Russia Behind Cyber Attacks Says NUKIB

The Czech cybersecurity service says Russian backed hackers launched multiple attacks on strategic institutions in the Czech Republic. In the annual report for 2019, the National Office for Cyber and Information Security (NÚKIB) drew attention. The Office did not specify which institution was attacked. Czech Radio Radiožurnál reports. According to the NÚKIB report, the number of cyberattacks in the Czech Republic increased year-on-year. Czech institutions are also facing a shortage of money and cybersecurity experts, the most severe healthcare problem.

NÚKIB stated that espionage against the Czech institution began with the so-called spear-phishing e-mail, which serves to gain the user’s trust who downloads the malicious program into the system. According to the Office’s analysis, the Sofacy group, which the professional community associates with Russian GRU intelligence, was probably behind.

According to the Office, the Winnti group’s activity, which deals mainly with cyber industrial espionage, was not recorded in the Czech Republic last year. However, NUKIB warns that this group, which experts most often associated with China, could, with a 50 percent probability, attempt an attack in the foreseeable future.

In 2019, NÚKIB recorded 217 cyberattacks against Czech institutions, organizations, and companies. Fifty-three more were added year-on-year. Most attacks took the form of spam, phishing, or fraudulent e-mails, which often lead to more malicious attackers.

According to the Office, the attack on computers was reduced to use them to extract cryptocurrencies. The nature of extortion attacks has also changed – they are not conducted across the board, but purposefully. For example, the Benešov hospital became their target. According to the Office, the critical infrastructure did not face any concentrated cyber attack.

In its annual report, NÚKIB also states that Czech institutions face a lack of money and experts in ensuring cybersecurity. The most serious is the situation in health care, where the amount of funds allocated to cybersecurity is between zero and five percent of the total budget. At the same time, the Office warns that this situation is likely to continue this year and next, which could lead to a higher number of successful cyber attacks.

Targeted attacks from various groups from countries such as Russia, China, North Korea, and Iran, according to BDO’s IT security expert Martin Hořický, make up a significant proportion of targeted cyber attacks. “It usually starts in the form of a phishing e-mail to evoke in the recipient an urgent need to perform the required action. Once it does, it can lead to infection of the station or disclosure of the network. By the time the station is infected, there is no obstacle to the virus’s spread, which the environment allows, “he said.

“Public administration and healthcare are not worse off than other segments and industries in the market. They are only more exposed because they are a more attractive target for hackers. The added value of leaked data from the state administration system is undoubtedly better here than, for example, the list of invoices or customers of a small tradesman, “added Karel Diviš from IDC-Softwarehouse.