How Russian hackers could aim to cripple Britain in cyber attacks


Millions of companies across Britain were today warned to prepare for a Russian cyber attack as the UK placed sanctions on three wealthy allies of Vladimir Putin and five banks in response to the ‘renewed invasion’ of Ukraine.

GCHQ’s National Cyber Security Centre (NCSC) urged UK organisations to ‘bolster their online defences’ and warned that there has been an ‘historical pattern of cyber attacks on Ukraine with international consequences’.

Ukrainian banking and government websites were last week briefly knocked offline by a spate of distributed denial of service (DDoS) attacks which the US and Britain said were carried out by Russian military hackers – something the Russians denied. This will prompt concerns that the same sort of attack could now be attempted in the UK.

Defence Secretary Ben Wallace also said the UK will launch retaliatory cyber attacks on Russia if it targets Britain’s computer networks, and that ‘offensive cyber capability’ was being developed from a base in North West England.

It comes after Home Secretary Priti Patel warned over the weekend that the UK Government expects to see ‘cyber attacks aimed at the West’, while NCSC chief executive Lindy Cameron told of a ‘heightened cyber threat’.

And in recent weeks the Financial Conduct Authority watchdog has written to the chief executives of UK banks warning them to brace for Russian-sponsored cyber attacks and to ensure their security systems are updated. 

But former NCSC chief executive Ciaran Martin has also urged calm, saying that there is no reason for people in Britain to be ‘cowering in bunkers over fear of cyber attacks’ – and planes would not start to ‘fall from the sky’. 

Meanwhile six European Union countries were today sending a team of cybersecurity experts to Ukraine to help deal with cyber threats, after Russia formally recognised two breakaway regions in eastern Ukraine. 

An NCSC spokesman said: ‘Following Russia’s further violation of Ukraine’s territorial integrity, the National Cyber Security Centre has called on organisations in the UK to bolster their online defences. The NCSC – which is a part of GCHQ – has urged organisations to follow its guidance on steps to take when the cyber threat is heightened.

Defence Secretary Ben Wallace (pictured at a meeting today of the defence ministers of the Joint Expeditionary Force nations at Belvoir Castle in Leicestershire) said the UK will launch retaliatory cyber attacks on Russia if it targets Britain's networks

Defence Secretary Ben Wallace (pictured at a meeting today of the defence ministers of the Joint Expeditionary Force nations at Belvoir Castle in Leicestershire) said the UK will launch retaliatory cyber attacks on Russia if it targets Britain’s networks

Prime Minister Boris Johnson

Russian President Vladimir Putin

Prime Minister Boris Johnson (left) returns to Downing Street in Westminster today after warning that Russian President Vladimir Putin (right, pictured at the Kremlin in Moscow yesterday) is bent on ‘a full-scale invasion of Ukraine’ 

GCHQ's National Cyber Security Centre (NCSC) urged UK organisations to 'bolster their online defences' in a statement today

GCHQ’s National Cyber Security Centre (NCSC) urged UK organisations to ‘bolster their online defences’ in a statement today

‘While the NCSC is not aware of any current specific threats to UK organisations in relation to events in and around Ukraine, there has been an historical pattern of cyber attacks on Ukraine with international consequences. The guidance encourages organisations to follow actionable steps that reduce the risk of falling victim to an attack.’

Lithuania, Netherlands, Poland, Estonia, Romania, Croatia are sending a team of experts set up to help other EU countries, institutions and partners to cope with cyber threats, in response to a request from Ukraine.

What is a DDoS attack and how does it work? 

DDoS stands for Distributed Denial of Service, which is a former of cyber attack. 

These attacks attempt to crash a website or online service by bombarding them with a torrent of superfluous requests at exactly the same time.

The surge of simple requests overload the servers, causing them to become overwhelmed and shut down.

In order to leverage the number of requests necessary to crash a popular website or online service, hackers will often resort to botnets – networks of computers brought under their control with malware.

