Poland: The Increasing Threat of Cyber Attacks

In common with internet users around the world, both organisations and private individuals in Poland face an increasing risk of cyber attacks.

A 2022 survey called Cyber Security Barometer, carried out by the global consultancy KPMG, found that since 2021, 29% of Poland’s businesses have been hit by at least one cyber attack. While this marks a 5% increase compared to 2020, it is below the worldwide average 8% rise in cybercrime reported in one survey. It should be noted, however, that these statistics are based only on reported cybercrimes, and the number is likely much higher when accounting for unreported attacks.

Many reported cyber incidents in Poland concern malware attacks, including rootkits, trojans, viruses and dialers. Cybercriminals are increasingly deploying various types of ransomware, and also frequently launch malicious/phishing campaigns, often using a well-known brand name to send out supposed invoices, documents or notifications which contain infected files.

Other issues faced by internet users include spam, hate speech and piracy. Online harassment was perceived as one of the most extreme risks in Poland in 2020, with users concerned about how personal and professional reputations could be affected. There is also a risk of illegal and harmful content: while these threats are obviously not exclusive to Poland, there are fears about the social impact of neo-Nazi, xenophobic and racist materials.

In February 2022, Russia launched its invasion of Ukraine, resulting in large numbers of refugees fleeing to surrounding countries, with the majority crossing into Poland. The country’s ruling party has been at the forefront in trying to persuade the international community that a robust response is needed to President Vladimir Putin’s aggressive actions; it has also stated that EU sanctions on Moscow must be maintained and extended further. These views have put the country in the line of fire for threat actors participating in cyber warfare.

Following the invasion, cyber attacks between Ukraine, Russia and other countries on either side of the conflict greatly increased. In response, the IT Army of Ukraine was created, allowing anyone to join and conduct various cyber attacks against named Russian targets. There is no doubt that their activities have caused a great deal of damage to Russian organisations: major government sites have been taken offline by DDoS attacks, and many damaging data leaks have been seen. Pro-Russia groups are also operating: these hacktivists have expanded their attacks from Ukraine to neighbouring countries deemed not to be supportive of Putin’s actions. For example, Killnet was seen conducting DDoS attacks on institutions and NATO sites in Poland and Romania.

In May 2022 the Polish Prime Minister disclosed an increase in DDoS attacks targeting domestic institutions in the country. Russian hacktivist groups have openly admitted to these attacks.

The Ukrainian and Polish governments have now signed a memorandum of understanding in the field of cyber protection, viewed as an important step in their joint fight against cybercrime.

Other more general cyber-related incidents continue. In July 2022, for example, North Korean state-sponsored threat group APT37 conducted a new campaign named STIFF#BIZON, targeting high-value organisations in Poland to distribute the Konni RAT. While the TTPs and toolset of this campaign pointed to APT37, there is a possibility that Russian threat group APT28 (aka FancyBear, Sofacy etc) was responsible for the campaign, due to a direct correlation between IP addresses, hosting providers and hostnames between this attack and historical data. APT28 is a Russian state-sponsored group that has been linked to the GRU, Russia’s Military Intelligence Service. The group has been active since at least 2014, and poses a serious threat to political, military and security targets, specifically looking to gather sensitive information of use to the Russian government.

Moving away from cyber threats, the EU is currently under pressure to deescalate its rule of law conflict with Poland’s ruling party. The conservative-nationalist party, PiS, enacted several reforms upon gaining power in 2015. These included changes being made to the judiciary system, undermining its independence, and representing a violation of the EU’s core values. This issue has led to Poland not receiving its EU coronavirus recovery fund national reconstruction plan (KPO) money. The two sides have recently reached an agreement  whereby €34.5 billion in grants and loans that has been allocated to the country as part of the fund is being conditionally released in tranches as Poland fulfils set ‘milestones’.

Poland’s prime minister also recently assured the public that there will be sufficient supplies of natural gas and coal in the country, with current importing problems being attributed to the war in Ukraine. If Poland experiences an energy supply crisis in winter 2022/23, the chances of PiS being re-elected will significantly decrease which, according to an analysis by Fitch Solutions, raises the likelihood of a coalition between Civic Platform, Poland 2050 and Polish Coalition.

An increase in cyber threats during the run-up to the parliamentary elections in autumn 2023 is also likely. In the past, threat actors have sought to disrupt elections or mislead voters with disinformation campaigns. Russian state-sponsored threat actors have been deemed responsible for such interference in elections in the US and across the EU, for example. A research report by the Oxford Internet Institute found that Poland was very vulnerable to disinformation campaigns seen on Facebook and Twitter in the run-up to the 2019 European Parliament elections, with users sharing more fake than real news. This type of cyber threat is likely to have the biggest impact on the elections, although it is possible that threat actors who oppose the various government parties will conduct more destructive attacks, involving data theft and leaks or malware.

Travellers to Poland, and those working there, should avoid using public WiFi spaces: these can leave all device data unsecured as no authentication is required to establish a network connection. Accessing the internet via unknown and unsecured WiFi can result in the theft of personal and sensitive information, including emails, credit card information and credentials. These hubs can also be used for malware distribution if file-sharing is allowed across a company network. If a user must connect to a public WiFi network, a VPN should be used at all times to encrypt data and stop threat actors from abusing stolen information without having to decrypt it first, often a lengthy process the attackers would not undertake. Users should also avoid clicking unknown links or pop-ups while browsing, to avoid potentially installing malware on the device or revealing sensitive data. It is also advised that people travelling to or working in Poland do not disclose their plans or location on social media networks.

Click here to download the White Paper

Scroll to Top