Ireland could be vulnerable to cyberattacks from Russian groups, warns security expert

ireland
Ireland Could Be Vulnerable To Cyberattacks From Russian Groups, Warns Security Expert
Cyberspace has long been considered the fifth domain of war; after land, sea, air and space, and a lot of countries are not well-equipped to face this kind of attack. Photo: File image
Share this article
James Cox

Following Russia's invasion of Ukraine, fears have been expressed over cyberattacks emanating from the country.

While obvious targets include the likes of the United States, and Ukraine itself, all countries in the European Union will be cyber targets following sanctions on Russia.

Advertisement

Cyberspace has long been considered the fifth domain of war; after land, sea, air and space, and a lot of countries are not well-equipped to face this kind of attack.

Ireland's cybersecurity vulnerabilities were exposed last year with the devastating cyberattack on the Health Service Executive, with the fallout still ongoing.

Meanwhile, fears have been raised in the Dáil and the Seanad, and among cybersecurity experts, about potential cyberattacks on Ireland in the wake of the conflict in Ukraine.

Dr Paolo Palmieri, a cybersecurity lecturer at University College Cork (UCC), told BreakingNews.ie that while a cyberattack may not come directly from the Russian state, Ireland and other EU countries may be targeted by state-sponsored or sanctioned groups.

Advertisement

"In cyberspace there are a lot of actors. Of course there are state actors… Russia for sure, but also the US has a sizeable cyber warfare operation, Israel is known for that, any major country will have cyber warfare operations.

"State actors are a big factor in cyberspace, but they’re not the only ones, there are also semi-state organisations, groups of malicious actors that are not directly linked to governments, but governments acknowledge their existence and perhaps offer some support if they do something that involves their interests.

Malware

"For example a criminal group developing malware, they may not be directly linked to a government, but the government may be aware of them, and use them in a way to launch an attack. There are also completely independent actors, people with strong political views, strong affiliations, they’re normally called hacktivists in the community. Those will launch attacks without having been directed to do so, just because they see the world in a particular way, so it is of course possible that Russia may also attack, but I wouldn’t see it as likely as Russia as a state, that their own cyber warfare operation will attack anybody other than Ukraine."

He added: "Certainly there will be other groups that will be more or less affiliated, sometimes not affiliated at all, that may still attack because they see the sanctions as unjustified or aggressive, and they may decide to take action on their own behalf.

Advertisement

"We are already seeing some activity, but it’s always difficult in cyberspace to properly attribute attacks. Attackers, and malicious actors, will always do their best to try to hide who they are and where the attack is coming from, so attribution is always a difficult task in cyberspace."

Dr Palmieri said certain countries, including Russia, have a loose policy of allowing groups of cyber criminals to operate without fear of punishment as long as their targets are outside the country.

"It’s always difficult to know exactly what is going on, there is definitely a certain level of impunity in countries such as Russia, Russia is not the only one, when it comes to cyber groups, the sort of deal is as long as you don’t attack our own interests then we will turn a blind eye.

"Malware in the past has been programmed to check the language on an operating system it targeted, and if the language was Russian for example, they would disable themselves, and not carry out a malicious operation.

Advertisement

"It benefits the criminal groups in the sense that they will not attract police attention where they live. Police are less likely to investigate a cyberattack carried out abroad, even if it originated in their own country."

While countries will be focused on protecting critical infrastructure, such as their health systems and energy supplies, Dr Palmieri said smaller businesses and organisations could be hit with cyberattacks.

"There has been talk of the US launching cyberattacks on Russia, Joe Biden may decide against it, but he was presented with options on several potential cyber targets in Russia as a way to counter the offence in Ukraine.

"There is so much focus on critical infrastructure in countries, the Russians will be protecting theirs as every country will be in fear of a potential wave of attacks.

Advertisement

SMEs

"The focus will be on that type of attack, and it is certainly possible there will be less focus on non-critical, small commercial operations. The average company, the SMEs, they may not receive the same level of attention from cybersecurity centres around the world.

"There is certainly a possibility that regular cyber criminals may see this as an opportunity to attack given the confusion and the focus on critical institutions."

Dr Palmieri warned that businesses and individuals must accept that the threat of cyberattacks is not going away.

"Cybersecurity is always a cat and mouse type of area, where the attackers will find new ways to attack and to protect systems counter measures are needed to prevent, deter or stop attacks from happening. The technologies we are using now are so complex and diverse, in the past it was probably one desktop computer at home, now every one of us has so many different digital devices. We call this abundance of targets the ‘attack surface’, the attack surface is everything that is available to an attacker to hack, this is getting larger and larger, harder to defend."

