Search This Blog

Showing posts with label Lithuania. Show all posts

Lithuania has experienced 1,780 cyber incidents in six months

According to the Lithuanian military, the sharp increase in the number of hacks is caused by two main reasons – the global vulnerability of Microsoft Exchange email and several major leaks of personal data.

Lithuania recorded two percent more cyber incidents in the first half of the year than in the same period last year. A total of 1,780 incidents were identified. Cyber attacks hit IT companies the hardest.

"Such a sharp increase in the number of hacks is caused by two main reasons – the global vulnerability of Microsoft Exchange email and several major leaks of personal data in Lithuania this spring," said Ritis Rainis, director of the National Cybersecurity Centre (NCSC).

In the first half of the year, there were also repeated leaks of personal data (CityBee, LIEMSIS, Kilobaitas, and so on). As a result, the personal data of hundreds of thousands of Lithuanian users became available to the attackers.

According to the Lithuanian military, 55 cyber incidents were classified as medium-severity incidents. Of these, 27 were recorded in the communication and information systems of legal entities. There were also attempts to affect the public sector (ten incidents) and Internet service providers (four incidents).

Disturbance of service (DDoS) cyberattacks was observed at the beginning of the year. Some of them were directed against distance learning in schools.

A Lithuanian cybersecurity expert said that 186 sites of Lithuanian domains infected with malicious code also posed a risk. By mid-May, three-quarters of the sites had been cleaned up, and 49 site managers received repeated instructions from the NCSC to take security measures and remove malicious code.

Cases of Emotet malware distribution were interrupted by successful international law enforcement and judicial operation until February.

Various cyber attacks are often reported in Lithuanian state institutions. Most often they are attributed to "Russian hackers" or they are hinted that they were carried out by "unfriendly countries", although no evidence was found.

Moscow has repeatedly stressed that the accusations of Western partners are unfounded.

Russian intelligence was accused of cyber attacks on Lithuania's top leadership

Last year, hacker groups controlled by Russian secret services conducted cyber attacks on Lithuania's top leadership - This is stated in the annual report on the state of national cybersecurity published by the Ministry of Defense of the Baltic republic

The document claims that Lithuanian foreign policy and national security institutions, as well as energy and education facilities were attacked by Russian intelligence.

"Groups controlled by Russian intelligence services also used the Lithuanian information technology sector infrastructure for cyber attacks against targets in Western countries. For example, in July 2020, there were cyber attacks by the APT29 cyber group against organizations developing a coronavirus vaccine in the West that were carried out using Lithuanian IT infrastructure," the report said.

As noted in the document, some of the cyber incidents registered in the republic last year are associated with "political, geopolitical, strategic events in Lithuania, the region and around the world."

According to the report, "it is assumed that hostile intelligence services seek to illegally obtain information about vulnerabilities in Lithuanian communication and information systems, as well as personal user information (account login data) and use it for other cyber incidents".

As an example, a cyber attack was reported in December 2020, when 24 public sector websites were hacked, three of which published fake news with different content. An investigation into the incident revealed that it had been prepared in advance and was carried out in an orderly manner.

Various cyberattacks are often reported in Lithuanian state institutions. Most often they are attributed to "Russian hackers" or hinted that they were carried out by "unfriendly countries," although no evidence has been found.

Moscow has repeatedly stressed that accusations by Western partners are unfounded.

In addition, the authorities of the Baltic States have consistently obstructed the work of the Russian media. As the Russian Foreign Ministry noted, signs of coordination are clearly visible in the actions of Vilnius, Riga and Tallinn, and the cases of media harassment in the Baltic countries clearly demonstrate that the demagogic statements of these countries about their adherence to the principles of democracy and freedom of speech are worth in practice.

It's interesting to note that the report released by the Lithuanian Ministry of Defense shows that cyber incidents in Lithuania increased by 25 percent in 2020, and the number of incidents involving malware increased by 49 percent.

The data of 110 thousand customers was stolen from the Lithuanian car rental service

It became known that on the night of February 15-16 in Lithuania, the data of about 110 thousand customers of the local car rental service CityBee was stolen.

The information was published on one of the forums of cyber hackers.

