According to the National Office for Cyber and Information Security (NÚKIB), some Czech websites have been attacked by hackers. The authorities assess the situation but have not yet registered any severe impacts. The authorities also mentioned their cyber-attack warning about the events in Ukraine on it.
Czech Railways has been dealing with outages of its My Train mobile application since Tuesday, said Lukáš Kubát, a spokesman for the railways. The online purchase of tickets is not working, and there are also problems with the search for connections. The carrier is working on fixing the issues, Kubát said.
According to the NÚKIB, the attacks are DDoS (Distributed Denial of Service) attacks. These always have the same scenario: hundreds of thousands of computers start accessing a specific server at one moment. The server is usually unable to process such a large number of requests and crashes. For ordinary users, the compromised website then appears to be inaccessible.
Cyberwar threatens the Czech Republic
At the end of February, the NÚKIB warned of “the growing threat of cyber attacks and cyber espionage linked to the ongoing armed conflict between the Russian Federation and Ukraine.”
As part of this warning, the authorities urged organizations and companies to “be vigilant against the most commonly used attack techniques and to update information systems and their components to avoid exploiting known vulnerabilities.” The call directly affects the media, which could also be targeted, according to the NÚKIB.
“We are issuing this warning as a precautionary measure because the threat has risen above normal levels given the current situation,” said Karel Rehka, director of the NÚKIB. He stressed that the authority “assesses the threat at the critical level in probability.”
The warning issued by the NUCIB must be addressed by administrators and operators of systems regulated by the Cybersecurity Act. “In particular, they must consider the described threats and take adequate measures. We also recommend that organizations not subject to the Cybersecurity Act take the warnings into account and implement adequate measures,” said Řehka.