Albanian government websites go dark after cyberattack
Citizen services only moved online in May. What could possibly go wrong?
Updated Albania's online public services and websites have gone dark following what appears to be a cyberattack.
According to a statement from the Albanian National Agency for Information Society (AKSHI), the websites of the Prime Minister's Office and Parliament have both been pulled as has, critically, the e-Albania portal used by residents and foreigners alike to access public services.
The latter is particularly alarming since the Albanian government closed many in-person services in favor of the e-Albania portal in May 2022.
Albanian media reported that the attack was detected on Friday, and bore some resemblance to those carried out in Ukraine and Germany. AKSHI has apparently since cooperated with Microsoft's Detection and Response Team (DART) as well as Jones Group International to sort out the problems and get everything back up and running as soon as possible.
A statement attributed to the Prime Minister's Office by Albanian media assured citizens that their data was safe and backed up. Systems would be verified individually before being brought back online.
At the time of writing those systems were definitely offline.
There has been a significant surge in malware in 2022, coinciding with Russia's invasion of Ukraine. Indeed, hundreds of computers in the war-torn country were infected with data-wiping Windows malware earlier this year and cybersecurity agencies warned in April that critical infrastructure should be ready for cyberattacks as groups motivated both by financial incentive and political ideology eyed international targets.
Other nations suffering at the hands of hackers include Costa Rica, which found itself the subject of ransomware attacks by the notorious Conti group.
- North Koreans spotted harassing SMBs with malware
- Windows Network File System flaw results in arbitrary code execution as SYSTEM
- Digital burglary at recruitment agency Morgan Hunt confirmed
- Homeland Security warns: Expect Log4j risks for 'a decade or longer'
The attack on Albania appears similar to the one that knocked out the IT systems of Deutsche Windtechnik in April 2022. While the wind turbines looked after by the company were undamaged, it did take a few days before normal operation could be resumed.
Albania's woes serve as a reminder that redundancy needs to be considered, in addition to the security needs of IT infrastructure. And maybe a wholesale shift online might not be such a smart move if, a mere few months later, your new e-Portal gets taken out by miscreants.
Oliver Pinson-Roxburgh, CEO of Defense.com, commented: "The large-scale cyberattack that took down the Albanian government's digital services illustrates the high stakes at play in our digital and connected world. While we have seen independent hacking groups targeting the IT infrastructure of nations in the past, it is unusual that an autonomous group would be able to operate on this scale. Nation-state actors on the other hand certainly have the capabilities to target and unsettle the digital operations of other countries. As disruption appears to be the ambition of this incident, rather than financial gain, a nation-state actor appears the most likely culprit for this attack.
"The vital government services that Albanians rely upon, from healthcare to tax have all been affected, with significant consequences for vulnerable people. The fact that the digital infrastructure of an entire country can be attacked and disrupted should serve as a stark warning for businesses. Such attacks have the potential to spiral and cause far-reaching consequences. Businesses need to monitor for any spill over into their systems, bringing a defense-in-depth approach that combines everything from monitoring through to employee training." ®
Updated to add July 19 09:55 UTC
A Microsoft spokesperson said of the woes facing the Albanian government's IT systems: "We have nothing to share."