The State of Security: Poland

Poland is getting ready for the upcoming Presidential elections in August 2023 amidst a turbulent geopolitical and economic environment. The war in Ukraine has placed the country in the epicenter of the events, becoming home to more than 3.5 million refugees. The unprecedented energy crisis with prices soaring every day threaten to destabilize local economy. Besides those two important factors, cyber threats are also shaping the future of Poland.

Cyjax has developed a thorough report providing insights and assessment on the cyber posture of Poland ahead of the 2023 elections. “With the importance of Poland strategically, as a developed market, and tactically through its economic and geographic position within the EU, we felt it was vital to provide people employed in and traveling to the country a holistic understanding of the risks posed by Cybercriminals towards them,” says Chris Spinks, Head of Operations at Cyjax. Following a thorough analysis of all the risk factors, the Cyjax team assesses that “the cyber risk to the Polish elections and to staff working in the country is Medium.”

background information

The Polish National Cyber ​​Security Strategy (2019-2024) aims at “Increasing the level of resilience to cyber threats and protection of information in the public, military and private sectors, as well as promoting knowledge and good practices to enable the citizens to better protect information.” The Strategy details four objectives, namely:

  1. Development of the national cybersecurity system.
  2. Increasing the level of resilience of information systems of the public administration and private sector, and achieving the capacity to effectively prevent and respond to incidents.
  3. Increasing the national capacity in the area of ​​cybersecurity technology.
  4. Building a strong international position of the Republic of Poland in the area of ​​cybersecurity.

Poland is also a signatory to the Cybercrime Convention of the Council of Europe. However, the government is cognizant that additional investment is required to enhance the nation’s cybersecurity capabilities, and that new legislation will be necessary to assure the successful execution of any new measures.

Cyber ​​attacks are increasing

A 2022 survey called “Cyber ​​Security Barometer,” carried out by the global consultancy KPMG, found that since 2021, 29% of Poland’s businesses have been the subject of at least one cyber-attack. This marks a 5% increase compared to 2020, indicating that cyber threats and cyber-attacks in the country are rising.

Although cyberattacks in Poland have risen by 5% as a whole, the country has still managed to remain below the average 8% rise seen worldwide,” notes Jovana Macakanja, Intelligence Analyst at Cyjax.

The majority of reported cyber events in Poland involve malware attacks, such as rootkits, trojans, viruses, and dialers. Cybercriminals are progressively deploying various forms of ransomware and launching malicious/phishing efforts on a regular basis.

In the country, spam, hate speech, and piracy are all common hostile internet activities. In Poland, online abuse was regarded as one of the greatest threats in 2020. There is also a possibility of illegal and harmful information. While this threat is not unique to Poland, there are concerns about pornographic, neo-Nazi, xenophobic, and racist materials, which may have ties to extreme right-wing organizations.

Following the support of Poland to the people of Ukraine, the Polish Prime Minister reported in May 2022 an upsurge in DDoS assaults aimed at domestic institutions; these attacks could impede access to services offered via websites. Russian hacktivist organizations have openly acknowledged responsibility for these attacks. However, it does not appear that they have had a significant impact on Polish organizations.

Since the beginning of 2022, Poland has been directly impacted by other cyber-related occurrences, not related to the war in Ukraine, such as malware and APT attacks, distributed denial-of-service (DDoS) assaults, and data dumps.

  • In July 2022, the North Korean state-sponsored threat group APT37 launched a fresh effort to disseminate the Konni RAT against high-value organizations in Poland, the Czech Republic, and other nations. Malware was delivered using phishing emails in this incident.
  • Cloudflare repelled a record-setting DDoS attack in June 2022 that targeted internet and telecommunications, media, gaming, financial, business, and retail organizations in Poland, the United States, Russia, Ukraine, and other nations.
  • In May 2022, researchers noticed the spread of a new variant of the ERMAC Android banking trojan, ERMAC 2.0, which targeted Polish users and was mostly spotted being deployed via fraudulent websites posing as prominent food delivery platforms and phony browser updates.
  • The BRATA Android malware added new features in February 2022 and began targeting online banking consumers in Poland, the United Kingdom, Italy, Spain, China, and Latin America.

It is possible that more attacks will be observed as the country nears its 2023 election period, both by domestic and international actors attempting to influence the outcome of the election,” comments Jovana Macakanja. “In terms of risk to individuals, threats can be limited by following most cybersecurity best practices such as not using public WiFi spaces, using a VPN, and not clicking on unknown links or popups.

State surveillance is a major concern

An area of ​​major concern is state surveillance via the use of spyware software. Although the government initially rejected the accusations of using the spyware Pegasus in 2019, later a spokesperson admitted that the government had bought the software. The accusations surfaced after The Citizen Lab discovered that the smartphones of two prominent members of the opposition were repeatedly infected with the spyware.

The use of such illegal practices along with the governmental control of many Polish newspapers and TV stations are areas of great concern for the upcoming elections. The disclosure of similar cases of spyware in other EU countries, such as Spain and Greece, indicate that this is a threat to the very essence of democracy – the freedom of expression and the protection of human rights and dignity.


Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

Leave a Comment