A cyber attack on the Norwegian government has caused significant damage, impacting 12 government ministries. The attack, which occurred on Monday, prompted the immediate assembly of a crisis staff to handle the situation. The government minister overseeing the response described the attack as “extremely serious,” but reassured the public that day-to-day operations are continuing as normal.
The Norwegian National Security Authority (NSM) has confirmed that the attackers exploited a zero-day vulnerability in Ivanti’s Endpoint Manager Mobile (EPMM) solution. This allowed them to infiltrate a software platform used by the 12 affected ministries. However, critical institutions such as the Prime Minister’s Office, the Ministry of Defense, the Ministry of Justice, and the Ministry of Foreign Affairs were not impacted.
The attack highlights the growing concern of supply chain attacks. Cybersecurity experts emphasize the importance of monitoring traffic and implementing controls to prevent harm caused by vulnerabilities in third-party suppliers. While using outside vendors is common in the modern world, organizations must ensure they have measures in place to protect themselves and their customers.
This is not the first cyber attack to hit Norway in recent years. In 2021, the Norwegian Parliament’s email systems were targeted by groups with ties to China. In 2022, a pro-Russian hacker group known as Killnet launched a denial of service (DDoS) attack against Norwegian public service websites. These incidents underline the urgent need to assess and mitigate security vulnerabilities in suppliers.
Mark Watkinson, Head of Market Insights at Adarma, warns that supply chain attacks are a significant concern for organizations and their customers. Cybercriminals exploit the trust between vendors and clients, making these attacks appealing for maximum impact. As organizations expand their supply chains, they inadvertently expose themselves to greater risks. Watkinson stresses the importance of implementing a thorough vetting process for vendors and having a robust incident response plan.
Chris Hauk, a consumer privacy champion at Pixel Privacy, highlights the need for organizations to keep their systems updated and conduct regular supply chain checks. He praises the government official’s transparency in acknowledging the mistake and promptly fixing it. Hauk emphasizes the importance of maintaining security across the entire supply chain.
In light of this attack, cybersecurity companies are urging organizations to develop robust security governance frameworks. The European Union has implemented the NIS2 directives, requiring companies, operators of essential services, and digital service providers to assess the vulnerabilities of their suppliers and consistently update their security measures. Failure to comply with these regulations could result in significant fines.
Jamie Akhtar, CEO and co-founder of CyberSmart, suggests that this attack bears the hallmarks of a state-sponsored attack due to Norway’s geopolitical position. He urges all organizations to pay close attention to the security levels across their supply chains and ensure robust security controls are in place. Small businesses must also prioritize security in order to protect themselves and their larger customers.
Nadir Izrael, CTO and co-founder of Armis, warns that attacks on government agencies are becoming more common and persistent. These attacks can have widespread disruption and impact on critical infrastructure and society. Izrael emphasizes the need for government agencies to prioritize proactive measures, such as gaining visibility into the entire attack surface and implementing real-time insights.
Brad Freeman, Director of Technology at SenseOn, highlights the potential geopolitical motives behind the attack. Norway’s status as a strategic supplier of Oil & Gas to Europe aligns with the interests of the Russian state. Freeman draws parallels to previous attacks on the US Department of Energy, where vulnerabilities in software solutions were exploited. He suggests that this attack may be related to similar motives.
In conclusion, the recent cyber attack on the Norwegian government highlights the growing concern of supply chain attacks and the need for organizations to assess and mitigate security vulnerabilities in their suppliers. It serves as a reminder for organizations to prioritize cybersecurity and take proactive measures to protect themselves, their customers, and their critical infrastructure from evolving threats.