Five Eyes, a signals intelligence alliance between the US, UK, Australia, Canada and New Zealand, has issued a warning of increased cyberattacks on critical infrastructure.
The alert from Five Eyes echos the warning that US President Joe Biden gave the public in March, that Russia was 'exploring' cyberattacks in the US.
The Story so Far
This isn't the first time we've been warned about the rising risk of cyberattacks since the invasion of Ukraine. In the past 60 days, we've had:
- In February, the UK government reports that Russian state-sponsored groups have been attacking Ukrainian digital infrastructure with DDoS attacks.
- As mentioned above, in March, Joe Biden warned citizens of the US of the rising risk of cybersecurity attacks.
- Earlier this month, a separate advisory was issued by numerous US agencies that warned nation-state actors are deploying specialised malware to maintain access to ICS and supervisory control and data acquisition (SCADA) devices.
- The FBI has also separately warned (PDF) that ransomware attacks in food and agriculture are particularly likely during food and harvesting seasons, putting increased pressure on supply chains
The five eyes warning is substantial because it addresses most of the English speaking world, but it's still a continuation of a trend: intelligence agencies are noticing increased cybersecurity risk for people and businesses.
Why is this happening?
As the CISA alert states, "This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as materiel support provided by the United States and U.S. allies and partners." (No that's not a typo, materiel means military equipment!)
Five Eyes warns that agencies may be targeted in response to support for Ukraine and the sanctioning imposed on Russia for its military invasion and a mounting pile of evidence of war crimes being uncovered.
The invasion of Ukraine is reaching its 2nd month, with UK Prime Minister Boris Johnson saying it's realistic this conflict could last until the end of 2023.
It's absolutely vital to maintain airtight cybersecurity practices, now more than ever.