With this in mind, he said businesses are becoming more aware of the need to spend money on cybersecurity.

"There is much more awareness of cybersecurity issues now, and the risk, so these devices are more secure than a few years ago as companies are investing more in cybersecurity and so on, but still the more devices you have the more you are exposed.

"It’s unfortunate, but the reality is every person, as an owner of a bank account, devices, and every company no matter how small, they are unfortunately potential targets for cyber criminals.

"I understand cybersecurity is a cost. In that way it’s similar to insurance. You don’t get anything unless something bad happens. A few hundred euros where you don’t see a benefit from unless something bad happens. In that way cybersecurity is the same, you spend a bit of money hoping nothing will happen, and trying to prevent it from happening, but if you’re lucky nothing may happen, and you could see that as an unnecessary cost, but the reality is given the ease how the attack spreads, it is unlikely a company or person can consider themselves completely secure without some cybersecurity defences."

While crashed banking systems and power grids come to mind when people mention cyberattacks, Dr Palmieri explained that they are unpredictable in their very nature and can have knock-on effects.

"It’s hard to target and attack precisely, as it is in regular warfare, unfortunately we have seen in many recent wars, when a missile is launched it may or may not hit a target precisely, and even when it does, it still causes civilian casualties. The same applies in cyberspace.

"A very famous malware launched in 2010, was aimed at disabling Iranian uranium enrichment facilities, this malware, there is consensus among the cyber community (although no firm evidence) is that it was a collaboration between Israel and the US. The malware was successful in that it damaged the turbines used in the uranium enrichment facility but in doing so it infected thousands of other computers in unrelated countries, including the US itself. Indonesia was badly affected by this act."

Misinformation is often weaponised to promote political agendas, and Dr Palmieri said this has been evident in Russia's invasion of Ukraine.

"What we can see is a huge increase in misinformation, which is spread by a lot of different parties for a lot of reasons. There are a lot of fake videos circulating, as crazy as it sounds even video game footage posted implying it's from the conflict, with CGI it can be hard to detect it’s fake on mobiles. One explosion that happened quite a while ago at a gas plant in a different part of the world is being claimed as a current attack on a Ukrainian city, sometimes these are orchestrated in misinformation campaigns, sometimes it is people who want to insert themselves in the conversation for attention."

Dr Palmieri feels there is much more awareness of cybersecurity in Ireland since the HSE cyberattack, among Government, businesses and individuals.

National Cyber Security Centre

He said the Government's investment in the National Cyber Security Centre was a positive.

However, he said more investment would be needed, both in terms of personnel and resources, and pointed to the problems experienced in filling vacancies in the organisation.

"The HSE cyberattack was a strong wake-up call if one was needed, so definitely there is more awareness.

"It is slowly translating into more investment. The Government is spending and has started to increase the resources in the National Cyber Security Centre, but this is a slow process, and we are probably lagging behind other countries.

"There is a bit of reluctance to invest in security because it is seen as quite close to the military and obviously Ireland is a neutral country and doesn’t invest as significantly in these areas.

"The National Cyber Security Centre needs more people, that’s a fact. I know they had been looking for a new director for a long while, they had to increase the salary as it was not competitive on the international market to attract external expertise. They managed to hire a new director who held the position before.

"We are still struggling to attract expertise in cybersecurity, to retain it in these national entities which are fundamental, a country needs a national cybersecurity centre. This should provide infrastructure and strategy to defend all the systems.

"The ones that are the most critical should be protected the most - energy infrastructure, the health system and so on - but they should provide advice to anybody, small companies, users, and we need people to do that. Unfortunately people with these expertise are rare, and it will require an extra financial effort from the Government to ensure these expertise in the National Cyber Security Centre and other organisations.

"In universities we are doing a lot of research on cybersecurity that will need to be supported as well. Ireland is basing a significant portion of its economy on the digital economy, if you want to be attractive to digital companies and retain ones that are already here we have to show them Irish cyberspace is safe to operate in.

"We need to train people to work in the sector, educate individuals to protect themselves, we need companies, institutions and governments to understand the importance of this, we are getting there. We aren’t there yet, but I’ve seen a lot of progress in the last five to 10 years.

"Other neutral countries, like Switzerland, invest heavily in defence capabilities including cybersecurity."

Read More

Message submitting... Thank you for waiting.

Want us to email you top stories each lunch time?

Download our Apps
© BreakingNews.ie 2024, developed by Square1 and powered by PublisherPlus.com