Tucked-in safely within the oyster that is our peninsula, the Balkan countries are out of reach from big bad cybercrime, right?
Well, a trip back to recent history might prove that wrong. If so, do we have mechanisms in place to ensure cybersecurity?
Let’s review some regional cybersecurity 101 in the latest interview of our Let’s Talk About series with Mr. Andrej Petreski – Regional Cisco Representative and AmCham Digital Transformation Committee Chairman.
Just a month ago, there was a specific “anniversary“ in North Macedonia. Last year in July, our country was a victim of a sophisticated cyberattack that affected a very important public process. Just as a reminder for those who forgot (and honestly – who remembers cyber-attacks except their victims) the website of the National Election Commission crashed on election night and was out of function for several days, significantly disrupting the election process. It took days for the website to be recovered and the official results to be published online. That very same night, the biggest news aggregator in the country, the TIME.mk portal, was attacked from more than 35 million web addresses worldwide, by a hacker group called ‘Anonopsmkd’, who took responsibility for both attacks. As far as I know – the groups or persons behind the DDoS attacks that disabled the most important website in the country at that moment and most visible news portal, are still not identified.
Inspired by the abovementioned “anniversary” – I wonder how safe our region is when it comes to cybercrime?
Although the Balkans (with a focus on WB6 countries) are still on the periphery of global cyber warfare – it doesn’t mean they are safe. However, deep and serious digital reforms are underway all around us. This short overview of the bad and good guys can help us understand the situation a bit better.
The Bad Guys
In the early months of the Covid-19 outbreak, Slovenia, Serbia, Croatia, and North Macedonia have been victims of a phishing campaign with fake emails supposedly coming from government health authorities, aiming to mislead the reader to register for free protective gear. The registration link in the emails contained malware that would damage the victims ‘computers and networks.
Cities are legitimate hackers’ targets. The background of such attacks often remains unclear – but it is always somewhere between politics and “classic” blackmail. For example, Novi Sad, one of the largest cities in Serbia, was a victim of a ransomware attack where the attackers asked for 400.000 EUR from local authorities to re-establish access to the public data system.
In May 2020, a Greek hacker group called ‘Powerful Greek Army’ hacked dozens of e-mail addresses and passwords of employees in the Ministry of Finance and Economy in North Macedonia and the Municipality of the eastern town of Strumica.
In 2019, in neighboring Bulgaria, more than five million people had their data stolen in a breach of the national tax agency. Romania on the other hand was “lucky” because should have the massive ransomware attack on hospitals across the country in 2019 happened during the COVID-19 pandemic, the consequences for the health system in the country could have been beyond repair.
Montenegro is on the attackers’ map as well. Official sources report more than 7600 identified “non-targeted” malware threats and several high-profile cyber-attacks as well. The lack of cybersecurity experts is not the case just in Montenegro but in other countries of the region.
Cybersecurity is a super dynamic field where the situation changes on a daily level. In that complex game, countries are usually on both sides at the same time occasionally being the source of cybercrime and a firewall against it. That situation is evident almost everywhere – both globally and regionally.
Albania, despite being a country with a mature cybersecurity status in terms of procedures, acts, resources, institutional readiness, and preparedness, has nevertheless been one of the top five sources of cyber-attacks in Europe in fall 2020. On the other hand – Albania has made four extensive cyber police actions in 2020 targeting children pornography, personal data theft, etc. As a country with 63.25% of the population with Internet access – Albania takes cybersecurity seriously.
Content farms from Macedonia that, together with farms from the Philippines were involved in spreading of Covid-19 disinformation and conspiracy theories and thus banned from Facebook – is just one of the many examples.
Finally, I will note the cyber-attacks on two popular internet portals in Bosnia and Herzegovina – Buka and Journal, which were sharply condemned by OSCE just to make this picture complete.
The Good Guys
This is, however, just one side of the coin. The other side is a network of organizations and institutions involved in regional security, that together with legislative acts, bylaws, digital strategies, digital agendas, action plans, and other documents and procedures, make a complex regional cybersecurity system.
That system, although not visible at a glance, is an effective firewall against cybercrime in the region. The simplest way to understand the complex situation is to read and compare national reports on Cyber Capacity Maturity Model (CMM) that are regularly published on the Global Cyber Security Center.
A thorough evaluation of these reports would require a much longer text than this one, but, briefly, the regional comparison reveals the cyber maturity status of WB countries.
We can see that technology, opposite to popular belief, is just one aspect of the story. Efficient cybersecurity requires standards, policies, education, strategies, and above all – education. At the end of the day, the most effective defense against cybercrime is a firewall of people – and that is, in my opinion, the most valuable resource one country can have when it comes to cybersecurity.
The figure above, based on available national reports, shows that there is a large space for improvements in the entire region. It is important to understand that cyberspace cannot be sealed within national geographic borders and that the spillover effect is something we must always count on. Regional cybersecurity requires a high level of cooperation and confidence, together with concrete synchronization of actions and procedures between WB6 countries. So, in a nutshell – we must cooperate because if we don’t, we will all become victims sooner or later.
The EU cybersecurity strategy published in December 2020 expressly stated that “EU cyber capacity building should continue to focus on the Western Balkans and in the EU’s neighborhood […] The EU efforts should support the development of legislation and policies of partner countries in line with relevant EU cyber diplomacy policies and standards”. It means that the entire WB region on its way to the EU – must take cybersecurity very seriously.
Moreover, the recent EU economic and investment plan for Western Balkans – an umbrella document for the entire EU-supported economic development in the region, outlines the investment frame in the regional cybersecurity infrastructures. EU calls the WB countries to focus on reform priorities, including “cybersecurity capacity and the fight against cybercrime, especially by implementing the EU toolbox regarding cybersecurity risks to 5G networks”
Therefore, cybersecurity slowly but irreversibly becomes one of the important topics in the EU accession dialogues. It exceeds the frames of personal, corporate, and even national cybersecurity and becomes an umbrella for overall regional security and compliance with EU standards and efforts.
The abovementioned example of Slovenian CERT (Computer Emergency Response Team) that cooperated with Serbian and Croatian colleagues to stop phishing disinformation campaigns during the outbreak of the Covid-19 pandemic is a good example of regional best practice. One of the most obvious consequences of the COVD-19 crisis is that it has accelerated digital transformation dramatically – and, together with it, a level of regional coordination as well.
Finally, we should not forget that cybersecurity is a matter of all of us. The examples given here do not mean that cybersecurity is a task for some mysterious secret agents and national infrastructures to deal with. James Bond will not resolve your online identity theft or corporate data system breach. We must all act responsibly and be educated and ready to identify the cyber-attack, report it promptly and react accordingly.