Top | |
Newsletter August 14, 2022 |
Back to Contents A Printable PDF of this post is available here. |
Small Ball in the Global Cyberware; Or,
They
got guns
—
Bert Kalmar, "This Country’s
Going to War" In researching for interesting facts or events in writing this blog, I occasionally run across an article than causes even an old jaded war horse such as myself to have a real WTF? moment. My most recent moment of astonishment came when I read the news that the nation of Albania suffered a cyberattack that caused the government of Albania to shut down all of its computers. Iran had been credited with launching the attack against this small Balkan country. The Albanian Daily News, which bills itself as "The Most Authoritative Albanian Source in English," first reported the attack, July 17, 2022, with the following: The National Agency of the Information Society (AKSHI) has informed that they were forced to shut down government systems until the neutralization of the enemy attacks in order to cope with the cyber attacks.
Of course, to a casual observer to world events, one must wonder what
did Albania do to Iran to warrant a crippling cyberattack? Albania
was the host nation for an event in July 2022, called, "Free
Iran World Summit." That threats had been made to
this event caused the US State Department to warn American citizens to avoid
the Summit. “The US government is aware of a potential
threat targeting the Free Iran World Summit to be held near Durres.”
Ultimately, the Free Iran conference
was postponed because of the cyberattck. The use of ransomware to conduct a politically motivated disruptive operation against the government websites and citizen services of a NATO member state in the same week an Iranian opposition groups' conference was set to take place would be a notably brazen operation by Iran-nexus threat actors.
This attack on that geopolitical farthing, Albania, follows on an even
more devastating attack on that powerhouse of the Caribbean, Costa Rica.
It is believed that the Conti Russian ransomware gang began its intrusions into Costa Rican
systems in April 11, 2022.
By first compromising the Ministry of Finance, four days later the gang
had stolen "672GB of data on April 15 and executing the ransomware."
A set of credentials for the Ministry of Finance were hijacked and used
to gain access and launch the attack. On May 8, 2022, Costa Rica declared a National emergency, as the ransomware spread to all other departments of the government. The government of Costa Rica refused to pay the $10 million ransom that grew to $20 million as the attack continued. To the Costa Rican people it felt much like a foreign invasion — as if Russians forces had landed at the Port of Caldera. And internal subversives were suspected in assisting Conti. As Costa Rican President Rodrigo Chaves declared: We’re at war and this is not an exaggeration,... The war is against an international terrorist group, which apparently has operatives in Costa Rica. There are very clear indications that people inside the country are collaborating with Conti.
There is a certain symmetry to the two attacks.
Iran and Albania have a long history of conflict.
Most recently,
Albania is the host country for about 3,000 Iranian exiles, a contingent
of the People’s Mujahedin of Iran, MEK. Costa
Rica, for its part, has been very supportive of Ukraine in the current
conflict.
Other security experts think the Conti is simply profit motivated, and
believed Costa Rica had the means and ability to pay. This is going to be an increasingly bigger problem and governments have to take firm action against ransomware actors. These are non-nation-state groups engaging in essentially nation-state-style attacks and there should be appropriate repercussions for these actions. And experts agree that large scale debilitating attacks against a powerhouse like the United States, although possible, are unlikely, and would probably not have the same devastating consequences as befell Albania and Costa Rica. Less wealthy countries, with less investment in cyber security, will however certainly be likely future targets of ransomware attacks.
US State Department offers $10 million reward for Conti Crooks
“In case you haven't heard before
— Bert Kalmar, "This Country’s Going to War" |
Back to Top Gerald Reiff |
Back to Top | next post → |