The International Council for the Exploration of the Sea (ICES) has fought off a couple of cyber attacks, first with a penetration of the organisation’s systems, and followed up a few weeks later by a DDoS attack.
ICES states that onsite servers were penetrated in the first incident and systems were closed down directly following this event.
‘Working with specialists, the threat was identified and the entire onsite infrastructure was quarantined. The threat was removed from affected machines and the onsite infrastructure was rebuilt in a clean environment and closely monitored to ensure the integrity of the system as it was restored from clean offsite protected backups,’ an ICES representative stated.
‘Several steps have been taken to increase the security around the ICES systems, and additional software and monitoring have been implemented to safeguard all ICES systems, both on premises and offsite. There has been no evidence of data exfiltration, which has been confirmed by the cyber security specialists. Further, there is no evidence of any malware having been present in the ICES systems that could have spread to users of ICES websites, document libraries or databases.’
The use of DARX ransomware was detected during the cyber attack.
‘We immediately shut down systems, VPN access, and the connection of all machines and systems to the Internet, and contacted the authorities. We identified several cyber security experts to potentially assist us, and we contracted Arctic Wolf Networks. We have examined and investigated the incident with the input and guidance of Arctic Wolf,’ ICES states.
A few weeks later, ICES web resources were overwhelmed for more than two days in a distributed denial of service (DDoS) attack – although there was no security breach of any ICES systems – when the servers received 1.19 billion hits.
‘ICES IT team implemented solutions that brought ICES back online and enacted new monitoring protocols to prevent similar attacks,’ ICES reports.
‘ICES management and IT staff met as soon as we identified the breach, and we followed our cyber security experts’ recommendations to respond to the incident.’
An extensive suite of measures has been implemented to fix the problem and resume normal activity.
‘ICES continues to be vigilant and is closely monitoring all the tools we have at our disposal to ensure ICES network remains safe. We are working on further remediation measures and a ‘lessons learned’ analysis that will be used by ICES Secretariat, ICES Bureau and ICES Council to prioritize any additional necessary long-term changes.’
