A LIST of ‘unfriendly’ jurisdictions published by the Kremlin – which includes Jersey – will be seen as a ‘target list’ for cyber-crime groups aligned with the Russian state, according to the director of the Cyber Emergency Response Team.
Matt Palmer said that he expected to see an increase in the ‘frequency and severity’ of targeted incidents and reminded businesses to reinforce their online defences.
Last month the Island was named on a list of ‘unfriendly’ countries and territories published on the Russian government’s official website, for imposing sanctions against the regime in response to its invasion of Ukraine.
Mr Palmer said: ‘We know that we are visible and identified and they have named us as a jurisdiction along with many others. So we can’t work on a basis that we are somehow going to fly under the radar – that would not be the right way to go about responding to these threats.’
He added: ‘You have crime groups such as Conti who have aligned themselves quite strongly with the Russian state, and they will look at things like a list of unfriendly nations. These things can be seen as a bit of a licence to undertake offensive activities. It will be seen as a target list by some – that conversation does happen in those circles.’
He admitted that he did not anticipate indiscriminate ‘large-scale’ attacks, but added: ‘What we have seen in recent months is a significant increase in what we call reconnaissance activity – this involves scans and attempts to find out what networks look like and what the vulnerabilities in those networks are.
‘What we have not seen is that translating into practical attacks, so local organisations being actively compromised at a higher level than would ordinarily be the case.’
He revealed that this included reconnaissance activity carried out from Russian IP [Internet Protocol] addresses – which could normally be used to identify a device or network – but that it was difficult to attribute them to the true source, which can be masked using various technology.
He said: ‘It is not as simple as saying “these attacks appear to be coming from a Russian IP address therefore it is an attack from Russia” – that may be the case, or it may not be the case.’
He added: ‘I am not expecting large-scale indiscriminate attacks to take place. What I am expecting is that different actors – whether they are nation-state actors or cyber-crime actors – will think carefully about what they want to achieve and undertake targeted attacks. Those targeted attacks I do expect to increase in frequency and severity over time.’
Mr Palmer urged businesses to ‘proactively share’ information about cyber incidents and sign up to the CERT newsletter.
‘At the end of the day it is the responsibility of the boards and the management of independent private-sector organisations to ensure they are secure and that their business is protected,’ he added.
Islanders can report incidents to CERT by emailing incidentreports@cert.je, and can also request information and support by contacting hello@cert.je.