Malware is distributed by tricking users into inadvertently downloading software, typically by tricking users into following a link in an email or agreeing to download a corrupted file.

Last week, Ukranian banking and government websites were briefly knocked offline by a spate of DDoS attacks which the US and Britain said were carried out by Russian military hackers. Russia rejected the allegations. 

Lithuania’s Deputy Defence Minister Margiris Abukevicius said: ‘Ukraine might need help to deal with particular incidents or support to test their infrastructure looking for security weakness.’

Yesterday, Ukrainian Foreign Minister Dmytro Kuleba said that Russia had been using hybrid tactics to ‘escalate the situation’.

‘We see disinformation campaigns, we see cyber attacks. We see open fakes distributed about Ukraine, and we see increased military activity,’ Mr Kuleba told reporters in Brussels.

Ukrainian cybersecurity bodies have warned of impending attacks, with a couple of major attacks on government websites recently observed.

Mr Kuleba called on the EU to take decisions that would ‘send clear messages to Russia that its escalation will not be tolerated and Ukraine will not be left on its own.’

‘This includes not only political messaging, political signals, but also some very specific acts like supporting the development of our defence sector, supporting Ukraine’s cybersecurity, imposing some of the sanctions,’ he added. 

Russian military hackers were behind a spate of distributed denial of service (DDoS) attacks that briefly knocked Ukrainian banking and government websites offline, the US and the UK both said last Friday.

But Russia has denied any role in the DDoS, which inflicted relatively limited disruption on Tuesday last week.

A Foreign, Commonwealth and Development Office spokesman said last Friday: ‘The UK government judges that the Russian Main Intelligence Directorate (GRU) were involved in this week’s distributed denial of service attacks against the financial sector in Ukraine. 

‘The attack showed a continued disregard for Ukrainian sovereignty. This activity is yet another example of Russia’s aggressive acts against Ukraine.

‘This disruptive behaviour is unacceptable – Russia must stop this activity and respect Ukrainian sovereignty. We are steadfast in our support for Ukraine in the face of Russian aggression.’ 

Russian artillery pieces are pictured in Rostov-on-Don, on the Russian side of the Ukrainian border, on Tuesday - as Vladimir Putin ordered his forces to advance on to Ukrainian territory

Russian armoured vehicles are pictured today in Rostov-on-Don on the Russian side of the Ukrainian border

US ambassador to the UN Linda Thomas-Greenfield leads international condemnation of Russia at an emergency session of the UN security council convened in New York yesterday after he recognised parts of eastern Ukraine as independent

US ambassador to the UN Linda Thomas-Greenfield leads international condemnation of Russia at an emergency session of the UN security council convened in New York yesterday after he recognised parts of eastern Ukraine as independent

Mr Wallace said this week that UK cyber experts are working with Ukraine to help to protect it from Russian activity. 

Guidance issued to UK businesses by National Cyber Security Centre

Here is a series of actions recommended by officials at GCHQ’s National Cyber Security Centre:

  • Check your system patching: Ensure your users’ desktops, laptops and mobile devices are all patched, including third party software such as browsers and office productivity suites. If possible, turn on automatic updates.
  • Verify access controls: Ask staff to ensure that their passwords are unique to your business systems and are not shared across other, non-business systems.
  • Ensure defences are working: Ensure antivirus software is installed and regularly confirm that it is active on all systems and that signatures are updating correctly.
  • Logging and monitoring: Understand what logging you have in place, where logs are stored and for how long logs are retained. Monitor key logs and at a minimum monitor antivirus logs. If possible, ensure that your logs are kept for at least one month.
  • Review your backups: Confirm that your backups are running correctly. Perform test restorations from your backups to ensure that the restoration process is understood and familiar.
  • Incident plan: Ensure that the incident response plan contains clarity on who has the authority to make key decisions, especially out of normal office hours.
  • Check your internet footprint: Check that records of your external internet-facing footprint are correct and up to date. This includes things like which IP addresses your systems use on the internet or which domain names belong to your organisation. 
  • Phishing response: Ensure that staff know how to report phishing emails. Ensure you have a process in place to deal with any reported phishing emails.
  • Third party access: If third party organisations have access to your IT networks or estate, make sure you have a comprehensive understanding of what level of privilege is extended into your systems, and to whom. 
  • NCSC services: Check your CiSP account works so you can access and share information about the threat with other organisations and see updates from the NCSC.
  • Brief your wider organisation: Ensure that other teams understand the situation and the heightened threat. Getting buy-in from the rest of the business is crucial in being able to complete the actions described here.

