UK Cyber Security Centre advises review of risk posed by Russian tech

Suggests it's prudent to plan for Putin weaponizing Russian products


The UK's National Cyber Security Centre (NCSC) has advised users of Russian technology products to reassess the risks it presents.

In advice that builds on 2017 guidance about technology supply chains that include links to hostile states, NCSC technical director Ian Levy stated that the agency has not found evidence "that the Russian state intends to suborn Russian commercial products and services to cause damage to UK interests."

But he added that "the absence of evidence is not evidence of absence" – so "it would be prudent to plan for the possibility that this could happen."

Think about how you could insulate yourself from compromise or misuse of Russian technology

In 2017 NCSC advice was that "some UK government and critical national systems" were at risk from Russia, and that "systems with a national security purpose" should not use Russian products. The advice suggested that the "wider public sector, more general enterprises, or individuals" had nothing to worry about.

Not any more.

The new advice wants the entire public sector to rethink its exposure to Russian tech products and services. Critical infrastructure service providers, and "organisations or individuals doing work that could seen as being counter to the Russian State's interests" also need to rethink their exposure.

So do organizations providing services to Ukraine. High-profile organizations that, if compromised, would be trophies for Moscow have also been put on alert.

Organizations that use services provided out of Russia "should think about how you could insulate yourself from compromise or misuse of these services," the advice states, naming development and support services as offerings to consider. "This is true whether you contract directly with a Russian entity, or it just so happens that the people who work for a non-Russian company are located in Russia," the post adds.

"If you are more likely to be a target for the Russian state because of what's going on, then it would be prudent to consider your reliance on all types of Russian technology products or services (including, but not limited to, cloud-enabled products such as AV)," the advice warns.

The document includes a short section on security software vendor Kaspersky, which is rated as representing no threat to individual users "at the moment". That could change if Putin pulls the trigger, or if sanctions on Kaspersky see its operations disrupted in ways that prevent updates to its AV products.

Ironically, unpatched software remains one of the NCSC's big three risks. The others are poor network configuration management and poor credential management.

"We know these are the most common causes of compromises, including those we (and our partners) have attributed to the Russian state," Levy's post states.

But the illegal invasion of Ukraine means addressing those three weak points must now be joined by consideration of exposure to Russian tech. ®

Narrower topics


Other stories you might like

  • Don't ditch PowerShell to improve security, say infosec agencies from UK, US, and NZ
    Use it sensibly instead – which means turning on the useful bits Microsoft doesn't enable by default

    Windows PowerShell is enormously useful, extremely prevalent, and often targeted by crooks because it offers an express route into the heart of Windows servers and networks.

    Some have therefore suggested the tool is a liability that should be disabled in the interest of improved security.

    But on Wednesday national cybersecurity agencies from the US, UK, and New Zealand decided that's a bit drastic. Instead, the agencies recommend securing PowerShell prudently.

    Continue reading
  • Nothing says 2022 quite like this remote-controlled machine gun drone
    GNOM is small, but packs a mighty 7.62mm punch

    The latest drone headed to Ukraine's front lines isn't getting there by air. This one powers over rough terrain, armed with a 7.62mm tank machine gun.

    The GNOM (pronounced gnome), designed and built by a company called Temerland, based in Zaporizhzhia, won't be going far either. Next week it's scheduled to begin combat trials in its home city, which sits in southeastern Ukraine and has faced periods of rocket attacks and more since the beginning of the war.

    Measuring just under two feet in length, a couple inches less in width (57cm L х 60cm W x 38cm H), and weighing around 110lbs (50kg), GNOM is small like its namesake. It's also designed to operate quietly, with an all-electric motor that drives its 4x4 wheels. This particular model forgoes stealth in favor of a machine gun, but Temerland said it's quiet enough to "conduct covert surveillance using a circular survey camera on a telescopic mast."

    Continue reading
  • International operation takes down Russian RSOCKS botnet
    $200 a day buys you 90,000 victims

    A Russian operated botnet known as RSOCKS has been shut down by the US Department of Justice acting with law enforcement partners in Germany, the Netherlands and the UK. It is believed to have compromised millions of computers and other devices around the globe.

    The RSOCKS botnet functioned as an IP proxy service, but instead of offering legitimate IP addresses leased from internet service providers, it was providing criminals with access to the IP addresses of devices that had been compromised by malware, according to a statement from the US Attorney’s Office in the Southern District of California.

    It seems that RSOCKS initially targeted a variety of Internet of Things (IoT) devices, such as industrial control systems, routers, audio/video streaming devices and various internet connected appliances, before expanding into other endpoints such as Android devices and computer systems.

    Continue reading

Biting the hand that feeds IT © 1998–2022