Cyber alert for Irish companies over rising tension in Ukraine

It further warned that “increased cyber criminal activity” should be expected, as criminal gangs seek to exploit a worsening security situation.

The NCSC particularly urged Irish companies with operations in both Ukraine and Russia to be vigilant and test their security systems.

Without specifically naming hostile Russian state acts, it said previous “state-backed cyber operations” in the region had caused “significant disruption” to some Irish-based organisations in the past.

In its advisory, Ireland’s cyber body said: “Due to ongoing tension in the Ukraine region, NCSC is releasing an advisory to highlight any potential impact on Ireland or Irish-based entities should the current situation continue to escalate.

“NCSC currently assesses the risk to Irish entities from a targeted nation-state attack relating to current events in Ukraine as low, however, there remains a potential for entities to be affected by events downstream of any primary targets in the region.” 

It added: 

Increased cyber criminal activity should also be anticipated, as threat groups may seek to profit from the tensions.” 

It said it “particularly” advised Irish organisations with operations based in Ukraine and Russia to take time to analyse/audit third-party supply contracts, test their incident response plan and to harden their organisations security posture.

Significant disruption

“Previous state-backed cyber operations in the region have caused significant disruption to some Irish-based entities in the past,” it said.

"Nation State APT [advanced persistent threat] groups focused on Eastern Europe have previously demonstrated an ability to conduct aggressive cyber operations."

It cited the impact of the NotPetya attack in 2017 on both local and global supply chains.

“This attack was conducted primarily against businesses working in Ukraine by a nation state APT group," the NCSC said.

The NCSC said a software update process was hijacked to deploy malicious updates that eventually installed a wiper malware.

“The resulting attack caused several billion euros of damage globally,” the NCSC said.

US prosecution authorities have blamed this attack on a group of hackers they claimed worked by the Russian military intelligence service, the GRU.

The NCSC, which operates under the Department of Communications, also cited the Solarwinds attack in 2020, which US investigators also suspect is linked to Russian intelligence.

It said this attack involved a “significant technical skill set” which compromised a software update process, affecting thousands of companies, including Microsoft, Intel and Deloitte, as well as the US departments of Homeland Security and State.

The NCSC said there was an additional risk factor for companies who often rely on outside cyber specialist companies for expertise in the event of a cyber incident.

“Therefore, constituents should consider such a risk in any response plans and take additional steps to mitigate these risks.

The advisory concluded: “At this time NCSC has no specific information relating to the current Ukraine situation to indicate any direct threats to Irish interests, however, we do advise that all organisations take time to assess their individual exposure to cyber security risks.” 

It encouraged companies experiencing incidents to report them to the centre.

Commenting, Brian Honan, chief executive of BH Consulting, said: 

It has been recognised and well known in the cyber security industry that actors based in Russia have been using Ukraine as a place to hone their cybersecurity attacking skills.” 

He said these attacks ranged from the 2015 Sandworm cyberattack against the Ukrainian power grid which resulted in major power outages in the Ukraine, to the NotPetya virus, which, he said, caused global damage and became known as the most expensive cyberattack in history.

'Conflict will be augmented with cyberattacks'

“There are fears that should the current tensions escalate into a conflict then that conflict will be augmented with cyberattacks,” he said.

He said that, as demonstrated by the NotPetya virus, there is no guarantee that any cyberattacks or other malicious malware will be confined to just the Ukraine and could have impacts on a global scale.

“In addition, Russian actors, be they state-sponsored, criminal actors, and/or individuals, may target other countries that are supporting Ukraine,” Mr Honan said.

The advisory from the NCSC is very timely and I recommend all companies, whether they have direct business with the Ukraine or not, to follow the guidelines in the advisory and to ensure they have their cybersecurity defences up to date and secure.” 

Jan Carroll, cybersecurity lecturer in UCD, said: “Forewarned is forearmed and while the threat to Irish entities is low at the moment, it would be silly not to take it seriously.” 

She called on organisations to take the advice of the NCSC and ensure they have an incident response plan in place in the event of a cyberattack.

“They should also review their supply chain and service providers to highlight if they are reliant on services from the region and ensure that this is considered in their response plans,” she said.

In addition, Ms Carroll said everyone should be careful online: “We should all be on our guard at times like these as cyber criminals will take advantage of these events to use as a pretext for social engineering attacks. 

"If you receive emails from service providers referencing urgent action due to events in Ukraine, just pause and consider if it may be a phishing attempt.”

On Wednesday, Ukraine accused Russia of being behind a cyberattack that hit two of its banks and its defence ministry — an accusation the Kremlin denied.