Targeted attacks on Norwegian websites

Several large Norwegian companies were exposed to cyber attacks yesterday. Important websites and online services were periodically unavailable and normal operations were affected for many. The National Security Authority points out that it appears that a pro-Russian criminal group is behind the attacks.

Similar attacks, especially since the outbreak of the war between Russia and Ukraine, have been carried out in other countries as well - but no one has reported lasting consequences. Such attacks nevertheless quickly create insecurity in the population and can thus also contribute unfortunate through influence and by involving us as an actor and a pawn in ongoing political situations.

Norway has a clear role in international politics with the Norwegian Secretary General of NATO and as a strong supporter of Swedish and Finnish NATO membership, and will most likely be the target of various variants of cyber attacks.

What can we expect?

  • DoS (Denial of Service) DoS attacks are most likely to occur in different variants. The first big wave came yesterday and was aimed at a number of government actors. DoS will mainly put services out of play for a period in that services are flooded with traffic, and thus congested and both legitimate and illegitimate traffic stops. These are often organized so that they occur in the form DDoS (Distributed DoS), where a network of compromised machines worldwide can be used for the attack.
  • Crypt attack, where all or part of the business is affected. Consequence will mainly be loss of data. This type of attack gives attackers the opportunity for financial gain in the form of extortion. Often starts with a user clicking on a link or opening a file. Here it is important to have control over user access to minimize potential consequences, as well as have good backup services and routines to be able to retrieve data.
  • Burglary to retrieve / steal data. Typically aimed directly at specific victims. Can be very difficult to detect, and often lasts for long periods.

What should your business do?

The company should sharpen its preparedness and general vigilance. NSM has prepared a checklist for this which can be found on their website: https://nsm.no/fagomrader/digital-sikkerhet/nasjonalt-cybersikkerhetssenter/nyheter-fra-ncsc/digital-beredskap-i-en-skjerpet-situasjon/

Recommended measures from NSM

The measures are based on NSM's basic principles

  • Have an overview of the systems
  • Have good and secure backup (crypto-secure backup)
  • Have control over the vulnerability surfaces
  • Control users and user accesses so that users no longer have the access they need
  • Enhance surveillance and logging to better detect an attack and more easily get out of an attack
  • Better safety culture for employees
  • Be prepared for incidents and have a prepared and rehearsed contingency plan
  • Have control over suppliers and what dependencies there are to these
  • Also protect cloud services

What can and should each of us do?

  • Ensure increased vigilance among employees
  • Expect increased phishing and attempts at social manipulation
  • Be extra critical of links in emails and text messages
  • Have good password hygiene, ie good strong passwords and not reusing passwords across services
  • Always use MFA / two factor where possible, also in private accounts. Private accounts can often be a way forward into more critical systems.