The European Parliament suffered a cyberattack on Wednesday morning, shortly after the institution. Voted to strengthen economic sanctions against Russia for its involvement in eastern Ukraine and annexation of Crimea earlier this year. The new sanctions are expected to be implemented as early as Thursday. In response, Russian officials have threatened retaliation. But have not yet confirmed whether or not they will enact counter-sanctions against Europe. The US has also announced plans to impose further sanctions on Russia if it continues to engage in state-sponsored terrorism and undermine Ukraine’s democratic processes [1].
Looks like a DDOS on the public website pic.twitter.com/UYAxoL0Y09
— JB (@spacecowboy000) November 23, 2022
DDos being like pic.twitter.com/o6OEon6mIV
— A Disturbed Round Ball Who Browses The Web (@disturbingmario) November 23, 2022
Lupovis actively tracks cybercrime across the globe, and we often see attacks take place in response to specific events, which is what has happened here.
Fortunately, it looks like the EU parliament has been able to defend the availability of its services, but it does show there is no smoke without fire.
When organisations or governments alley themselves with Ukraine, or when they oppose Russia’s invasion, we often see them suffer a tsunami off attacks in retaliation. These are not just from nation-state actors, but hacktivists and patriotic hackers as well.
Preparing for these incidents and understanding the likelihood of them happening and the techniques criminals could employ is a vital defence for all governments and businesses.
The landscape here is greatly evolving and has changed monumentally over the last five years, and we as citizens are not yet used to the idea of cyberwarfare being a legitimate tool that a country can employ – but the truth is that we are all on the frontlines. Even if the disruption itself doesn’t seem major, a cyberattack on the government can create an underlying fear of chaos amongst citizens. Every country and organization should think very carefully about its cybersecurity posture. That said, having a bullet-proof defense against DDoS attacks is almost impossible. So, it’s critical that government, business and IT leaders understand the threat landscape and adapt with it by having multi-layered defense strategies that strengthen their cybersecurity posture to prevent these attacks altogether.
Given that the affected systems are critical for the functioning of the parliament as a part of its work processes, it is concerning to see they rely on a single point of failure that can be easily targeted by distributed denial of service attacks. Cyber security is first and foremost about understanding and preparing for the acts of the adversaries based on risk and criticality. This can be achieved by proactively gathering and analysing threat intelligence to guide the work, which in this case the potential adversaries are relatively easy to predict. Given that EU is attempting to enforce stronger cyber security through new legislations, it is certainly time to review the very core systems for the democratic processes.
On the heels of our cyber warfare panel, this is an interesting example of how a cyber-attack may translate to have real-world impact. According to publicly available information, the European Parliament is subject to a Distributed Denial of Service (DDoS). While all public sources call it a sophisticated attack, DDoS attacks more similar to carpet bombing a target with dumb bombs. The DDoS attack mainly aims at exhausting the computing resources of the target. What is interesting to. Note is that DDoS attacks typically impact only the outside shell of an organisation. From public comments, it would appear that some internal services have been impacted as well. This can indicate one of two things. First, the DDoS attack may have been used as a distraction while a smarter more sophisticated attack was directed at the internal services. The second possibility is that the European Parliament’s network was not built to fully segregate the internal services from the outside, publicly facing, services. At this point it is hard to tell which of the two is the correct explanation for the impact noted on internal services. Another takeaway is to note how dependent we have all become on the public internet – that a cyberattack can send people scrambling to find workarounds to downed online services.