After a major cyberattack on the information technology (IT) systems of the enterprise 'Latvijas Valsts meži' (LVM), Prime Minister Andris Kulbergs demanded that all ministries provide information on how they and their subordinate institutions ensure the security of state IT systems and data.
The Prime Minister emphasized that this incident demonstrates an absolutely irresponsible attitude towards national security.
In turn, cybersecurity expert Elvis Strazdiņš reported that the hacker exploited a vulnerability in software that had not been updated for a whole seven years, raising serious concerns about the cybersecurity of IT systems in public administration.
The hacker who attacked LVM began committing cybercrimes just a year ago. Information about him is widely available, as the hacker described every step of the attack.
"We can see quite clearly that he exploited a lot of vulnerabilities in the software. The most significant one he started with was 'GEO', where a vulnerability had existed for two years that should have been fixed. As far as I know from internal information, the latest version was installed on almost all servers, but one server still had the old version. This server was used.
Then a series of vulnerabilities in the old software were exploited, with one vulnerability dating back to 2019, meaning the software had not been updated for seven years," noted the cybersecurity expert.
The hacker managed to steal about 7,000 employee passwords; however, some of them may be old. Strazdiņš reported that the attacker also left malware on the servers, but worst of all, the hacker encrypted all the data and deleted the backups.
"The Ministry of Agriculture states that no ransom was demanded, and I know this from many people involved in this case and working in the ministry. But I disagree with this because in his description of the attack, the hacker specifically states that to retrieve the data, that is, to obtain the key to decrypt the encrypted data, one must contact him. He also left his contact information. Therefore, he is demanding a ransom," emphasized Strazdiņš.
The attacker is interested in money, and the expert does not rule out the possibility that he may attempt to sell the stolen information to unfriendly countries, writes the portal lsm.lv.
