Montenegro issued a warning over a massive ongoing cyberattack against government services and key public infrastructure including power plants and water supplies. Officials are putting the blame on Russian state-backed hackers, who have been targeting Ukraine’s allies since the invasion earlier this year.
The Montenegrin Agency for National Security (ANB) said the country had been caught up in a “hybrid war”, with Russia using state-backed hackers to bring down infrastructure.
Targets are said to include electricity and water supply systems, transportation services, online state services and public data. Several services have had to be disabled due to the attack in order to preserve data and operations.
Defence Minister Rasko Konjevic said this weekend he believes a Russian-backed group is behind the attack, which has been ongoing since 22 August. “Who could have some kind of political interest in inflicting such damage on Montenegro? I think there is enough (evidence) to suspect that Russia is behind the attack,” Konjevic said in a television interview.
He said the cost of the malware used to enter the systems suggests the attack has state support. The malware in question is listed on the dark web for between $100,000 and $2.5m.
Ministers pledge action on Montenegro cyberattack
“The damage is being repaired and we are assessing its extent,” Marash Dukaj, Montenegro’s minister of public administration, said during a press conference. “The system will suffer no lasting effects. A huge amount of money was invested in this attack on our system.”
Several power plants within the country have been switched to manual operations and a number of state-managed IT infrastructure services have been taken offline to contain the effects of the attacks.
Dukaj posted on Twitter that while services had been disabled “the security of the account of citizens and business entities and their data is not in any way endangered”.
The Balkan country is undergoing a political crisis with ongoing clashes breaking out between those supporting a move to join the European Union and those supporting a closer relationship with Russia, led by pro-Russian Serbs.
This was further fuelled by the government opting to support sanctions on Russia following its invasion and ongoing war with Ukraine, prompting Moscow to add Montenegro to its list of “enemy countries”.
It is this support and a push for closer integration with the EU and NATO that is thought to be behind the ongoing cyber attacks. Montenegro is getting support from NATO allies in the fight against the attacks with France dispatching the French Agency for Information Security Systems to defend critical systems and restore compromised networks.
The attacks have prompted the US embassy in Montenegro to warn its citizens in the country to be on alert due to “persistent cyber attacks” that it says could cause “disruptions to the public utility, transportation, and telecommunication sectors”.
Criticial infrastructure attacks are a growing problem
JP Perez-Etchegoyen, CTO of cybersecurity company Onapsis said there have been a growing number of cyber attacks on critical infrastructure in recent years, including an extensive attack on Estonia this month dubbed “the most extensive since 2007”.
Another attack, earlier this year, led to Costa Rica declaring a state of emergency after a Russian-speaking ransomware gang threatened to overthrow the government in the wake of two cyberattacks.
“While these attacks are of varying severity – Estonia experienced minimal disruptions to critical websites while Costa Rican health officials were unable to access critical healthcare records and tax systems were frozen for weeks – they show that cybercrime is no longer just about obtaining data. Instead, cybercrime is being used against real-world infrastructure and with very real consequences,” said Perez-Etchegoyen.
He said the solution is to ensure organisations implement patches immediately after release and ensure they have a response plan in place if defenses fail.
“These response plans should focus on response plans that specifically deal with attacks against business-critical applications. This starts with ensuring that they have a full overview of the IT landscape and that they have a complete record of all applications, users, and data that exist within to ensure they are all well-protected.”
He added: “They should also play out “what if” scenarios that prepare IT teams for any kind of attack. This will mean that the organisation is in a position to quickly recover from an attack and resume business as usual.”
Tech Monitor is hosting a roundtable in association with Intel vPro on how to integrate security into operations. For more information, visit NSMG.live.