Alert: NCSC advises UK organisations to take action following conflict in the Middle East

How has the cyber threat changed?

As a result of the ongoing conflict in the Middle East, there is likely no current significant change in the direct cyber threat from Iran to the UK, however due to the fast-evolving nature of the conflict, this assessment may be subject to change.
There is almost certainly a heightened risk of indirect cyber threat for those organisations and entities who have a presence, or supply chains, in the Middle East
Iranian state and Iran-linked cyber actors almost certainly currently maintain at least some capability to conduct cyber activity.

Organisations should prepare to respond to the risk of collateral impacts in the UK from Iran-linked hacktivists by reading previously issued advisories on DDoS attacks, phishing activity and ICS Targeting.
For organisations exposed to higher risk, for example with those with offices or supply chains in the region, you should adjust your cyber security posture accordingly. You should take the steps outlined in our actions to take when threat is heightened guidance, and consider proportionate action to increase monitoring and review your external attack surface.
The NCSC continues to encourage UK organisations to sign up to its Early Warning service, to receive timely notifications of security issues affecting their networks.
In addition, given this is an evolving situation, CNI organisations may wish to pre-emptively review the NCSC’s recently published guidance on actions to take now to prepare CNI organisations for severe cyber threat.
For physical and personnel security risks, please refer to guidance issued by the National Protective Security Authority (NPSA). In particular following the sabotage guidance will help you protect your site from physical threats.