With tensions between Russia and the wider world continuing to escalate, UK intelligence services, and the FBI and US Department of Homeland Security earlier this week issued a joint warning about a massive cyber campaign by Russian-backed hackers.
It’s clear that government organisations and entities like the NHS are prime targets of this campaign to try and intercept sensitive information, but what could this warning mean for us as individuals? Are we at risk and if so is there anything we can do to protect ourselves?
We spoke to John Shaw, VP Product Management at cybersecurity firm Sophos, about these issues.
What form could an attack take?
Developed nations (including the UK) are engaged in some level of cyber surveillance, explains Shaw. This surveillance isn’t designed to “attack” anyone or anything, instead it’s there to spy on sensitive communications. Generally it goes unnoticed.
Actually defining what an attack might look like is difficult, but Shaw believes there are some definite possibilities. The first is what’s known as a “phishing” attack, which would be aimed at key employees of either government agencies or some of the country’s largest organisations such as BAE or the NHS.
They would be sent messages “looking like they are from a trusted party and persuading the employee to either click on a link to trigger an ‘exploit’, Shaw says, or to hand over a username and password. Either way, the attackers will be aiming to grab control of the exec’s computer, and would then use that as a springboard to gain access to critical systems, and then disrupt or break them.
The second possibility is something called a “spray and pray” technique which Shaw describes as, “hitting as many computers as possible in the hope that one or more of them will have access to systems that can cause damage if disrupted.”
To be highly effective, this approach would require a mechanism for attackers to spread quickly. “This could involve hacking a popular website or a concerted effort on social media to get UK users to click infected links.” Shaw explains.
“From recent experience it could be likely that the attacks will use exploits against legitimate software that have not been declared publicly – meaning that even those of us who are diligent and always update our software and systems could be vulnerable to the attack.”
How prepared is the UK infrastructure / UK businesses?
“GCHQ and other government institutions spend huge amounts of time and resources on defending critical national infrastructure from cyber attack,” explains Shaw.
Despite this, he believes that state-sponsored attacks are just one part of a wider problem the UK faces. The larger threat could be from what’s known as commercial cybercrime.
Either way, there are some techniques that businesses should use to keep themselves and their employees safe. This could range from updating software and systems regularly, to using what Shaw describes as “next gen” firewalls to protect employees machinery against remote attacks by hackers.
Giving staff training and making sure they are aware of the dangers is also incredibly important, along with the basic requirement that all staff should probably be using a password manager.
“Password re-use is a common route in to business systems”, explains Shaw.
Finally and last but not least he warns that for too long the public perception has been that only Windows computers are really at risk of attack. “Don’t forget that smartphones, tablets and many of the connected devices in your businesses are also powerful computers – don’t just concentrate on Windows PCs.” he says.
How it could affect us as individuals?
For the vast majority of us, a Russian cyber attack is unlikely to directly affect our lives unless it’s through a third-party incident e.g. the disruption of the computer systems at a train station or the hacking of the NHS.
The biggest risk for the public, explains Shaw, is the “spray and pray” attacks that Russia favours above all else. To protect ourselves against these attacks there are key techniques we should be employing every day.
1. Always update your software, whether it’s on your smartphone or computer. Don’t leave it for a few weeks or because you can’t be bothered.
2. Install anti-virus software and make sure it’s protecting your entire home. Ensure that your ISP also provides some form of web protection through your WiFi router.
3. Always double-check emails you don’t recognise or that look unfamiliar. Even if it looks like it’s from a friend or company you trust it could contain a malicious link that would render your computer useless.
4. Use a password manager.