In response to reports that a synchronized criminal attack from abroad hit Albania over the weekend, all Albanian government systems shut down following the cyberattack, cybersecurity experts reacted below.
“History has shown over and over that country governments are not immune to cyberattacks. And it’s not like Albania is likely to be unusual in their cybersecurity posture.Whatever holes were used to gain access and disrupt Albania are likely widely present throughout the world. The world in general does not do the basic things (e.g., fight social engineering, patch vulnerabilities, etc.) with the correct amount of focus. It is the inability for most of the world to correctly, appropriately, focus resources on the most common ways we are attacked that allows hackers and malware to be so successful.For most businesses and countries to fall all it takes is some hacker somewhere deciding to focus on exploit holes which have likely been there for months to years. That’s the sad state of things today. Albania isn’t the first country to fall and they will not be the last.”
“Details are limited at the moment, so it is unclear as to what the attack is. However, as we’ve seen in the past, many sophisticated attacks turn out to not be so sophisticated and can be boiled down to a few key issues such as misconfigurations, poor passwords being exploited which give attackers access to internal systems, a social engineering attack, unpatched software being exploited, or a malicious or non-malicious insider making unauthorised changes.
Whatever the root cause, it looks like the Albanian response is not taking any chances by shutting down all government services.
While this is one response. Organisations and nations need to weigh up the risks of taking down online services. For many citizens, many services are only accessible online, and taking down of services can leave them out in the dark.”
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics