Cyberattacks on Czech Targets Above Average Again

According to the National Cyber and Information Security Agency (NCISA), the number of cyber incidents in the Czech Republic in June this year was above average. The agency recorded 22 attacks, including servers of government institutions. None of them, however, fell into the category of significant. NCISA informed us about it on its website. May was also above average, with 19 cyber incidents recorded. March was record-breaking, with 28 incidents recorded by the agency.

In June, cases where the availability of services was disrupted dominated again. NCISA classified nearly half of the incidents in this way. Most often, DDoS attacks (Distributed Denial of Service) targeted mainly state administration institutions.

A DDoS attack always has the same scenario. Hundreds of thousands of computers, and sometimes millions, start accessing a specific server at once. Usually, it cannot process so many requests, and it crashes. For ordinary users, the website that has been attacked this way appears unavailable.

This method belongs to one of the most commonly used types of cyber war attacks parallel with the Ukraine conflict. “The attacks began in February this year and targeted DNS servers of institutions every month in an attempt to overwhelm them. However, unlike hacktivist campaigns, no actor claims responsibility for them,” the agency said.

The primary Weapon of Pro-Russian Hackers is DDoS Attacks. Czechia is not Safe from Viruses Either

This time, the numbers also reflected a rise in ransomware attacks. They can make a mess on the attacked computer. First, they encrypt all data stored on the hard drive. Attackers then demand a ransom, often several thousand crowns, to make the data accessible.

Even after paying the ransom, users may be unable to access their data. Instead of paying the ransom, it is necessary to uninstall the virus from the computer. However, in most cases, it is impossible to access unprotected data.

“Ransomware PLAY was most commonly used in incidents. Of the six June cases that NCISA dealt with, PLAY was responsible for three,” the agency said.

PLAY is characterized by its high operational tempo. According to the agency, it has had at least a hundred victims in a year, and their numbers continue to grow. The geographical distribution of attacked organizations shows that the Czech Republic is high on its operators’ target list.

Because attackers will likely continue their activities against Czech targets in the short term, the warning about the increased risk of ransomware attacks remains valid, according to NCISA. It was issued in June.

Critical Vulnerabilities

The warning also includes, among other things, a list of critical vulnerabilities currently being exploited by ransomware actors in the Czech Republic and the world, which it recommends checking.

According to NCISA, the numbers of recorded cyber incidents this year were “in waves.” In January, the agency recorded an above-average number of 21 incidents. In February, they fell to an average of 13, but in March, there were a record-breaking 28. April returned to the average with 14 recorded incidents. In May, there were 19.