A cyberattack on the Russian Federal Air Transport Agency's (Rosaviatsia) infrastructure allegedly erased all documents, files, aircraft registration data and emails from the servers. The agency lost nearly 65 terabytes of data.
According to several reports, the Russian Federation declined to confirm the cyberattack and blamed the temporary lack of internet access on an electronic document system malfunction. The agency has since switched to pen and paper and postal mail to conduct its analysis and communications.
Several sources report that the agency lost 1.5 years' worth of emails and had no backups to restore the system, resulting in a severe disruption to the agency responsible for overseeing the civil aviation industry in Russia.
While several reports claimed the Anonymous hacking collective was behind the cyberattack, the group said the attack doesn't fit its objectives. "Anonymous are not terrorists, and we do not justify attacking civilian targets," the group said on Twitter.
Although details of this cyberattack are still emerging, security leaders say it was likely a hacktivist campaign. "The attack shows that 'hacktivism' has not disappeared," says Neil Jones, Director of Cybersecurity Evangelism at Egnyte. Organizations should plan for attacks from hacktivist organizations or even disgruntled employees with an effective incident response plan "to prevent employees from reverting to data analysis via pen and paper."
According to Jones, organizations should implement the following best practices to reduce the likelihood of attacks such as Rosaviatsia:
- Restrict data access based on an end users' 'business need to know';
- Implement technology that detects suspicious log-ins, particularly from unanticipated geographical regions.
- Proactively state the organization's position on critical geopolitical events, and update positioning as conditions change.