Denmark Hit With Largest Cyberattack On Record

p
Critical Infrastructure Security
ppHackers potentially linked to the Russian GRU Main Intelligence Directorate carried out a series of highly coordinated cyberattacks targeting Danish critical infrastructure in the nations largest cyber incident on record according to a new reportppSee Also Live Webinar Generative AI Myths Realities and Practical Use CasesppSektorCERT a nonprofit cybersecurity center for critical sectors in Denmark reported that attackers gained access to the systems of 22 companies overseeing various components of Danish energy infrastructure in May The report published Sunday says hackers exploited zeroday vulnerabilities in Zyxel firewalls which many Danish critical infrastructure operators use to protect their networksppMost of the attacks were possible because the companies had not updated their firewalls said SektorCERT It said several companies opted out of the software update because there was a charge for installation Some companies mistakenly assumed the relatively new Zyxel firewalls already featured the latest updates and others wrongly believed the vendor was responsible for implementing the updatesppThe firewall vulnerabilities initially reported in April and tracked as CVE202328771 allow attackers to gain remote access to industrial control systems without authentication SektorCERT described the cyberattack as remarkable for its meticulous planning and coordination saying that the threat actors demonstrated an ability to identify companies with vulnerable devices and orchestrate a simultaneous campaign against the targeted firmsppTo this day there is no clear explanation of how the attackers had the necessary information but we can state that among the 300 members they did not miss a single shot the report saidppEleven companies were immediately compromised according to the report allowing the attackers to gain control of the firewall and access the critical infrastructure behind it SektorCERT said the simultaneous attack prevented the energy companies from warning others in advance since everyone is attacked at the same timepp

ppThe report described the purpose of the cyberattack as intelligence gathering and said attackers had executed code on the firewall that caused it to send back usernames and configuration details SektorCERT said it estimated that the attackers used this command as reconnaissance to see how the respective firewalls were configured and then choose how the further attack should proceedppThe attacks began on May 11 followed by 10 days of inactivity A second wave of attacks began on May 22 when SektorCERT received an alert that one of its members had downloaded new firewall software over an insecure connection It remains unclear what nationstate actors or specific cybercriminal organizations are behind the attacks as well as whether or not multiple groups were involved in the series of cyber incidents targeting Danish critical infrastructureppSektorCERTs analysis indicated traffic on breached networks came from servers associated with a unit of Russian military hackers popularly known as Sandworm Sandworm also known as Seashell Blizzard and Voodoo Bear has notoriously attacked critical infrastructure operations in Ukraine as Russia carries out its war of conquest A report published earlier this month said the hacking group had used novel techniques to conduct a targeted attack on a Ukrainian power substation see Russian Military Hackers Caused Power Outage in October 2022ppSeveral of the breached companies avoided causing any significant impact on the Danish energy system by disconnecting from the local or national power networks and entering island mode operation which isolated their systems and prevented the potential spread of the attack across the broader Danish energy systemppSektorCERT urged companies to set up segmented networks to avoid enterprisewide breaches and ensure all network inputs to operational technology systems have been mappedppManaging Editor GovInfoSecurityppRiotta is a journalist based in Washington DC He earned his masters degree from the Columbia University Graduate School of Journalism where he served as 2021 class president His reporting has appeared in NBC News NextgovFCW Newsweek Magazine The Independent and morepp
ppCovering topics in risk management compliance fraud and information securityppBy submitting this form you agree to our Privacy GDPR StatementppwhitepaperppwhitepaperppwhitepaperppCybercrimeppBreach NotificationppCritical Infrastructure Securitypp3rd Party Risk ManagementppCyberwarfare NationState AttacksppContinue pp
90 minutes  Premium OnDemand 
ppOverviewppFrom heightened risks to increased regulations senior leaders at all levels are pressured to
improve their organizations risk management capabilities But no one is showing them how
until nowppLearn the fundamentals of developing a risk management program from the man who wrote the book
on the topic Ron Ross computer scientist for the National Institute of Standards and
Technology In an exclusive presentation Ross lead author of NIST Special Publication 80037
the bible of risk assessment and management will share his unique insights on how toppSr Computer Scientist Information Security Researcher
National Institute of Standards and Technology NISTppWas added to your briefcaseppDenmark Hit With Largest Cyberattack on RecordppDenmark Hit With Largest Cyberattack on Recordpp
Just to prove you are a human please solve the equation

ppSign in now ppNeed help registering
Contact support
ppComplete your profile and stay up to dateppContact Support ppCreate an ISMG account now ppCreate an ISMG account now ppNeed help registering
Contact support
ppSign in now ppNeed help registering
Contact support
ppSign in now ppOur website uses cookies Cookies enable us to provide the best experience possible and help us understand how visitors use our website By browsing bankinfosecuritycom you agree to our use of cookiesp