Cyber assaults on Romania's health and energy sectors are on the rise, according to DNSC reports
In 2024, Romania faced a significant surge in cyber threats, with the health sector, public administration, and energy industry being the most targeted. The National Cyber Security Directorate (DNSC) released its 2024 activity report, detailing diverse and severe attacks including ransomware, DDoS, website defacements, data exfiltration, and brute-force attacks.
The primary sources of these attacks often originated from IP addresses linked to Russia, with specific aggressive ransomware groups such as "Interlock" focusing heavily on the health sector. The Interlock ransomware gang is noteworthy for launching double-extortion attacks that encrypt data and steal it for extortion, severely impacting patient privacy and service continuity in healthcare.
Ransomware remained one of the most persistent and serious phenomena in Romania, with a total of 101 incidents detected and handled in 2024 by the DNSC. DDoS attacks were disruptive network flooding attacks aimed at critical infrastructure like Bucharest City Hall and transportation systems. Website defacements and encryption affected government and public entities, undermining trust and operational capability. Exfiltration of sensitive data targeted health and public administration databases, while brute-force attacks focused on the login credentials of key institutions such as university and railway authorities.
Public administration is often the target of cyber attacks, which have a direct impact on services and citizens' trust. The low level of awareness among the general public and the limited interest of management regarding cyber threats amplify existing vulnerabilities. Notable incidents included website defacements, encryption, and exfiltration of sensitive data targeting the infrastructure of Bucharest City Hall, Bucharest Transport Company, Romanian Railway Authority, and University of Bucharest, originating from IP addresses hosted in Russia.
The energy sector remains a priority target for attackers aiming to test, disrupt IT/OT infrastructures, and obtain financial gains. The health sector faces significant threats due to the large volume of sensitive data and underfunded critical infrastructure.
In response to these threats, the DNSC recommends several countermeasures. These include the implementation of multi-factor authentication across all critical accounts and privileged users, the use of virtual private networks (VPNs) and securing email systems, continuous patch management, backup of critical systems, and regular backup testing to ensure system recovery after an attack. The DNSC also encourages active participation in information-sharing communities and the development and routine testing of incident response plans, along with ongoing cybersecurity awareness training for staff.
Romania, the Republic of Moldova, and Ukraine held a trilateral working meeting for the creation of a regional cybersecurity alliance to counteract Russian cyber threats through shared intelligence and technical support. The report further specifies that the phenomenon is worsened by increasingly complex attacks carried out by malicious actors with advanced capabilities.
As the global cost of cybercrime is projected to rise dramatically, the need for enhanced cybersecurity measures in Romania’s vital sectors is more critical than ever. The DNSC is involved in regional cooperation efforts with Moldova and Ukraine to counteract Russian cyber threats through shared intelligence and technical support.
- The health-and-wellness sector in Romania is under severe threat as aggressive ransomware groups like Interlock, often linked to Russia, focus on encrypting and stealing data for extortion, posing significant risks to patient privacy and service continuity.
- The energy industry also remains a prime target for attackers, with the aim to test, disrupt IT/OT infrastructures, and obtain financial gains.
- In the political realm, Romania, the Republic of Moldova, and Ukraine have held a trilateral working meeting for the creation of a regional cybersecurity alliance to counteract Russian cyber threats through shared intelligence and technical support.
- As the global cost of cybercrime is projected to rise dramatically, it is essential for Romania to strengthen its cybersecurity measures, particularly in vital sectors like finance, technology, and general-news industries, to mitigate these threats.