Country of Georgia Suffers Widespread Cyberattack | Threatpost

A cyberattack hit the small country of Georgia, Monday, knocking 2,000 websites as well as the national TV station offline in the largest cyberattack the nation has ever seen.

The relatively unsophisticated defacement attack—which replaced normal functionality with an image of former Georgian President Mikheil Saakashvili and the words “I’ll be back” — sent panic throughout the Caucasian nation, according to reports.

It’s still unclear who is behind the attacks; however, a local web-hosting provider, Pro-Service, took the blame for the problem. “The largest-scale cyberattack is being repelled at this very moment,” the company said Monday in a statement on its website (translated by Google).

Pro-Service confirmed that one of its servers—which powers websites of state agencies, the private sector and media organizations–was the target of the attack. As a result, “some 15,000 subscribers of Web site servers on the Pro-Service server crashed,” the company said.

Once it was discovered, the company hastily worked to fix the problem alongside the Ministry of Internal Affairs and security experts, according to Pro-Service. The ministry is currently investigating the situation.

By Monday 8:00 pm local time in Georgia, Pro-Service managed to restore 50 percent of the affected sites, the company said. The company aims to have all of the sites functioning normally by the end of day Tuesday.

The image and words demonstrate that the attack was likely politically motivated, and current social-media speculation is that Russian hackers are the culprit, according to reports – however no firm evidence has been presented.

Saakashvili, a pro-Western politician who served two terms as president of Georgia from 2004 to 2013, currently resides in the Ukraine, where he is now a citizen. Saakashvili gave up Georgian citizenship in 2014 to serve as governor of Ukraine’s Odessa region, though he was later deported and had his Ukrainian citizenship revoked in 2018. He lived briefly as a “stateless” person in the United States before he was allowed to return to Ukraine as a citizen in May 2019, but is still wanted on criminal charges in Georgia.

Georgia was plagued with similar cyberattacks during the five-day war in 2008 between Russia and Georgia over disputed territory in Abkhazia and South Ossetia.

“The cyberattacks in Georgia demonstrate once again the shaky infrastructure upon which so much of our world is built,” said Jonathan Knudsen, senior security strategist at Synopsys, in an email. “Software is critical infrastructure, but the functionality we’ve assembled has far outpaced our ability to make it secure and resilient.”

Brian Warehime, a principal threat researcher at ZeroFOX, called these types of politically-motivated cyberattacks “the new normal.” He said they are especially “troubling” because even if they target a specific region for a specific reason, they can create political instability and unrest globally.

“While impacting Georgia, attacks like this can very well be seen in Western countries actively targeting political figures, resources or government sites in an effort to spread misinformation,” he said in an email.

What are the top mistakes leading to data breaches at modern enterprises? Find out: Join experts from SpyCloud and Threatpost senior editor Tara Seals on our upcoming free Threatpost webinar, “Trends in Fortune 1000 Breach Exposure.” Click here to register.