The National Cyber Security Centre (NCSC) from the UK issued a warning about state-aligned Russian hacktivists shifting their interest to the business sector.
Authorities recommend that all companies in the country tighten their security measures.
The Russian Hacktivists Threat
Usually, Russian hacktivist groups target their activity on critical state structures like airports, parliament, and government sites. Cybercriminals use DDoS (distributed denial of service) attacks to disturb normal operations.
But NCSC warns that threat actors have stated their goal to do as much harm as they can. So, the next step is to pivot to attacking companies.
Although these groups can align to Russia’s perceived interests, they are often not subject to formal state control, and so their actions are less constrained and their targeting broader than traditional cybercrime actors. This makes them less predictable.
Given the context, the British agency urges organizations to implement strong security measures. Special attention is paid to secure system administration.
Recommended Security Measures for Businesses
The NCSC published a list with recommended measures against elevated cyber threats.
Among the most important measures are: system patching, examining backups, reviewing incident plans, logging and monitoring, access control verification, and managing third-party access.
For bigger organizations, there are additional measures that they can implement: the preparation for extended operational hours or incident response scaling, the acceleration of security upgrades, the reevaluation of risk tolerance, the temporary reduction of system functionality, the aggressive patching of vulnerabilities, and the delaying of non-security system changes.
Regarding the secure system administration, the NCSC offered the main principles to be followed. They are available for every person that has administration rights (organization’s staff, or third-party suppliers).
- Secure devices that have users with admin rights on them so, in the case of an attack, the cybercriminal will not be able to exploit legitimate functionality.
- Check that only those with the proper authorization can access interfaces with high system rights.
- Utilize tiered administration to apply realistic risk management to system administration.
- Grant users the least privilege and revoke access when unnecessary based on who, where, when, why, and how they perform tasks.
- Record all administration actions and audit them to identify any malicious actions.
System management is a fundamental component of any system. Poor design in this area could have any number of serious side effects – from allowing an employee to make a damaging mistake, to permitting an attacker to gain unrestricted access to your most sensitive data.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.