A fastidiously coordinated cyber-attack on Lithuania that occurred final week has been described by the republic’s protection minister as one of many “most complex” safety incidents to focus on the Baltic state in current historical past.
On the night time of December 9, cyber-criminals breached a number of content material administration methods to realize entry to 22 completely different web sites operated by Lithuania’s public sector. The attackers then revealed articles containing misinformation on the websites.
Among the faux information posted by the risk actors was a narrative that alleged a Polish diplomat, carrying unlawful medication, weapons, and cash, had been detained on the Lithuanian border. This fictitious story was shared on the web site of the State Border Guard Service (VSAT).
Another article claimed that corruption had been uncovered within the Šiauliai airport, the place NATO’s Baltic air-policing mission is housed.
A 3rd piece of misinformation promulgated within the assault inflated figures to make it seem as if extra Lithuanians had been drafted into the army than was the case.
An investigation into the assault by the Defense Ministry’s National Cyber Security Centre (NKSC) discovered that the web sites focused by the attackers had been largely run by regional municipalities.
In a press release revealed on Wednesday, Lithuania’s protection minister, Arvydas Anušauskas, described the digital assault as one of many “biggest and most complex” cyber-attacks to hit the republic lately.
Anušauskas added that the assault, which occurred “on the eve of the government’s transition […] was prepared in advance and with a goal in mind.”
After hacking into the methods and posting the false articles, the attackers launched an e-mail spoofing marketing campaign to unfold the misinformation so far as doable. The attackers impersonated the protection and international ministries in addition to the Šiauliai Municipality Administration to ship out emails containing hyperlinks to the fallacious tales.
“This shows huge gaps in cybersecurity of the public sector,” stated Anušauskas.
Following the assault, the NKSC has submitted quite a lot of cybersecurity recommendations to municipalities. These embrace actively trying to find vulnerabilities, limiting entry to content material administration methods, putting in a firewall, and avoiding the usage of passwords which can be straightforward to guess.