As the situation in Ukraine continues to deteriorate, the National Cyber Security Centre (NCSC) has released an advisory that all UK businesses should prepare themselves for the possibility of cyber-attacks and bolster their cyber resilience positions. Although the NCSC has not specified that any attack against the UK is imminent, they believe that the risk is heightened due to the UK’s support of the Ukraine.
There have been numerous media reports of cyber-attacks affecting Ukraine in multiple sectors since hostilities have escalated between them and Russia. However, cyber-attacks do not have confined boundaries and have been known to affect nations outside of the intended target’s geography.
In 2017, Ukraine was victim to a highly destructive cyber-attack called NotPetya. NotPetya is a very indiscriminate piece of ransomware – a form of malicious software that locks access to computer services in return for a ransom payable in cryptocurrency.
The indiscriminate nature of NotPetya meant that systems in Ukraine that connected with other systems elsewhere in the world were also infected. However, the ransomware was never designed to actually provide victims with the key to unlock their systems even if they paid. What was also unique about NotPetya was that it was designed to bypass all normal controls and spread through trusted connections rather than widely over the internet.
NotPetya was therefore designed to simply be as destructive as possible rather than generate a profit for Russia – whose military were identified by the NCSC as being responsible for the attack.
The global shipping company Maersk was one of the highest profile victims of the NotPetya attack. Whilst based in Copenhagen, NotPetya quickly spread to all of its corporate offices across the world locking their systems irretrievably. The malware spread across the world affecting some of the world’s largest companies such as pharmaceutical giant Merck, couriers TNT Express, construction company Saint-Globain and Reckitt Benckiser manufacturers.
NotPetya was not targeted at any particular sector and any imminent cyber-attack towards Ukraine is highly likely to mirror the same destructive traits.
The lessons learned from NotPetya are numerous, but the most significant is how it gained a foothold in the first place - through the supply chain. NotPetya gained access to computers by hacking a widely used piece of tax reporting software that connected with companies around the world. Supply chain cyber-attacks are numerous and highly likely to continue. With the current tensions in Ukraine, organisations in the UK should take steps to ensure that they are protected. Some recommendations include:
The global cost of NotPetya is estimated to be between $5 to $10 billion.
Please get in touch with your usual Forensic Services contact or Chris Hine if you would like to discuss this issue further.
‘Log4J’ vulnerability exposes thousands of organisations to risk of immediate cyber attack
The financial cost of fraud 2021
Cybercrime protection for SMEs