In this week’s bulletin, Charlie discusses the impact of the role of nation-states in cyber attacks and looks at some of the attacks we have seen in the UK recently.
On the 8th of October 2024, MI5 Director General Ken McCallum gave a speech on the threats to the UK, covering the counter-terrorism threat and state threats from Russia, Iran, and China. As part of our role as business continuity professionals, we should be horizon scanning for the latest threats to our organisations, and ensuring that we have taken appropriate actions either to try and prevent them from happening in the first place or to have plans in place to deal with the impact should they occur. There are four main threats I believe we should be aware of and preparing for: the nation-state cyber threat, propagation of unrest, attacks on people and sabotage.
We have talked many times about the increased cyber threat in this bulletin, and I have written a number of case studies to illustrate the point. The involvement of a nation-state in a cyber attack can add to its complexity. A ‘normal’ ransomware attack can cause massive damage and disruption to organisations in terms of delivery of operations, financial impacts, and damage to reputation. Nation-states may sponsor attacks or provide support to the gangs carrying them out. They might also encourage hacker gangs to target particular companies, especially those who provide support and equipment to Ukraine. Nation-states may be interested in the destruction of systems and disruption of the organisation, rather than extortion. Many ransomware attacks involve only data exfiltration, which might have little or no impact on an organisation’s operations. However, the involvement of nation-states could make cyber attacks more impactful, with the added risk that there may not be the opportunity to pay a ransom in order to regain access to data.
We saw unrest in the summer, and there may be more of it in the future. I think most organisations know how to mitigate its effects and look after their staff. The Iranian threat to dissidents and those who have displeased the Iranian regime was mentioned in Ken McCallum’s speech. This may pose a minimal impact to most organisations unless they employ or are associated with individuals whom the Iranian regime might want to harm. However, we must remember that there is always the chance that an assassin could target the wrong person, making this a potential threat to your organisation.
There have been a number of attacks on UK firms supplying material to Ukraine, attributed to Russia. These have included a Ukrainian company warehouse in London being burned down on the 20th March 2024 and an explosion at the BAE Systems military weapons factory in South Wales on the 17th April 2024. Throughout Europe, there have also been several attacks on both civilian and military targets in countries seen as strong supporters of Ukraine. An attack on a Czech arms factory in 2014 led to an explosion, killing two people.
The attack on the Ukrainian company warehouse was allegedly carried out on behalf of the Wagner Group, and seven men have been charged. This fits the pattern outlined in Ken McCallum’s speech that Russia is using proxies, including criminals, to carry out attacks. The lesson from these attacks is that if your organisation is linked to providing help to Ukraine, you may be targeted. This could be through proxies, so there is also the possibility of an insider carrying out an attack.
Organisations should review their risks, as well as those of their suppliers, to account for nation-state threats and proxy attacks, and then take appropriate mitigation actions.