And Labour’s Hilary Benn, MP for Leeds Central, today asked Mr Wallace in the Commons about sanctions in relation to cyber attacks.

He said: ‘Can he tell the House what the Government’s response would be if the action taken by Russia say took the form of a no-fly zone over Ukraine or blockading of its ports or repeated and significant cyber attacks on Ukrainian institutions and Governments. In those circumstances would the Government respond with the full sanctions it’s obviously been discussing?’

Mr Wallace replied: ‘I think he is absolutely right. Many of these aggressive moves like a no-fly zone, in other words the threatening of the integrity of that sovereign state, a blockade to free trade would absolutely warrant a response ranging from sanctions and others.

‘I think we would look at it at the time, but absolutely I agree with him… Russia should be under no illusion that threatening the integrity of a sovereign nation whether that’s in the air or on the sea is exactly the same as threatening it on the land.’

Also in the Commons today, the Labour MP for Knowsley, Sir George Howarth, said: ‘For over a decade Russia has been mounting cyber attacks on our critical national infrastructure and commercial infrastructure. For over a decade and there were no consequences.

‘For over a decade Russia has been swirling dirty money around the City of London with no consequences.

‘In order for Vladimir Putin to understand that he has now gone too far, he needs to be certain that if sanctions and diplomatic means don’t succeed, then there will be consequences. Can the Prime Minister agree with me that those consequences need to be still on the table and Vladimir Putin needs to understand that they will be used?’

Prime Minister Boris Johnson replied: ‘We need to make it absolutely clear to Russia that as a result of this venture, this ill-conceived and disastrous venture in Ukraine, his country will end up, as I have said, poorer, more encircled by Nato, and engaged in a disastrous conflict with fellow Slavs – and a pariah state. 

‘That is what President Putin is willing on his people, a pariah state.’

And Liberal Democrat MP Jamie Stone told the Commons yesterday: ‘We should be clear; if Russia invades Ukraine, massive sanctions will rightly be placed on Russia, and if that happens, we can expect a salvo of cyber attacks on the United Kingdom.’ 

Urging calm over cyber attacks yesterday, Mr Martin told the i: ‘People are worried that a cyber attack could cause planes to fall from the sky, but to gain a covert presence and control of an air traffic control system without anybody noticing, through all its safety overrides and bring a plane crashing down would be incredibly hard and would take ages.

‘Secondly, any air traffic control system worthy of the name would have a plan to deal with the total collapse of the system – countries model this sort of thing all the time.’

He continued: ‘No one should be cowering in a banker over fear of a cyberattack, but the chances of accidental contamination or an even more permissive attitude to some pretty damaged Russian-based cyber crime are things we have to alert to.’

Defence Secretary Ben Wallace (pictured speaking, right) met fellow ministers in Leicestershire today to discuss Ukraine

Defence Secretary Ben Wallace (pictured speaking, right) meets fellow ministers in Leicestershire today to discuss Ukraine

Mr Johnson told the Commons the UK was ready to go 'further' on sanctions if the situation deteriorates even more

Boris Johnson told the Commons today that the UK is ready to go further on sanctions if the situation deteriorates even more 

Authorities in Vienna are also stepping up surveillance of potential cyber threats to Austrian government institutions. The country’s foreign ministry was targeted in a cyber attack two years ago that was traced to Russia. 

