The Ukraine Crisis – The Overspill from Cyber Warfare Threatens Us All

24 Jan

Over the past few weeks, the global media has been alerting us all to the prospect of aggressive action by Russia in Ukraine. The US has warned of imminent acts of provocation to create a pretext to invade Ukraine, and today the UK has started to withdraw embassy staff.

Conflict is no longer restricted to the physical world. We might think we are a safe distance away from the front line, but modern warfare does not care about international borders.

The last time Russia took aggressive action against Ukraine, companies across the world found themselves victim of an attack that got out of control. Russia was named by several intelligence agencies as having injected the NotPetya encrypting malware through a Ukrainian tax preparation software in 2017 to target Ukrainian assets. The situation eventually spiralled to infect thousands of businesses across the world, causing serious damage.

The situation could be more serious this time. The risk of damage to companies in the Channel Islands and UK from a Russian cyber attack increases further when sides are taken, with the US, UK and other allied nations likely to take up at least some degree of involvement. The British Government for example, plans to invest £5 billion in retaliatory cyber attacks, creating their very own “Cyber Force” to target hostile states.

We need to learn from this, and we advise you to ensure you have appropriate controls in place to help protect yourself and if necessary to be able to recover if you are affected by an attack. These controls must be across people, operations and technology; it is impossible for technology alone to give the necessary protection.

ukrainecyber warfarecyber physicalnotpetyablack arrowblack arrow cybercyber expertscyber consultingcyber investigatorscybercyber securityinfosecinformation securitythreat intelthreat intelligencethreat reportbusiness riskbusiness riskscyber risk managementrisk managementcyber risk assessmentrisk assessmentcyber incident responsecyber incident response teamcyber emergency responsecomputer incident responsecomputer emergency responseemergency responsesubject matter expertsit securitytrusted advisertrusted partnervcisovirtual chief information security officervisoinformation security officersecurity executive on demandsecurity as a servicesecurity on demandcyber security strategycyber strategybritish intelligencenational securityuk national securitylaw enforcementftse 100ftse100offshore financial servicesgfscguernsey financial services commissionncscnational cyber security centrecpnimi5gchqcertcert-ukcert.ggncanational crime agencyeuropolinterpolenisanatocisafbinsaciadhssmesmbsmall businessmedium sized businessaccountinglaw firmslegal sectoracademiaeducationschoolsretailmaritimeaviationtransportcniscadaicsindustrial control systemsoperational technologyothealthcaremedicalpharmapharmaceuticalspci-dsspayment cardpayment card industryestate agentsestate agencydefencechild safetyparental controlsregulated firmsfinancial servicescritical infrastructureexecutivesinsidersinsider threatstaffuserssenior executivesc-suiteboardshuman elementhuman centric securityhuman centricweakest linkfraud investigationsforensicscyber forensicsforensic investigationsexpert witnesstechnical investigationsaptchinarussiairannorth koreanation state actorsransomwarebecbusiness email compromiseemailphishingspear-phishingwhalingcredentialscredential stuffingextortionblackmaildenial of serviceddosbotnetcryptominingcryptojackingrootkitsrootkitshadow itremote code executionrcezero-daymalwarevulnerabilityvulnerabilitiesvulnerability managementpatch managementpatchinginsurancecyber insuranceincident responseincident response plandisaster recoverydisaster recovery plandrpbusiness continuitybusiness continuity planningtrainingeducation and awareness trainingawarenessexercisingexerciseproctored exercisefacilitated exercisesimulationsgap analysiscyber gap analysisboard upskillingsenior executive cyber risk and governancesenior executive cyber risk and governance workshopstechnical assessmenttechnical analysispenetration testingpentestingphysical penetration testingtastargeted attack simulationsnistiso 27001 iso27001cyber essentialscyber essentials plusiasmeiasme governancetechnical IT security hackerscriminalscyber criminalsespionagecyber espionagefraudstersfraudscammersscamsscamorganised crimecriminal actorcriminal actorssupply chainthird partiesmsspmspapplemacmacosiosiphoneandroidmicrosoftwindowsclouddark webdatabasesexternal itinternal itencryptioncryptocurrenciesiotaiendpoint protectionantivirusantimalwarewfhwork from homednsemail gatewayonlineopen sourceattack surfaceandorraanguillaantigua and barbudaarubabahamasbarbadosbermudabritish virgin islandsbvicayman islandschannel islandscicyprusdominicadublindutch antillesgibraltargrenadaguernseyisle of manjerseyliechtensteinlondonluxembourgmaltamonaconetherlands antillesphilippinesst kitts and nevisst luciast vincent and grenadinesswitzerlandturks and caicos islandsscotlandedinburghglasgowbristolsouthamptonportsmouthexetereuropeoffshore

Black Arrow Admin

The Ukraine Crisis – The Overspill from Cyber Warfare Threatens Us All

Now we can hold in person events again our next open cyber education and awareness session is on 14 February - Valentines Day!

Black Arrow Cyber Threat Briefing 21 January 2022