminals are worrying. Only last May, the Irish health service (HSE) was targeted by ransomware agents who managed to cause severe delays and outages which prevented essential patient care. The hackers identified in this assault, better known as Wizard Spider, are also believed to operate from Russia.
Alongside the NHS, it is believed that if Russian cyber-criminals turn their sights to the UK, then local government and businesses could make for excellent targets for the Kremlin – effectively immobilising regular day-to-day life and further destabilising the economy after an unprecedented global pandemic.
The National Cyber Security Centre (NCSC) has warned UK businesses of the danger that cyber-attacks pose in the wake of Russia’s invasion into Ukraine. Despite a growing trend of cyber-attacks internationally, many organisations and employees have little knowledge of how to stay safe online.
Many groups and organisations are worried that the hybridization of military and cyber-warfare will lead to devastating consequences. If a military force can wipe out the power, telecommunications, and online access in advance of a physical attack, all from the safety of a secure room thousands of miles away, then there is little defence.
The rate of cyber-attacks across the world is increasing yearly and has only been exacerbated by the global pandemic, however, most cyber-criminals launch their attacks to ransom money away from their victims. Cyber-warfare on the other hand may give increased incentive to attacking a target for the sake of causing as much damage as possible – rather than for the monetary benefit – as appears to be the case with the newly discovered wiper attack.
There is also the potential risk of countries like Russia and North Korea employing hacker groups as a ransomware-as-a-service platform. This would mean giving cyber-criminal groups the backing of the state, directing them at specific targets, and allowing the “freelance” cyber groups to reap the financial reward of a successful ransom attack, while also having the added bonus to destabilising national business and infrastructure.
In 2017, a virus known as WannaCry targeted the NHS, causing serious issues when secure information was encrypted and an attempt to ransom the data back was made by a criminal group, believed by the UK and US to be North Korean in origin. The cost of the attack was estimated to be around £92m.
Amyas Morse, the head of the National Audit Office had this to say:
“The WannaCry [cyber-attack] had potentially serious implications for the NHS and its ability to provide care to patients. It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice. There are more sophisticated cyber threats out there than WannaCry so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks.”
How to minimise the risk of being targeted by cyber-attacks
Jamie Mitchell, a member of the data breach team at CEL Solicitors offered some suggestions on how individuals and companies can stay safe online with the threat of an all-out Russian cyber-attack looming:
Be meticulous when receiving emails and online messages.
If you receive a message, either via text, email, or any other platform, treat it with suspicion. This is particularly important if the message is asking you to click a link, to download a file, or to give personal or banking details – even if it looks like the message is from somewhere you would usually trust, like your bank provider.
Cyber-criminals are smart and have ways of tailoring attacks to a specific person. They can even look up job titles and email addresses, often mimicking work colleagues and managers. Always be careful, and check with the person face-to-face or over the phone if in doubt.
What types of companies are most at risk?
While all companies should be wary and look at increasing their cyber security, there are some that may be more at risk.
Companies holding financial information such as banks and online stores should be particularly careful, as the information they’re holding could easily be manipulated and used to cause damage to the public and the economy.
Travel and utility companies may also be a choice target for cyber-criminals who are looking to cause serious damage and create a state of fear.
As previously mentioned, in our modern world where the vast quantity of our day-to-day life is facilitated by the internet and seamless communication, cyber-attacks (Russian-backed or otherwise) could potentially cause mass terror and have severe implications if used as a means of cyber-warfare.
Why are UK companies more at risk now?
Cyber-warfare is a useful tool not only to disrupt the economy and online capabilities of a country but also a means of sowing distrust and fear in a population. If people find that they can no longer trust supposedly secure institutions like their bank to keep their data and money safe, then they may be more prone to fear and panic.
Targeting essential services such as power, transport, telecommunication, and internet service providers and government agencies can have an immediate and highly detrimental effect on the flow of money, putting serious pressure on the economy.
Large-scale attacks also have serious implications for national security.