Russia cyber attack threat to remote working

Five Eyes alert warns of Moscow retaliation over West's support for Ukraine

There is concern that hackers are targeting critical infrastructure in countries that have provided 'materiel support' to Ukrainian forces. Reuters

Live updates: follow the latest news on Russia-Ukraine

The threat of a Russian cyber attack on critical infrastructure has been significantly raised after a Five Eyes security alert.

Organisations have been told to step up their online security defences as fears increase that with western powers providing heavy weapons to Ukraine, Moscow might retaliate with a potentially crippling attack.

A new area of vulnerability highlighted by the Five Eyes intelligence alliance of the UK, US, Australia, Canada and New Zealand, states that working on laptops from home is “one of the top” ways that Russian hackers could gain access to private information.

At least a quarter of workers from sensitive British government departments such as the Foreign Office, Ministry of Defence and Treasury continue to work remotely on their laptops, which might not have defences as robust as in-office systems.

It is understood that Moscow’s cyber attackers will try to target critical infrastructure in Britain such as nuclear power stations, government departments, the health service and high-profile institutions such as the Houses of Parliament.

The Five Eyes alert was compiled by leading intelligence agencies, in particular Britain’s General Communication Headquarters and America’s Department of Homeland Security.

M93M4C GCHQ  An aerial image of the Government Communications Headquarters (GCHQ) in Cheltenham, Gloucestershire. Photo: Ministry of Defence

“Limit access to resources over internal networks, especially by restricting RDP [remote desktop protocol] and using virtual desktop infrastructure,” the alert stated. It also said that RDP exploitation was one of the “top initial infection vectors for ransomware, and risky services, including RDP” which could “allow unauthorised access to your session using an on-path attacker”.

The alert states that if remote desktops were assessed as “operationally necessary” then this should be restricted. It said that “evolving intelligence” suggested hackers in the Russian government were seeking to engage in “malicious cyber activity” in response to the “economic sanctions” imposed on Russia after its invasion of Ukraine.

There was also concern that hackers are targeting critical infrastructure in countries that have provided “materiel support” to Ukrainian forces.

The Kremlin is likely to be assisted by numerous cybercrime groups who have pledged their support to Russia. These include Killnet, a group that claimed credit for a recent DDoS – distributed denial of service – attack against a US airport that the group believed was supporting Ukraine.

In response to the increased risk, the Five Eyes alert outlines immediate actions that critical infrastructure organisations can take to “prepare for and mitigate potential cyber threats”.

These include immediately updating software, enforcing multifactor authentication, securing and monitoring “potentially risky” services such as remote desktop protocols, and providing end-user awareness and training.

The increased risk of a home attack has come after the Covid-19 pandemic led to many people spending much of the working week at home.

The Ukraine war has also led to the European Union telling citizens to spend three days a week working from home to reduce reliance on Russia’s oil and gas supplies.

A sign that Russia might already be stepping up its cyber campaign came on Tuesday when personal information about UK government employees appeared on Russian social media sites, which the Foreign Office is now investigating.

Updated: April 22, 2022, 1:32 PM