Attacks by Russian hackers across Europe. Expert: The goal is energy and lowering the comfort of living

Eryk Kielak, Gazeta.pl: In recent weeks, the victims of cyberattacks have been e.g. American airports, the Institute of the Polish Mother’s Memorial Hospital, transport and logistics companies in Poland and Ukraine, and even the Slovak parliament. Russian hackers are responsible for many of them. Why have hacker attacks been on the rise lately?

Ireneusz Wiśniewski: Winter is coming, and with it the security of the company and installations that provide heat, electricity and other municipal services is gaining importance. The failure of Russian aggression and Europe’s support for .

Their target is critical infrastructure, including communications and . All this in order to lower the comfort of living in the countries involved in supporting Ukraine. Ultimately, the Russian authorities are trying to worsen public sentiment and limit support for Ukrainians who are defending themselves.

European institutions such as airports in Great Britain, the United States and trains in Germany are being attacked. How can hackers destabilize the situation in Europe?

Transport and broadly understood communication are connected vessels. The failure of one element negatively affects the others. Shutting down northern rail control systems stopped trains running for several hours.

Importantly, in the case of this incident, there is no typical hacker attack, but interference in the network by cutting telecommunications cables. This shows how important it is to secure physical and digital connections. In the case of the attack on American airports, there was a typical server overload with many millions of requests.

The aforementioned attacks on railway infrastructure in , or American airports are just the tip of the iceberg. Blocking official websites, building a sense of threat or causing panic are the potential consequences of subsequent incidents.

Overloading servers or blocking websites, especially government organizations, cannot be easy. How do hackers act to destabilize the situation in Europe?

The most commonly used method is the DDoS formula. Such an attack is carried out mainly from devices that have been taken over by malware or bots. F5 engineers analyze the traffic used for such purposes and can confirm the intensification of activities in recent months. This means that the owners of these devices may not even know that their computer or smartphone may be being used, without their awareness, to carry out a DDoS attack.

What threats can arise from such a takeover of control and subsequent attacks?

Depending on the target of the attack, there is a serious risk of traffic accidents, loss of control over air traffic, or stoppage of delivery . Of course, airports or air navigation agencies are well protected against such attacks. This means that they generally have a number of contingency countermeasures they can use in the event of an incident.

Regardless of this, a failure, for example, of train traffic control causes gigantic delays and disorganizes railway work. Which in turn also affects other entities. If the train from , does not arrive, the train will not deliver it to the customers, etc.

A train delay is undoubtedly a nuisance, but it is not the end of the world. How do hacker attacks still threaten ordinary citizens?

Here I would distinguish between hacker attacks on public service institutions and digital fraud, such as phishing. Both of these threats affect the daily lives of citizens, but in very different ways.

From the perspective of running the state, hacker attacks disorganize the work of public institutions, lowering its quality and increasing operating costs. Recently, Polish servers have become the target of a DDoS attack. Attempting to overload the system will certainly disrupt the work of senators, making it difficult for them to fulfill their duties.

An attack on a traffic control center, power plant or gas pipeline lowers the comfort of living by extending the journey, interrupting the supply, or more expensive at the station. It is dispersed and its effects are spread over time. In contrast, phishing and bot attacks on the enterprise directly affect ordinary citizens. In the aftermath of an attack, they may lose their life savings or lose access to key digital services.

Last year, CERT Polska recorded nearly 30,000 unique cybersecurity incidents. Three quarters of them concerned phishing attacks, which are the most common cyberthreat in the country.

big scale. How to prevent such attacks? Can you defend against them?

We must be aware that each of us has an impact on the collective . DDoS attacks use the computing power of infected computers, their owners are not even aware that their equipment sends thousands of queries to a given server, trying to overload it.

Therefore, first of all, do not open links and attachments whose origin you are not sure of. When an unseen friend on social media sends us a link, don’t click on it. Instead, let’s ask the question of what is supposed to be behind this link. When cybercriminals take control of someone’s social media account, they try to infect more people in their victim’s network of contacts.

In the case of the previously mentioned attacks on the main culprits, the Russians are typical. Which Russian groups are the most dangerous?

Our experts have observed the activity of such hacker groups as Killnet, Gamaredon, Sandworm and Fancy Bear in Ukraine. These are criminal organizations that operate in Russia, probably with the permission of the government. Our task is not to prove the guilt and connections of criminals, it is the work of the investigating authorities, and we prevent the consequences of their criminal activities.

The bot attacks used by the Russians are difficult to stop. Hackers are honing their tools to bypass security by quickly solving CAPTCHAs and mimicking human behavior online. That is why we develop tools based on artificial intelligence, such as Distributed Cloud Bot Defense, whose task is to track and detect irregularities.

Is Poland prepared for hacker attacks? After all, the aforementioned Killnet group openly declared cyberwar on Ukraine and several countries supporting it, including Poland.

We can assume that Polish critical infrastructure is regularly put to the test. So far, we have not recorded incidents that paralyzed the activities of national institutions for a long time. However, in this matter, you cannot stand still, so you should constantly monitor the situation and develop cyber defense even in the least obvious places.

Over a year ago, together with NASK, we implemented the Nationwide Educational Network, a public telecommunications network program that gives schools across the country access to fast, free and secure internet. This is an example of an efficient and successful investment in cybersecurity, but there are many more areas that require changes. Starting from hospitals, through administration and ending with universities. For now, Polish cyber defense is passing the test, but there is still a lot of work ahead of us before all areas are properly secured.

So what will the cybersecurity situation look like in Poland and Europe in the coming months?

Currently, the security of energy infrastructure is crucial. Paralyzing her actions has severe consequences. Attacks on transmission grid control centers, local CHP plants or supply chains may intensify.

Cybercriminals usually look for the weakest point of defense. However, it is difficult to clearly identify such a place without extensive testing and auditing. I recommend everyone to be more careful, due to their own safety and comfort, as well as the safety of the entire system.