Norway has blamed Russia for the August cyberattack that targeted the email system of the country's parliament. "Based on the information the government has, it is our view that Russia is responsible for these activities," Foreign Minister Ine Eriksen Soreide said in a statement, the Moscow Times reports.
"This is a very serious incident, affecting our most important democratic institution," Eriksen Soreide said.
The Russian embassy in Oslo rejected the accusation and described it as a "serious provocation." "No proof has been presented. We consider such accusations against our country as unacceptable. We consider this a serious and willful provocation, destructive for bilateral relations," the embassy stated on its Facebook page, adding it expected Oslo to provide "explanations."
According to Brandon Hoffman, Chief Information Security Officer at Netenrich, a San Jose, Calif.-based provider of IT, cloud, and cybersecurity operations and services, "anybody and everybody is a target for Russian state sponsored cyber efforts. Regardless of alliances or allegiance, Russia desires information. They know that having access to more information allows them to play the game more effectively, and they have never been shy about playing the game. Considering the vast array of cyber units, it's hard to describe a unique TTP that can be attributed to Russia. Rather, all available targets are opportunities. It wouldn't surprise one to find out that some units are tasked specifically with finding targets, classifying the difficulty and value, and passing the target on to a different unit. These would be reconnaissance units, not so different than traditional military operations.”
Mohit Tiwari, Co-Founder and CEO at Symmetry Systems, a San Francisco, Calif.-based provider of cutting-edge Data Store and Object Security (DSOS), notes that being resilient to nation-state level attacks will take a long time (potentially decades). "But the move has to start now, with the most critical assets being moved out of legacy systems that are exposed on the internet to ones where we can put modern guardrails around them. For example, placing legacy windows machines in more trustworthy hypervisors, enclaves, or virtual desktops; placing valuable data inside better protected data stores; protecting identities using external devices instead of relying on people to not get phished; and directing detection-response measures towards assets that matter most.”
Daniel Norman, Senior Solutions Analyst at the Information Security Forum, a London-based authority on cyber, information security and risk management, explains that in many cases, government agencies have digitized to the same degree a normal organization would have – this means they are open to a range of cyber attacks, both sophisticated and simple.
Norman adds, "When government agencies report that they have been hit by a ‘sophisticated attack,’ specifically for data breaches, they don’t typically mean high-end technical disruptive attacks like DDoS; they typically mean a nation state have played the long game with significant investment and people-power to perform reconnaissance and then perform espionage or steal state secrets. The attacking state will build user profiles, understand patterns of behavior and then they will target the most influential individuals, or ones most likely to slip up. The easiest method of entry is still phishing attacks, where malware can be installed onto a device, or social engineering to steal credentials for privileged access. Data can then be surreptitiously exfiltrated – without strong DLP or a robust SOC, the government agency wouldn’t have known they were attacked until their own strategies begin to unravel. All of this can be undertaken over a period of months or years, with millions of dollars of investment.”