Update from the Government Plenipotentiary for Cybersecurity
06.05.2022
The frequency of DDoS attacks, the target of which are national institutions and entities has recently increased. This may cause difficulties in accessing the services provided by the website. The attacks do not affect the confidentiality of data processed by the attacked entities. The situation is monitored on an ongoing basis – inform the specialists from the CSIRT teams at the national level.
DDoS (Distributed Denial of Service) is a distributed attack on computer systems or a network service intended to disrupt their correct operation. As noticed by the experts, unsophisticated, violent DDoS attacks on the websites of institutions and other national entities have been observed by relevant services since the very beginning of the armed conflict in Ukraine. The Russian-speaking hacktivist groups, that target websites they consider important, admit that they are responsible for the current wave of attacks. Poland is not the only country where such a scenario is observed. Other countries or international organisations that openly condemn Russian aggression in Ukraine are also affected.
The hacktivist groups, via instant messaging, inform about the directions of their actions or their targets. Surveys are also conducted to select the next victim. Threats and expectations related to the current policy of Polish government have also been published on several occasions.
So far the hacktivist groups have listed, inter alia, the websites of the Polish National Railways (PKP), Polish international airports and the Border Guard as potential targets of their attacks.
The CSIRT teams that operate within the national cyber security system monitor the situation related to the direct impact of a number of the aforementioned incidents on the stability of the entire system. Appropriate recommendations have been issued for the administrators of the websites of the entities at high risk of that type of attacks. Each business owner should become familiar with a set of good practices developed by the Office of the Polish Financial Supervision Authority related to self-assessment in terms of resistance to potential DDoS attacks.
A CHARLIE-CRP alert level applies throughout the country until 15 May. This means that fraudulent attempts or attacks that refer to the context of the war may occur online. Both organisations and citizens should be extra vigilant and pay attention to events that may potentially theraten security. Should you come across suspicious content, always follow the procedures at your workplace or report it directly to the relevant CSIRT team:
CSIRT NASK – incydent.cert.pl
CSIRT GOV - incydent@csirt.gov.pl
CSIRT MON - csirt-mon@ron.mil.pl