The UK’s National Cyber Security Centre have highlighted the evolving tactics of Russian state-linked cyber actors.

NCSC has noted that malicious cyber actors linked to Russia’s Foreign Intelligence Service (SVR) have expanded their targeting from governmental, think tank, healthcare and energy organisations to include aviation, education, law enforcement, local and state councils, government financial departments and military organisations.

Traditionally, SVR actors have exploited software vulnerabilities to access information held by organisations in these sectors. However, because of the increasing move to cloud-based infrastructure, these traditional approaches are now less effective.

Therefore, NCSC report that tactics have evolved to try and gain access to these cloud-based systems. But since access to cloud-based systems is far more reliant on gaining initial access to the cloud provider, a good baseline of cyber security fundamentals can help to prevent successful attacks.

  • Use of multi-factor authentication, or 2-step verification, and strong unique passwords are good ways to mitigate and defend against this type of malicious cyber activity.
  • Making sure that user and system accounts are disabled when employees leave is also key, as dormant or inactive accounts are often involved in a successful cyber attack.

Additional information and mitigation strategies are set out in NCSC’s advisory, which can be found here: https://www.ncsc.gov.uk/news/svr-cyber-actors-adapt-tactics-for-initial-cloud-access