The Albanian government was forced to shut down its online services after suffering “a synchronized criminal attack from abroad”.
Albanians were unable to use dozens of government services on Monday as a cyberattack caused the main servers of the National Agency for the Information Society go down only months after moving most public sector services to an online portal.
“Albania is experiencing a massive cyber attack that has never happened before. This criminal cyber attack was synchronized… from outside Albania,” the Council of Ministers said in a press release.
The “broad and complex” attack began on Friday and targeted government infrastructure and other online public services and rendered them inoperable, the government added.
The perpetrator of the attack was not identified, although the statement said the method the hackers used was identical to last year’s attacks on Belgium, Germany, Lithuania, Malta, the -Bas and Ukraine.
Albanian authorities have assured that all citizens’ data stored on the government website is “safe and intact”, and say they are working with experts from Microsoft and US-based Jones Group International to resolve the situation.” and bring it back to normal.” ”
Until the threat passes, many public services will remain unavailable, although the most vital ones, such as online tax filing, will still work, as they use separate servers.
Sali Berisha, a former prime minister and opposition leader, blamed government incompetence for the collapse, pointing out that the government had concentrated too many services in AKSHI without adequate protection.
“How come the government is ordering almost every important service to go through this website? He asked. “How can such initiatives be undertaken when no professional police against cybercrime is yet in place?
The cyberattack happened shortly after the government of Albanian Prime Minister Edi Rama has shut down desktop services for the population and ordered the mandatory use of its online services for everything from registering for school to obtaining an ISBN number for a new book at the National Library.
As a result, several government services, including Parliament, the Prime Minister’s Office and the e-government gateway used by businesses and citizens, are hosted on the government network and have been taken offline, as a precaution.
Over the past two years, there has been a significant increase in cyberattacks which, when aimed at public administrations, can have significant consequences.
“Governments are at disproportionate risk from cyberattacks, both from cybercriminals and geopolitical adversaries,” said Chris Clements, vice president of solutions architecture at Cerberus Sentinel. “Government systems and networks can lag behind in cybersecurity best practices and the speed and thoroughness of remediation compared to private organizations. This makes them easier targets for cybercriminals looking for a paycheck. extortion through ransomware and large-scale data theft as well as hostile alien nation states seeking to disrupt the functioning of their target.”
However, despite the significant impact these attacks can have on the population, experts point out that they are often less sophisticated than expected and can boil down to a few key issues such as misconfigurations, exploited bad passwords, unpatched software, or a malicious or non-malicious insider making unauthorized changes.
“Governments need to protect their data not just with strong perimeter security, but with data-centric security, such as tokenization applied directly to that data,” said Erfan Shadabi, cybersecurity expert at comforte AG. “Implementing a Zero Trust philosophy, backed by more data-centric protection methods, can really help in the long run to avoid disasters like the one the Albanian government is facing.”
Whatever the root cause, the Albanian government decided to take no risks by shutting down all government services run by the National Agency for the Information Society, a move some have questioned, the considering it too extreme.
“While this is an answer, organizations and nations need to weigh the risks of removing online services. For many citizens, many services are only accessible online, and removing of services can leave them in the dark,” said Javvad Malik. , leading advocate for security awareness at KnowBe4.
Sign up for the E&T News email to get great stories like this delivered to your inbox every day.