"On the night of February 15-16, cybercriminals posted a message on a foreign-registered forum that they had not only the names and personal codes of some CityBee customers, as previously announced, but also phone numbers, email addresses, residential addresses, driver's license numbers and encrypted passwords," said CityBee.

Experts reported that, according to available information, passwords are provided in the SHA1 format without additional security criteria (salt), so they can be guessed automatically and used for unauthorized access.

The company noted that the data is already three years old — and their theft will not affect the security of CityBee customers, since the organization does not store information about payment methods. However, CityBee representatives still asked customers who registered in the system before February 22, 2018, to change their passwords if they used the same or similar password.

According to the Minister of Justice Agnė Širinskienė, such personal data can be used very widely. Especially in the case of international crimes.

"For example, illegal immigration from third countries often occurs with the use of fake documents. Let's just think about how a citizen of a third country X can easily move around the EU with the personal data of a CityBee customer in a fake passport. Now imagine that a resident of country X, who has personal documents filled out with CityBee customer data, is involved in the arms trade, the organization of a terrorist network in Europe, and is suspected of money laundering... while the client of CityBee, the "owner" of the identity, is flying to the Maldives on vacation," Širinskienė gave an example.

CityBee has launched an investigation to find out how customer data was stolen.

The police are conducting a pre-trial investigation.

Lithuanian Police Investigate Leak of 110,000 User Records of CityBee


Police in Lithuania is investigating after the personal information of 110,000 individuals was leaked to an online hacker site. The car-sharing service, CityBee, affirmed the records and data of thousands of its clients had been undermined in the incident. The first part of the database was posted on February 15 and incorporates 110,000 CityBee client IDs, usernames, hashed passwords, complete names, as well as personal codes (national identification numbers) that belong to mostly Lithuanian CityBee users. The subsequent part, posted on February 16 by the same threat actor, seems to contain more definite personal data, possibly including driver license numbers and CityBee credit limits, as well as a folder named “CreditCards.” 

While the proprietor of the post at first guaranteed that the information had been stolen from CityBee at some point in 2020, it was subsequently affirmed that the database was exfiltrated from an unsecured Microsoft Azure blob managed by CityBee at least from February 2018. Apparently, a Rapid7 Open Data Forward DNS tool was utilized to look through the reverse DNS lookup, which was how the threat actor found the unsecured CityBee blob. At that point, a directory brute-force attack was used to enumerate directories in the blob, after which the threat actor downloaded the files. 

“The data, which was uploaded to one of the cyber hackers favourite forums, is three years old,” CityBee said in a statement. A poster on the hacker forum said the rundown was extricated from data grabbed on February 2018 from an unsecured database backup and offered full hacked information for $1,000 paid in Bitcoin. Disclosure of stolen client information won't influence the security of CityBee client financial services, as the organization doesn't gather delicate data identified with client payment methods. 

“We are very sorry. I am one of the victims of the leak because I use the service, and I very well understand that feeling of insecurity,” CityBee CEO Kristijonas Kaikaris told journalists on Tuesday. He proposed the hacked clients “don’t panic” and change their passwords. The organization risks a fine of as much as 20 million euros ($24.21 million), or 4% of its turnover if found in breach of regulations.

Lithuania to allot seven million euros to combat hackers

Lithuania has applied to host the European Cyber Security Competence Center, which is designed to develop technologies and develop protective measures. The Raimundas Karoblis, the Minister of National Defense of the Baltic Republic, openly links the request for its creation with the "Russian threat".The vulnerability of NATO's "eastern flank" continues to worry European countries, which believe that after the protests in Belarus, the issue of Russia's influence is more acute.

Lithuania will compete for hosting the institution with Belgium, Germany, Luxembourg, Poland, Romania and Spain.

Ministry of Defense of the Baltic Republic draws attention to the activity of China and Russia, which are often associated with the hacker threat.

The Minister of Defense claims that "Russian cyber attacks happen quite often," although at the same time he makes a reservation: it is very difficult to formally establish the "authorship" of hacker attacks.

According to him, this is accompanied by information campaigns. It is likely that the work of the European Cybersecurity Competence Center will also be aimed at countering those information messages that will be considered propaganda in Vilnius. By the way, Lithuania offers to place the institution itself in the Vilnius TV tower.

