Global Courant
The article continues below the advertisement
On Friday, DN wrote that the National Security Authority (NSM) is sounding the alarm about serious holes in Norway’s digital security. The new report also shows that preparedness to deal with extensive cyber attacks against Norway has major shortcomings, including because Norway lacks comprehensive management and coordination of IT security between government agencies.
DN can now reveal that Norwegian authorities are in the middle of a new serious cyber incident. This is confirmed by the head of the National Security Service, Sofie Nystrøm.
– We are currently facing a very serious situation regarding zero-day vulnerabilities, which is more powerful than what we saw in the attack on the Security and Service Organization (DSS) of the ministry and ministries this summer, says Sofie Nystrøm , head of the National Security Service (NSM), to Dagens Næringsliv.
This is a new ‘zero-day vulnerability’, that is, a digital threat that no one has previously known about, and which is therefore both more difficult to detect and to combat.
The article continues below the advertisementThese vulnerabilities are the ones the security world fears most. They are also the most expensive – not only because they are rare, but also because they can be used as digital weapons by state threat actors.
The NSM chief’s confirmation means that Norwegian companies are once again hit by new, serious attacks with such tools, which were attributed this summer to state-funded threat actors – and which this time are “more powerful” than the previous ones, according to Nystrøm .
– We want suppliers to provide updates and we coordinate internationally. It is not quiet in the cyber domain. On the contrary, Nystrøm tells DN.
A “patch” – or security update – was sent Monday evening that corrects the vulnerability.
Important Norwegian companies
According to NSM, several companies in Norway have been compromised as part of the new incident, which could allow unauthorized hackers to gain full control over some of the company’s network devices, such as routers and switches.
Hackers have exploited a previously unknown vulnerability to compromise network boxes and gain permanent access. The Norwegian companies affected are described as “companies that are important” and that “provide community services”.
NSM has coordinated the handling of the new attack, but does not want to answer whether public or private actors were affected, and how many there were.
The severity of this event sets it apart from others. In the international vulnerability scoring system used by the security industry, this incident is rated ten out of ten, which is the highest possible score. DN is told that vulnerabilities of this caliber do not occur often.
– It has a very, very high criticality because it can provide a lot of access, in a different way than the DSS vulnerability this summer, says Gullik Gundersen, deputy director of the National Security Authority at DN.
Highest possible access level
The issue was discovered when abnormal activity was noticed on an unnamed user’s Cisco device, with attackers attempting to create accounts on the user’s devices with the highest possible level of access.
Now most of the Norwegian companies affected are in the process of ending their response to the vulnerability, but from what DN understands, there will still be work to be done in the companies where the vulnerability has been actively exploited. Norway was not the first country to exploit the vulnerability, but it quickly became part of the equation.
– Norwegian companies have had active incidents in their network, where a threat actor has exploited the vulnerability and gained access to the inside of the company. It is very important that all companies install the security update that is now available. The exploitation of this vulnerability shows the risk picture in which Norway operates, even though Norway was not the target in the very beginning, says NSM Deputy Director Gullik Gundersen, who contributed to the handling of the incident in Norway.
Norway “attacked”
On July 12 this year, the ministry’s Security and Service Organization (DSS) discovered one of the most serious cyber incidents to hit Norway in 2023. Twelve ministries were affected by various zero-day vulnerabilities.
After the incident, Prime Minister Jonas Gahr Støre stated that he was leading a government that was “under attack”.
It is currently unknown which threat actor is behind the new zero vulnerability. It is currently clear that it has never been seen anywhere else in the world before – until it was recently discovered by a US security vendor.
On the way to defense municipalities
The number of highly advanced cyber attacks against Norway is increasing, according to NSM.
– They target important subcontractors, we see that municipalities with important emergency and defense installations in particular are in the line of fire and are very vulnerable. The state must therefore make a strong contribution in the future to increasing the level of cyber security to cope with what we see in the threat assessment. There is an increase in highly sophisticated cyber attacks against Norway, says Sofie Nystrøm.
The article continues below the advertisementShow all positions
She says the events are far more complex and comprehensive than anything NSM has ever been able to uncover in the past.
– We are most concerned about the deeper operations, the operations that are very quiet and where you plan and operate to access for many, many years, says Nystrøm.(Conditions)Copyright Dagens Næringsliv AS and/or our suppliers. We would like you to share our cases via links that lead directly to our pages. Copying or other use of all or part of the contents may only be made with written permission or as permitted by law. For further conditions see here.
The NSM chief confirms: dealing with new advanced cyber attacks against Norway
World News,Next Big Thing in Public Knowledg
#NSM #chief #confirms #dealing #advanced #cyber #attacks #Norway
