Cyber attacks heavily focusing on Romania's health and energy sectors, according to DNSC reports
In 2024, Romania experienced a significant surge in cyber threats, with the public administration, health sector, and energy industry being the most targeted. The Directorate handling cybersecurity incidents reported a total of 101 ransomware incidents that year, marking ransomware as a persistent and serious threat.
The attacks ranged from DDoS attacks, ransomware, data exfiltration, brute-force attacks, and website defacements, with many traced to IP addresses hosted in Russia. Critical institutions like Bucharest City Hall, the Romanian Railway Authority, and Bucharest Transport Company were among the targets.
The impacts of these cyber attacks were far-reaching, causing disruptions to public services, exposure of sensitive data, operational interruptions, and elevated cybersecurity risks across essential sectors. These attacks jeopardize public safety, healthcare delivery, and critical infrastructure reliability.
In response to these threats, several countermeasures were undertaken. The Romanian Directorate for cybersecurity incidents intervened to support companies and institutions affected by cyber attacks and incidents such as DDoS. There was also an emphasis on hardening networks to impose a cost-prohibitive environment for adversaries, enhancing deterrence through strong cyber defense practices.
Romania also strengthened regional cooperation through a trilateral cybersecurity alliance with Moldova and Ukraine, aimed at countering Russian hackers. Bilateral engagements with NATO allies, particularly the United States, were also pursued to share cyber defense strategies, improve security operations centres, cyber protection teams, and plan cyber operations collaboratively.
Romania offered cybersecurity support to Moldova, especially ahead of politically sensitive events like elections, indicating a proactive regional defense posture. The use of advanced threat intelligence and sharing mission overviews in cooperative events involving Romanian Cyber Command and allied forces was also a key strategy.
The broader context includes a record increase in cyber incidents reported by Romania’s Ministry of Digital Affairs with over 627,000 ICT security breach reports in 2024, a 60% yearly increase. These threats are made more complex by the use of artificial intelligence by cybercriminals to conduct automated, precise attacks such as phishing and voice fraud, which traditional defenses struggle to detect.
The low level of awareness among the general public and limited interest in cyber threats by management exacerbate existing vulnerabilities. The lack of specialized personnel in cybersecurity, particularly for incident response, poses a significant risk for organizations facing cyber attacks.
As Romania continues to navigate these evolving cyber threats, its cyber defense strategy combines incident response capabilities, enhanced international cooperation (both NATO and regional), capacity building in cyber operations, and adapting to emerging AI-driven threats to safeguard public administration, health, and energy sectors.
- The surge in cyber threats in Romania in 2024 not only targeted the public administration and health sector but also extended to the energy industry, making it essential for the finance sector to invest in robust cybersecurity measures to protect against potential financial losses and energy disruptions.
- In an effort to combat the growing cybersecurity threats, Romania intensified cooperation with Moldova and Ukraine, forming a trilateral alliance to counter Russian hackers, and collaborated with NATO allies like the United States to improve their security operations centers, cyber protection teams, and joint cyber operations planning.
- The increased use of artificial intelligence by cybercriminals adds a layer of complexity to the already pressing cybersecurity challenges, necessitating technology companies and research institutions to focus on developing AI-driven solutions for detecting and mitigating such threats in the health-and-wellness, energy, and finance industries.
