NATO Countries Hit With Unprecedented Cyber Attacks
Montenegro, Estonia and new NATO applicant Finland are just three of the countries being hit hard by sophisticated cyber attacks. What’s happening and who’s next?
A headline this past week from Balkan Insight read: “Montenegro Sent Back to Analog by Unprecedented Cyber Attacks.” Here’s an excerpt:
“The digital infrastructure of a major part of Montenegro’s public administration has been offline since August 22 following a ransomware attack that security sources have told BIRN may have been an ‘inside job,’ uploaded directly from a computer connected to a government server.
“The government of the tiny Adriatic republic, a member of NATO, has reported an unprecedented series of cyberattacks on government servers and says it is working to contain the damage.
“Sources say the servers were hit with ransomware, a type of malware attack in which the attacker locks and encrypts the target’s data and important files and then demands a payment to unlock and decrypt the data.”
“A rapid deployment team of FBI cyber experts is heading to Montenegro to investigate a massive, coordinated attack on the tiny Balkan nation’s government and its services, the country’s Ministry of Internal Affairs announced Wednesday.
“The announcement came as the government’s main websites — including the ministries of defense, finance and interior — remained unreachable. Officials said they were offline ‘for security reasons.’
“The ministry called the FBI assistance ‘another confirmation of the excellent cooperation between the United States of America and Montenegro and a proof that we can count on their support in any situation.’”
“‘Coordinated Russian services are behind the cyber attack,’ the ANB said in a statement. ‘This kind of attack was carried out for the first time in Montenegro and it has been prepared for a long period of time.’
“‘I can say with certainty that this attack that Montenegro is experiencing these days comes directly from Russia,’ said Dusan Polovic, a government official.
“However, a cybercriminal extortion gang has claimed responsibility for at least part of the attack, the systems at a parliamentary office were infected with a variant of Cuba ransomware.”
OFFICIAL U.S. EMBASSY STATEMENT
Event: A persistent and ongoing cyber-attack is in process in Montenegro. The attack may include disruptions to the public utility, transportation (including border crossings and airport), and telecommunication sectors.
Actions to Take:
- Be aware of your surroundings.
- Limit movement and travel to the necessities
- Review your personal security plans.
- Have travel documents up to date and easily accessible.
- Monitor local media for updates.
Coverage by The Hill elaborated on other recent cyber attacks that countries around the world are facing:
“Earlier this month, both Finland and Estonia were victims of a cyberattack, though Estonian officials said they successfully thwarted the attack that targeted the country’s public and private institutions.
“The attack followed the removal of a Soviet war monument from an eastern Estonian city bordering Russia.
“Killnet, a Russian-backed hacking group, claimed responsibility for the attempted attack against Estonia, Reuters reported.”
“James Jones was invited to parliament on Monday, days after a sophisticated cyber attack crippled online government infrastructure bringing all digital services and government websites offline.
“‘NATO member countries must increase efforts in the face of cyber threats as well as cooperation between intelligence agencies, which is nowhere more urgent than in this region,’ he said.”
The Wall Street Journal reported earlier this year that Finland and Sweden were also being hit by cyber attacks: “Authorities in Sweden and Finland have raised alert levels for cyberattacks, concerned they face increased hacking risks because of the war in Ukraine and the two Nordic countries’ subsequent applications to join NATO.
“Since Russia invaded Ukraine in February, cybersecurity officials in Sweden and Finland haven’t seen an increase in attacks targeting critical infrastructure, though they say the countries are becoming more interesting targets for hacking groups with Russian ties.
“The two Nordic countries applied to join the North Atlantic Treaty Organization on Wednesday, after decades of neutrality.”
BACK TO THE U.S.
Earlier this year, Transportation Security Administration (TSA) directives took effect which required cyber preparations for rail owners and operators following its imposition of similar requirements on airports and airlines. The key points of those directives included:
- “(Last) December, the Transportation Security Administration (TSA) issued a pair of Directives establishing cybersecurity measures for high-risk freight rail, passenger rail, and rail transit owners and operators. These directives went into effect December 31, 2021. Specifically, owners and operators must: (1) name a cybersecurity coordinator; (2) report any cyber incidents within 24 hours to the Cybersecurity and Infrastructure Security Agency (CISA); (3) develop an incident response plan; and (4) complete a cybersecurity vulnerability assessment.
- “At the same time, TSA issued an Information Circular recommending that lower-risk rail owners and operators and over-the-road bus owners and operators implement the above requirements voluntarily.
- “TSA had previously directed airports and airline operators to (1) name a cybersecurity coordinator; and (2) report cyber incidents within 24 hours to CISA.
- “The resulting deadlines for applicable rail owners and operators are the following:
- January 7, 2022 – Designate a cybersecurity coordinator
- March 31, 2022 – Conduct cybersecurity vulnerability assessment
- June 29, 2022 – Implement a cyber incident response plan”
FINAL THOUGHTS
See More Stories by Dan Lohrmann
*** This is a Security Bloggers Network syndicated blog from Lohrmann on Cybersecurity authored by Lohrmann on Cybersecurity. Read the original post at: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/nato-countries-hit-with-unprecedented-cyber-attacks