Cyber experts are warning of indirect “spillover” from the current conflict in the Middle East that could affect companies and individuals on home soil.

Listen to this article

The National Cyber Security Centre (NCSC) says the current Middle East crisis could lead to anything from persistent nuisance to disruptive online attacks to a surge in scams, especially for anyone connected, personally, through family or work, to the region.

The advice is simple: stay alert and take basic precautions now, because the picture can change quickly. All of us now need to understand how modern conflict isn’t just about soldiers and corporate servers. It lands in our personal inboxes and apps.

So far, Britain hasn’t seen a significant increase in direct targeting from Iran, but the NCSC is especially concerned about organisations with operations or supply chains in the Middle East.

Global threat intelligence teams are also tracking a surge in deliberate disruption, including everything from website defacements to data leak theatrics and, above all, high-volume direct denial of service (DDoS) attacks. This is where hackers try to shut down a website or network by overwhelming it with fake traffic.

If you are someone who feels at risk during the current crisis, you should increase protection by starting with the one account that unlocks your life – email. Turn on two-step verification (2SV) for your email and use a strong, different password (the NCSC’s “three random words” rule for password creation is a helpful guideline).

That one move stops most account takeovers in their tracks and prevents criminals using “forgot your password?” links to raid your banking, shopping and socials.

We can also expect more scams, so be prepared to report them. If a message feels “off”, don’t click on it. Forward suspicious emails to report@phishing.gov.uk (the NCSC’s rapid takedown service) and suspicious texts to 7726 (free to your mobile provider).

If you think you’ve lost money or been hacked, report it via the police’s national Report Fraud service. These routes get fake sites pulled quickly and help stop criminals recycling the same scams.

The UK has seen this playbook before. In January, the NCSC warned that Russian aligned hacktivists were pummelling local authorities and elements of critical national infrastructure with low sophistication, high impact DDoS attacks. The agency made the point that volume alone can cause costly outages.

There’s also a misconception that attacks are becoming endlessly more sophisticated. Some are, but what’s biting British businesses today is the industrialisation of simple tactics: crowdsourced botnets and “Denial of Service-as-a-Service” tools that mobilise thousands of volunteers to overwhelm a target on demand.

The NCSC’s January alert and independent reporting on nation-state groups (like the Russian backed NoName057(16)) show how ideologically-driven campaigns can still disrupt essential online services without breaching a single database.

While we may hope that threat actors from the Iranian region are too distracted by other objectives to deploy their considerable cyber warfare expertise against targets in the UK, none of us should rely on it.

If every household turns on two-step verification (2SV), embraces password managers or passkeys, keeps devices updated, and knows how to report scams and ride out brief outages, Britain becomes a much harder target to hit at scale.

This is exactly what the moment demands.

Travis DeForge is the Director of Cybersecurity at Abacus

LBC Opinion provides a platform for diverse opinions on current affairs and matters of public interest.

The views expressed are those of the authors and do not necessarily reflect the official LBC position.

To contact us email opinion@lbc.co.uk

© LBC