BlackBerry’s Dmitry Bestuzhev spoke to SiliconRepublic.com about the geopolitical issues that impact Irish cybersecurity and ‘initial access brokers’, which sell stolen data on organisations to aid other cyberattacks.
While Ireland is a small nation on the world-stage, that doesn’t make it safe from the looming threat of cyberattacks.
Reports from earlier this year suggest many Irish businesses have fallen victim to cyberattacks, while larger entities such as Dublin Airport and Munster Technological University have been targeted by attackers in recent months.
A recent Threat Intelligence Report from BlackBerry suggests the threat of cyberattacks remains massive worldwide. The organisation claims to have stopped more than 1.5m attacks worldwide over a 90-day period this year.
Dmitry Bestuzhev is the senior director of BlackBerry’s cyberthreat intelligence division, which focuses on identifying cyberattacks.
Bestuzhev spoke to SiliconRepublic.com about Ireland’s cybersecurity landscape and claimed his division detected roughly 4,000 malicious documents targeting Irish organisations in a two and a half month period. While many of these attacks were prevented, Bestuzhev said each successful attack can prove damaging for organisations and pave the way for future, more intrusive attacks.
Initial access attacks
Bestuzhev said there’s an industry within the cybercriminal space of “initial access brokers”, who focus on gaining access to organisations and stealing relevant information without being detected.
This stolen data can include passwords, cookies, screenshots of relevant information and specific details about employees, such as their IP addresses. Bestuzhev said these brokers then bundle this information into a package and sell it on the dark web or on apps like Telegram.
“So when an attacker buys those credentials, they can emulate that environment to make it [look] exactly the same,” Bestuzhev said.
These attacks act as scouting ventures, which are then utilised by other attackers to get deeper into the networks of organisations and conduct more damaging attacks, such as data breaches and ransomware. This information also makes it easier for attackers to remain undetected when breaching networks.
One example of attackers having long-term access was shown in 2021 when Ireland’s Health Service Executive (HSE) was hit with a massive ransomware attack. An investigation later that year suggested the threat actors had access to HSE systems for two months before they launched the attack.
Bestuzhev said his team found initial access brokers selling data related to multiple organisations in Ireland, including some government agencies like the Department of Foreign Affairs. He also said BlackBerry informed relevant authorities about this issue.
Entering corporate networks
Ireland is known for the high number of multinational companies that set up hubs here. Our location between Europe and the US – combined with an educated workforce – has led to many tech giants placing their European headquarters here.
This connection to other, larger countries adds to the risk of cyberattackers targeting Ireland, according to Bestuzhev. Certain cyberattackers could see Irish offices as an “entry point” to gain access to a company’s network, which can then be used to conduct “lateral movement” into other offices in the US or other countries.
Bestuzhev said geopolitical factors can also be a concern in terms of cyberattacks targeting Ireland. BlackBerry recently claimed a threat actor dubbed RomCom targeted a US-based healthcare company, which provided humanitarian aid to refugees fleeing from the conflict in Ukraine.
“For Ireland it’s hard, because again, helping refugees, hosting companies, like the huge businesses, it’s not because Ireland would be an enemy of someone,” Bestuzhev said. “It’s just a very attractive target, because of all those situations.”
Most targeted sectors
The Irish data Bestuzhev discussed was linked to the Threat Intelligence Report conducted by BlackBerry, which looked at global trends in the cybersecurity sector and the biggest threats it faces.
In terms of industries, this report claimed that organisations in healthcare and financial services were the most targeted worldwide.
“In healthcare, the combination of valuable data and critical services presents a lucrative target for cybercriminals, resulting in ransomware gangs directly targeting healthcare organisations and in the proliferation of information-stealing malware,” the report said.
Unfortunately, these factors have made healthcare a constant target for cyberattacks in recent years. In May, a report by Cork cybersecurity company Smarttech247 claimed Irish hospitals and healthcare providers saw a 60pc spike in attempted cyberattacks over an eight-week period.
Last year, a French hospital was forced to send patients to other institutions after being hit with a ransomware attack, as various systems were rendered inaccessible.
The previous month, the UK’s National Health Service suffered disruptions from a cyberattack, which targeted systems that facilitate patient referrals, ambulance bookings, out-of-hours appointments and emergency prescriptions.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.