UK businesses need to be ever-vigilant about the threat of cyber attacks from Russian hackers.
Recent attacks on government entities have been blamed on members of the ‘Fancy Bear’ group and the FBI has issued a wanted poster for seven men.
All UK organisations need to take the threat seriously too, in order to avoid being caught up in an on-going cyber aggression that’s believed to be sanctioned by the Kremlin.
The US has indicted the seven men with a range of charges including conspiracy to commit computer fraud, wire fraud, aggravated identity theft and money laundering.
Four of the accused were expelled from The Netherlands after they were caught attempting a cyber attack on the headquarters of the international chemical weapons watchdog, the OPCW.
The hackers have been using malware that exploits the Unified Extensible Firmware Interface (UEFI) on computers. UEFI provides an interface for your operating system to connect with firmware on your computer. The malware can’t be removed from the UEFI, even if the operating system is re-installed or hard drives are replaced.
The malware poses a threat that can’t be dealt with using previous security advice but one step that may help is to ensure your computer has Secure Boot which will prevent it from loading the malware. You could also update your UEFI firmware from your computer manufacturer, although some manufacturers may not release newer versions or patches.
However, if the malware has taken root, it may be necessary to replace the motherboard of the computer. In truth, it’s usually easier and more cost-effective to simply replace the computer.
Gary Jowett from Computer & Network Consultants in Brighton said: “This threat may be directed mainly at governments but it poses a risk to anyone with a computer. Companies that have upgraded their hardware in recent months should seek advice from an independent consultant to assess whether or not their equipment has been compromised.”
In terms of the wider threat from hackers, it’s often smaller companies with less sophisticated security arrangements that are more vulnerable. They could unwittingly offer a backdoor for hackers into government departments or local authorities. For this reason, smaller companies who provide services to the public sector need to be much more aware of the threats to their IT services because it could lead to losing major public sector contracts.
Effective anti-virus and malware tools are now standard defences companies can generally rely upon and email security from Mimecast and other providers can keep the door closed to cyber criminals.
Worryingly, it’s the inconsistent behaviour of managers and staff that still needs to be ironed out so that personal USB sticks aren’t brought into the office and links or open attachments from addresses outside the company won’t be accessed.