Britain has entered 'new era of warfare' with Russian cyber attacks, Defence Secretary warns

Kremlin denies being behind the NotPetya attack and others targeting Ukraine 

Lizzie Dearden
Home Affairs Correspondent
Thursday 15 February 2018 19:10 GMT
A message demanding money is seen on a monitor of a payment terminal at a branch of Ukraine's state-owned bank Oschadbank after a wave of cyber attacks, in Kiev, Ukraine, June 27, 2017.
A message demanding money is seen on a monitor of a payment terminal at a branch of Ukraine's state-owned bank Oschadbank after a wave of cyber attacks, in Kiev, Ukraine, June 27, 2017. (Reuters)

Britain has entered a “new era of warfare” with Russia and other nations moving combat into cyberspace, the Defence Secretary has said.

Gavin Williamson said the UK and its allies must be “primed and ready” to tackle intensifying online threats to energy, infrastructure, finance and public services.

"We have entered a new era of warfare, witnessing a destructive and deadly mix of conventional military might and malicious cyber attacks,” he added.

"Russia is ripping up the rule book by undermining democracy, wrecking livelihoods by targeting critical infrastructure, and weaponising information.”

He was speaking after the Government accused Vladimir Putin’s military of being behind a cyber attack that devastated Ukraine and affected businesses around the world over the summer.

The Kremlin has persistently denied responsibility but the Foreign Office claimed that while the NotPetya “masqueraded” as a criminal enterprise, its true aim was to disrupt Ukraine’s government, finance and energy.

Keir Giles, an expert on Russian security at Chatham House, said the attack and others like it were part of a worrying trend.

“This is precisely the set of behaviours which Russia’s neighbours have been warning of, not just for years but for decades,” he told The Independent.

'Petya' cyber attack hits firms across the world

“What is new is the willingness of senior figures in the UK to publicly recognise and state the problem - it does make a difference.”

Mr Giles said that Barack Obama administration’s quiet response to alleged Russian interference in the US election was “counter-productive.

He called the Defence Secretary’s statement an important, if “overdue”, step towards building proper defences and forming a response.

“The new era of warfare is already here, this is what Russia has been practising hard for,” Mr Giles claimed, saying the country’s actions were based on a “permanent mindset of conflict” with the West.

“Deterring Russia from hostile action is a more complex undertaking now than during the Cold War when simple military power was a much greater component of constraining Russian activities.”

The NotPetya cyber attack started on 27 June and swiftly spread around the world, to countries including the UK, US, France, Germany, Italy and Poland.

The National Bank of Ukraine was among those first hit, with affected machines displaying a message claiming the user must pay a ransom in bitcoin to recover encrypted files.

It was followed by other businesses with strong trade links with Ukraine, which has been targeted by numerous cyber attacks since the start of its 2014 conflict with pro-Russian separatists.

NotPetya’s indiscriminate design let it spread quickly, eventually costing companies more than $1.2bn (£850m) and hitting the profits of British firms including Reckitt Benckiser, whose other brands include Nurofen, Veet and Clearasil.

The cyber security firm FireEye has linked the attack to Russian-linked hackers known as the “Sandworm Group”, who have allegedly been behind numerous malware attacks on Ukraine since 2015.

An employee sits next to a payment terminal out of order at a branch of Ukraine's state-owned bank Oschadbank (Reuters)

“The earliest variations simply wiped the victims' machines, however, in 2017 a ransomware component was introduced,” an analyst said.

“These prior attacks share features, including distribution through a compromised software provider and a wiper masquerading as ransomware, with the June 2017 Petya attack supporting the case of a link between Sandworm and Petya.”

Lord Ahmad, a minister for cyber security, said the attack showed a “continued disregard for Ukrainian sovereignty”.

He added: “Its reckless release disrupted organisations across Europe costing hundreds of millions of pounds.

“The Kremlin has positioned Russia in direct opposition to the West yet it doesn’t have to be that way.

“We call upon Russia to be the responsible member of the international community it claims to be rather then secretly trying to undermine it.”

Lord Ahmad vowed that the UK would identify and pursue those behind online attacks, no matter where they originate, and strengthen international efforts to uphold a free, open, peaceful and secure cyberspace.

It came after Theresa May accused Russia of “threatening the international order” with election meddling and cyber espionage and disruption in November.

“We know what you are doing and you will not succeed,” the Prime Minister said. "The UK will do what is necessary to protect ourselves, and work with our allies to do likewise.”

Russia denied responsibility for the NotPetya attack, pointing out that Russian firms were among those whose systems were affected.

“We categorically dismiss such accusations - we consider them unsubstantiated and groundless,” said Kremlin spokesman Dmitry Peskov.

“It is no more than a continuation of the Russophobic campaign which is not based on any evidence.”

NotPetya struck little over a month after another ransomware attack, WannaCry, disabled large parts of the NHS and sparked urgent calls for the government and private sector to prevent system vulnerabilities.

The Government attributed that attack to a North Korean hacking group, although the perpetrators of the vast majority of incidents have never been made public.

Ranked as a tier one national security threat alongside terrorism and organised crime, the danger posed by cyber criminals is expected to grow amid an explosion of internet-connected gadgets sold with little or no security.

Investigators say motives can range from pure profit to disruption and political pressure, depending on whether the culprits are hostile states, organised crime gangs, lone hackers, ideological “hacktivist” groups or script kiddies looking for kudos among their peers.

With increasingly blurred lines between criminal and state actors, and single attacks using perpetrators and infrastructure across multiple countries, identifying a source is difficult and can involve international investigations.

The National Cyber Security Centre (NCSC) is charged with preventing attacks in the UK, responding to incidents including the “brute force” attack on Parliament’s email system.

Earlier this month it said millions of online attacks against the general public had been thwarted with technology that stops fake emails, phishing attacks and malicious servers.

“Russian interference, seen by the NCSC, has included attacks on the UK media, telecommunications and energy sectors,” CEO Ciaran Martin warned.

“That is clearly a cause for concern - Russia is seeking to undermine the international system.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in