Cyber assaults persistently plague Romania's health and energy sectors, claims the National Cybersecurity Authority (DNSC)
In 2024, Romania faced a significant increase in cyber threats, with public administration, the health sector, and the energy industry being the most targeted. The National Cyber Security Directorate (DNSC) reported 101 ransomware cases alone during the year[2].
The types of attacks affecting these sectors included Distributed Denial of Service (DDoS) attacks, ransomware, data breaches and exfiltration, website defacements, brute-force attacks, and encryption[2]. These sectors experienced persistent and serious cyber incidents, many originating from Russian-hosted IP addresses.
Public administration saw attacks on critical infrastructure such as Bucharest City Hall, the Bucharest Transport Company, the Romanian Railway Authority, and the University of Bucharest[2]. The health sector faced significant threats due to the large volume of sensitive data and underfunded critical infrastructure. The energy sector, with Rompetrol and Mol Romania being targeted, remained a priority for attackers aiming to test, disrupt IT/OT infrastructures, and obtain financial gains[2].
Transport sectors, including CFR, CNAIR, Bucharest Airports National Company, Port of Constanta, Astra Trans Carpatia Feroviar, Băneasa Airport, and Metrorex, were also targeted with website defacements, encryption, and the exfiltration of sensitive data[2].
The banking sector was not left unscathed, with companies like Alpha Bank, Banca Transilvania, Banca Comercială Română, Creditcoop, Exim Bank, Edificium, National Bank of Romania, Romanian Bank for Loans and Investments, Bucharest Stock Exchange, and Bank Deposit Guarantee Fund all being targeted[2].
The attacks worsened due to increasingly complex attacks carried out by malicious actors with advanced capabilities[2]. To counter these threats, Romania has employed several countermeasures. The DNSC has strengthened incident detection and response, managing hundreds of cyber incidents[2].
International collaboration has also been a key strategy. A new regional cybersecurity alliance with Moldova and Ukraine has been established, enhancing coordinated prevention, detection, and response capabilities[2][3]. Romania is also developing advanced cyber capabilities, including AI-based solutions, and continuously training specialists and organizing joint exercises to improve cyber resilience and interoperability among allied states[2][3].
Romania actively participates in trilateral cooperation to establish a regional cybersecurity coalition that leverages accumulated experience to counter Russian cyber threats and boost regional security[3]. This coalition addresses prevention, detection, response, and promotes the evolution of cyber-defense strategies and technologies.
In summary, the most affected sectors in Romania in 2024 were public administration, health, and energy. These sectors suffered mainly from ransomware, DDoS, and targeted cyber espionage or disruption activities. Romania counters these threats by improving national incident management and fostering regional alliances with Moldova and Ukraine to share expertise and coordinate defense[2][3].
These details provide a comprehensive picture of the 2024 cyber threat landscape and Romania’s ongoing defensive measures in the public administration, health, and energy sectors. It is important to note that cybercrime costs globally are rising, and AI is increasingly used by attackers, complicating detection and defense[5]. Romanian authorities also investigate cases such as ATM cash-out operations linked to organised crime[4], demonstrating a broad spectrum of cyber threats beyond critical sectors.
- The health-and-wellness sector, plagued by a large volume of sensitive data and underfunded critical infrastructure, was significantly targeted in Romania's 2024 cyber threat landscape, facing persistent cyber incidents.
- In 2024, the finance industry, encompassing banks like Alpha Bank, Banca Transilvania, and the National Bank of Romania, was not left unscathed by cyber threats, with malicious actors carrying out complex attacks to gain financial gains.
- The energy sector, namely Rompetrol and Mol Romania, was a priority for attackers in 2024, aiming to test, disrupt IT/OT infrastructures, and obtain financial gains, while the technology sector, including CFR, CNAIR, and Bucharest Airports National Company, was targeted with website defacements, encryption, and the exfiltration of sensitive data.
){kind=link}