Major Incident or Major Yawn?
In early June of this year, the cybersecurity community was shaken by a video released on Telegram and Twitter, allegedly by Pro-Russia cyber threat actors. The video, which featured a series of ominous talking heads against a dark colored background, accompanied by electronic music and an artificially generated voice, issued a foreboding warning of a forthcoming major cyber attack that promised to cripple the European financial system. The viral video spread across all major social media platforms, triggering widespread alarm.
Several weeks later, the anticipated attack materialized as the European Investment Bank (EIB) announced that they had fallen victim to a cyber attack. The threat actors had fulfilled their promise and launched a major attack.
Or had they?
Initially, it seemed like a straightforward case of a malicious group making a threat and fulfilling it. However, as the incident unfolded and HolistiCyber’s analyst team, lead by Managing Director Peter Cohen delved into the details, numerous unanswered questions emerged surrounding the attack. Including the possibility that the video and attack weren’t related at all.
This blog post aims to delve into the incident’s specifics, assess the credibility of the threat, examine the attack methodology, give you HolistiCyber’s opinion, and highlight crucial takeaways for CISOs and organizations.
Questioning the Threat’s Credibility
The video purportedly originated from the groups Killnet/REvile and Anonymous Sudan. (Most experts agree that despite its name, Anonymous Sudan is a Pro-Russia group with no connection to the African country.) While the threat expressed in the video was chilling, several factors cast doubt on the threat’s credibility. First, the video lacked any substantial or easily verifiable clues regarding its origin, making it impossible to know it’s true source. The grainy quality, featuring a speaker wearing a mask resembling those worn by the heavy metal band “Slipknot” against a generic background, could theoretically have been created by anyone with a camera phone and a mask.
Next, the video provided a specific time frame for the threatened attack, claiming it would occur within 48 hours (about 2 days) of the video’s release on June 14th. However, that time window came and went without incident, and the EIB attack didn’t happen until several days later. Additionally, the video mentioned a particular financial entity, the Society for Worldwide Interbank Financial Telecommunication (SWIFT), which remained unaffected by the attack. SWIFT serves as the global messaging network for financial institutions, handling most international money and security transfers. The actual attack targeted the EIB instead, which is only a member client of SWIFT.
Finally, the video explicitly stated that the attack would not be a DDoS attack. The attack against EIB was, indeed, a DDoS attack. Although it temporarily disrupted the EIB website, it did not have a significant impact on core financial operations, as the video predicted. Although a DDoS attack can potentially cause significant disruption to a network, it would not on its own be capable of bringing down the entire global financial network.
One more point, HolistiCyber’s cyber analysts note that if a threat group was really planning an attack of the magnitude threatened in the video, it’s unlikely that they would broadcast a warning first.
So, who launched this attack, and what was their motive? One possible speculation suggests that the video and subsequent attack might be part of a broader psychological operation (PsyOp). By making a series of false threats, malicious actors sow chaos and confusion. When the threatened attacks don’t materialize, cybersecurity professionals may be lulled into a state of complacency. This in turn renders organizations more vulnerable to future, more severe attacks.
While this remains just an interesting theory with no real proof, it does underscore the importance of maintaining constant vigilance, even when the perceived threat appears to have subsided.
The bottom line is that there is no definite way to know what group released the June 14th video, or if the subsequent cyber-attack against EIB was connected to the video or an entirely separate event.
Key Takeaways for CISOs: Prepare, Prevent, Prioritize
After reading the evidence and concluding that this was all just a relatively insignificant incident, CISOs may be tempted to feel dismissive of all this. While HolistiCyber’ analysts agree that it is crucial not to spend time chasing after the latest threat or news headline in a panic, this is a good opportunity to review the best practices that offer the highest protection against a cyber attack.
Don’t Be Scared, Be Prepared: Rather than dismissing incidents as insignificant, view them as opportunities to reinforce internal cybersecurity practices. Develop and execute a robust, adaptive cybersecurity plan that aligns with your organization’s unique circumstances. Regularly review and update your security plan, conduct employee training sessions, and ensure all network systems have up-to-date patches installed.
Verify Threat Credibility: When confronted with headlines and rumors of active threats, maintain discipline and rely on reputable sources. Consult with cybersecurity professionals to validate the credibility of reports and avoid being swayed by potentially sensationalized information. Even when not facing a particular threat, it’s important to understand your network well enough to evaluate which vulnerabilities are relevant to your organization.
Prioritize Preparedness: Cyber threats are multifaceted and can exploit various attack vectors. Stay informed about emerging threats and prioritize regular security assessments. Remain vigilant against all potential attack avenues, keeping a proactive stance to ensure readiness. Engage an independent company to perform regular red team and penetration tests to evaluate your organization’s defenses.
Want to learn more about how HolistiCyber can help your organization stay prepared to defend against nation-state grade cyber attacks? Contact us.