UK boosts support for Britons leaving Ukraine 

Britons leaving Ukraine after Russia sent troops into the east of the country are being given extra support, Foreign Secretary Liz Truss has announced.

Ms Truss urged British nationals to leave the country immediately by ‘commercial routes’. She tweeted: ‘The safety and security of British nationals in Ukraine is our top priority. All Brits should leave now via commercial routes while they are still available. We are bolstering our teams in the region to support British people as they leave and once they have crossed the border.’

The Prime Minister’s official spokesman said ‘rapid deployment teams’ are being sent to Poland, Moldova, Lithuania and Slovakia to provide consular support to British nationals who leave Ukraine.

Foreign Office travel advice warns: ‘In the event of a military incursion, it is likely that commercial routes out of Ukraine will be severely disrupted and roads across Ukraine could be closed.’

Wizz Air announced it will continue to operate flights connecting Luton Airport with Kiev and Lviv. It runs three return flights per week on both routes. 

Ryanair and Ukraine International Airlines also operate flights between the UK and Ukraine. Neither airline has announced any changes to those schedules.

A number of airlines in other countries have suspended flights to and from Ukraine. They include Air France, Germany’s Lufthansa, Dutch carrier KLM, and Scandinavian company SAS. Latvian airline airBaltic has halted its overnight flights to and from Ukraine.

Today, Mr Johnson said Britain is sanctioning three wealthy allies of Mr Putin and five Russian banks, as he announced a ‘first barrage’ of punitive measures in response to the ‘renewed invasion’ of Ukraine.

The Prime Minister warned today that Moscow sending troops into the Donbas region under the guise of being ‘peacekeepers’ appears to be the Kremlin ‘establishing the pretext for a full-scale offensive’, with nearly 200,000 troops amassed on Ukraine’s border.

Mr Johnson told the Commons that immediate sanctions are being deployed against three ‘very high net wealth individuals’ – Gennady Timchenko, Boris Rotenberg and Igor Rotenberg – whom he described as ‘cronies’ of the Russian president.

The sanctions, which include UK asset freezes, a travel ban and prohibition on British individuals and businesses dealing with them, were also tabled against Russian banks Rossiya, IS Bank, General Bank, Promsvyazbank and the Black Sea Bank.

‘This the first tranche, the first barrage, of what we are prepared to do, and we hold further sanctions at readiness to be deployed,’ Mr Johnson told MPs, before warning it is ‘inevitable’ he will return with a ‘much bigger package’.

The Prime Minister also applied pressure on European football governing body Uefa not to hold its Champions League final in St Petersburg in June, saying there should be ‘no chance of holding football tournaments in a Russia that invades sovereign countries’.

Mr Johnson added: ‘The House should be in no doubt that the deployment of these forces in sovereign Ukrainian territory amounts to a renewed invasion of that country.

‘And by denying Ukraine’s legitimacy as a state – and presenting its very existence as a mortal threat to Russia – Putin is establishing the pretext for a full-scale offensive.’

But he faced calls to go further on sanctions now from Sir Keir Starmer, as well as some Tory MPs.

The Labour leader said he understands the tactic of holding back sanctions to deter an invasion past the Donetsk and Luhansk regions in the east of Ukraine but said ‘a threshold has already been breached’.

He said a sovereign nation ‘has been invaded in a war of aggression’, and ‘if we do not respond with the full set of sanctions now, Putin will once again take away the message that the benefits of aggression outweigh the costs’.

Former Tory leader Sir Iain Duncan Smith suggested Russia should be hit ‘hard and hit them now’ to increase the pain of the current incursion.

Commons Defence Committee chairman Tobias Ellwood said ‘sanctions alone will not be enough’ and warned that ‘untargeted sanctions may play into Putin’s plan to pivot Russia ever-closer to China’.

Leave a Reply

You might be interested in