It is worth noting that in January, the Prime Minister of the Republic Saulius Skvernialis called Lithuania "a leader in the field of information security". According to him, this area is a priority for the Baltic Republic.

In addition, Lithuania ranked fourth in the Global Cybersecurity Index (GCI) with a score of 0.908 points. The rating was led by the United Kingdom, which scored 0.931 points. The second and third places are occupied by the United States (0.926) and France (0.918). The top five is completed by Estonia, whose security level was estimated at 0.905 points.

Lithuanian authorities often claim cyber attacks and "Russian interference” without providing any evidence of the "guilt" of the Russian side. Moscow denied all such accusations and stressed that they were "absolutely unfounded".

However, Lithuania is currently concerned about military activity near its borders, which, according to its estimates, has increased against the background of the Belarusian events.

Lithuania accused the Russian media of misinformation

Lithuania has published an annual report submitted by the Ministry of Defense, in which it accused the Russian media of misinformation.

According to Lithuanian experts, the number of complex cyberattacks in the Baltic Republic has increased, which were more advanced both in terms of technological solutions and in terms of content.

According to them, some Russian publications form a negative image of Lithuania, and its image is not true.

The Ministry noted that the image of Lithuania as a hostile and unreliable state is being created. Russian Media uses content that incites war and national hatred, as well as falsified facts, video editing, and deliberately distorted statements.

According to the Ministry of Defense, the flow of such information increases during significant events in foreign policy and within the country in order to form a negative image of Lithuania in the West.

It should be noted that Russian journalists are regularly hindered from performing their professional duties in the Baltic States. Russian Foreign Ministry spokeswoman Maria Zakharova said that Russian media in the Baltic States are being persecuted for historical truth.

It is interesting to add that on April 16, Lithuanian Vice Minister of Defense Edwinas Kerza stated that the routers used in Lithuania to distribute wireless Internet are made not in China, but in Russia, and send user data to servers in the Russian Federation.

"They were common, and still widely distributed, because they are budget-class routers that are quite productive, that is, fast and inexpensive… And as we have established, although they were supposed to be produced in Taiwan, they are actually produced in Russia," said Kerza.

It is reported that the model that attracted such close attention to the Lithuanian military has already been removed from the sale. The security services are concerned that, according to the Vice Minister, up to 90% of routers in the country are of Russian origin, and potentially spy on Lithuanian citizens.

Lithuania leads a European Union Cyber Rapid Response Team (CRRT) at the European Union

Lithuania, the Netherlands, Poland, Romania, Croatia, and Estonia signed a Memorandum on the establishment of a European Union Cyber Rapid Response Team (CRRT). In the event of a cyber attack on any of the countries participating in the agreement, CRRT specialists should be ready to immediately repel the attack. Lithuania played a special role in creating this structure. Experts note that the EU has a really difficult situation with ensuring cybersecurity since not all States have the resources to repel hacker attacks. However, analysts doubt the effectiveness of CRRT.

Lithuanian Minister of Defense Raimundas Karoblis noted that this is a completely new international cyber potential, initiated and led by Lithuania and that each country faces cybersecurity problems.
According to the cybersecurity specialist, Andrei Masalovich, now the problem of protection against cyberthreats is facing not only the poor countries of the Baltic States but even the United States.

President of the Russian Association for Baltic Studies Nikolai Mezhevich believes that the attempts of the Lithuanian leadership to take a leading role in the organization of a pan-European cyber defense are largely dictated by the desire to improve the image of Lithuania.

In addition, according to Andrei Masalovich, the Lithuanian authorities also want to "show their importance" against the background of Estonia.

As for the possible source of the threat, all countries in the CRRT blamed Moscow for cyber attacks. For example, in 2018, the Netherlands accused Russian hackers of attacking the headquarters of the Organization for the Prohibition of Chemical Weapons. In the Baltic States, Russia is regularly suspected of cyberattacks.

Moscow, in turn, calls for the creation of "confidence-building measures in cyberspace" at the global level. This was stated last year by the special representative of the President of the Russian Federation for information security, Ambassador of the Ministry of Foreign Affairs on Special Assignments Andrei Krutskikh.