The Georgia cyberattack that took more than 2,000 websites and a national TV station offline has the hallmarks of a nation-state attack, according to cybersecurity experts.
Targets of the cyberattack, which took place yesterday, include government agencies, local newspapers, banks and TV stations.
More than 15,000 websites in the country are said to be affected, including court websites containing case materials. Critical infrastructure seems to be unaffected.
An image of former Georgian President Mikheil Saakashvili accompanied by the caption “I’ll be back” appeared on many website homepages caught up in the attack, the BBC reports. Saakashvili is wanted in Georgia to face criminal charges, which he says are politically motivated. He is currently in exile in Ukraine.
Attribution of cyberattacks is notoriously difficult, with the perpetrators of most incidents going unnamed – at least officially.
But the scope, scale and complexity of the Georgia cyberattack indicate another country is likely to be behind it.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataProfessor Alan Woodward, cybersecurity expert at Surrey University, tweeted that the Georgia cyberattack “took some serious resources to orchestrate and sent a very scary message”.
He told the BBC that “with the scale and the nature of the targets, it’s difficult not to conclude that this was a state-sponsored attack”.
Georgia suffered a major attack. Over 2000 sites penetrated and taken down including government, law enforcement and media. This took some serious resources to orchestrate and sent a very scary message.
— Alan Woodward (@ProfWoodward) October 28, 2019
“No point looking far from Moscow for a culprit”
Malcolm Taylor, head of cybersecurity at cyber consultancy firm ITC Secure said we should be asking who stands to gain from the Georgia cyberattack.
“The victim of the attack may have been Mikheil Saakashvilli himself; pro-western, pro-Odesa, exiled from Ukraine and certainly no friend of Moscow, he is now pictured globally in a faintly ridiculous pose riffing on the Terminator – not a good look for a politician,” the former British intelligence officer told Verdict.
“He also may get the actual blame; surely some Georgians will believe him responsible. He can’t gain from this. So yes, I think a state attack looks very likely – this looks like a political act. In 2008 Moscow admitted that individuals in Russia had undertaken cyberattacks against Georgia (fortuitously for Moscow just as the two countries went to actual war).
He added: “Georgia has local significance only, in a geopolitical sense. We know the GRU and FSB have active cyber units. We know Russia doesn’t forget or forgive easily. I therefore see no point looking far from Moscow for a culprit.”
Jonathan Knudsen, senior security strategist at cybersecurity firm Synopsys, said: “The cyberattacks in Georgia demonstrate once again the shaky infrastructure upon which so much of our world is built. We use software to do business, to run government, and to communicate.
“Software is critical infrastructure, but the functionality we’ve assembled has far outpaced our ability to make it secure and resilient.
“Such a coordinated, widespread attack almost certainly is the work of another nation state, and is likely intended to promote the attacker’s geopolitical agenda.”
Georgia cyberattack: The common thread
Georgia’s Ministry of Internal Affairs has launched an investigation into the cyberattack.
The common thread for the affected websites appears to be that they were hosted on web hosting provider ProService, ZDNet reports.
Forbes reports that ProService posted the following message on its homepage, which has since been taken down:
“As of October 28, 8:00 pm, more than 50% of web pages hosted by company-owned servers have been restored. The company is actively working to eliminate the problem. The process will continue all night long and web pages will be restored by the end of tomorrow. ProService expresses its deepest condolences to the owners of all its dedicated web servers and thanks everyone for their support and assistance during these difficult times.”
Read more: UN phishing attack: “Few organisations on the planet with more to lose”