UK organisations are being advised to review their cyber security provisions in light of unfolding events in the Middle East. In an advisory notice, the UK National Cyber Security Centre said that while there is likely no current significant change in the direct cyber threat from Iran to the UK, due to the fast-evolving nature of the conflict, this assessment may be subject to change.

It added that there is almost certainly a heightened risk of indirect cyber threat for those organisations and entities who have a presence, or supply chains, in the Middle East. Iranian state and Iran-linked cyber actors almost certainly currently maintain at least some capability to conduct cyber activity.

The NCSC said that organisations should prepare to respond to the risk of collateral impacts in the UK from Iran-linked hacktivists by reading previously issued advisories on DDoS attacks, phishing activity and ICS Targeting.

The advisory added: “For organisations exposed to higher risk – for example with those with offices or supply chains in the region – you should adjust your cyber security posture accordingly. You should take the steps outlined in our ‘actions to take when threat is heightened’ guidance, and consider proportionate action to increase monitoring and review your external attack surface.”

---