Get a free application, infrastructure and malware scan report - Scan Your Website Now

Subscribe to our Newsletter
Try AppTrana WAAP (WAF)
Managed WAF Start at $99

Georgia Web Attack: Overview of The Attack

Posted DateOctober 31, 2019
Posted Time 4   min Read

You may be aware of the massive cyber-attack that hit the country of Georgia on October 28, 2019, defacing and taking several websites and web-based services offline. This is one of the largest attacks that the country has faced since the Russo-Georgian war in 2008. The scale and nature of these attacks highlight the wide gaps in and the lax attitude towards cybersecurity, especially in government and public networks, and stress upon the need for proactive, comprehensive, and intelligent security measures.

In this article, we will explore the facets of the attack, its causes, and the lessons that we need to learn from such attacks.

An Overview of The Attack

This coordinated attack hit a massive 15,000 websites in Georgia wherein the websites were hacked into and defaced, and eventually, 2000 were forced completely offline. Through the defacement, the attackers replaced the home pages of the target websites with a photograph of former President, Mikheil Saakashvili, stating, “I’ll be back”. The former President is on a self-imposed exile in Ukraine after he was accused of multiple criminal charges including abuse of power. His supporters, however, believe that these are false charges and that it was a witch hunt against the pro-Western reformist leader.

It is unclear to the affected and involved parties about who the attackers are, and what their actual motives could be. The speculation is rife that there could also be Russian involvement in the attacks as the modus operandi and style is similar to the 2008 web attacks (during the Russo-Georgian war) by Russian attackers that targeted several Georgian websites and took them down.

The Targets

The targeting of the defacement appears to be random with a diverse range of targets. The multiple targets of these unprecedented cyber-attacks range from Government and its agencies, media, banks, courts, local newspapers, businesses – big and small, TV stations including the national television, NGOs, Georgian President Salome Zurabishvili’s website, and even personal web pages.

The magnitude of the impact varied vastly, with some websites being hit harder than others. For instance, three of the major broadcasters in Georgia were hit by the attack – TV Imedi, TV Maestro and TV Pirveli. However, the impact varied greatly. While TV Imedi and TV Maestro went off-air following the attacks, TV Pirveli did not. Additionally, TV Maestro’s computers were destroyed owing to the attacks.

What Caused the Attack?

One of the major targets of the attack was a server that belongs to the web hosting service provider, Pro service, which hosts websites of hundreds of Government agencies, businesses, media organizations, non-profits, etc. The company has taken the blame for the attacks admitting that the attackers breached their network to take down their subscribers’ websites. The company has not divulged details of the root causes of the attacks as of now and is engaged in restoring the websites that were taken down.

Lessons to Learn from Georgia “I’ll Be Back” Attack”

1. Your web security is as good as the security posture of your third-party service providers

Even though the Pro service, the web hosting service provider whose servers were leveraged to orchestrate the attacks, has not divulged technical details on its vulnerabilities exploited by the attackers, the attacks highlight the need for service providers as well as subscribers to be concerned about the strength of the security measures taken by the service provider. While organizations may be focusing on fortifying their own website security, they do not realize that their websites could be hacked even if their third-party service providers have weak security measures

2. Governments and all organizations need to take cybersecurity seriously

Considering Georgia has seen similar attacks on Government and public agency websites, it shows startling gaps in the preparedness of the subsequent governments and a lax attitude towards cybersecurity. Security experts believe that the signature, “I’ll be back” is ominous and that these attacks will not be the last if Georgia does not make critical changes to its cybersecurity protocols and the government agencies and the other targets of the attacks do not take cybersecurity seriously.

In today’s highly connected world, hacktivism and website defacements are becoming easy tools for nation-states to promote their geopolitical agendas to rival nation-states, especially since many Governments are not taking cybersecurity seriously.

What Can Be Done Better?

Regardless of the size or wealth of the nation, it is essential for them to invest time, resources, and efforts in strengthening the nation’s cybersecurity protocols, securing all Government and allied agencies’ servers, move away from legacy IT systems and consistently maintain high standards of web security.

There is a definite need to understand the risk posture of all the applications, without knowing the risk posture it is impossible to prevent such attacks in the future.  Risk posture can be found using automated scanners that try to find vulnerabilities in the applications by mimicking attack behaviors and through manual pen-testing, where ethical hacking is done to find vulnerabilities. This is the first basic step in the direction of protecting these sites.

Once the risk posture is identified, a concrete plan has to be put in place where the vulnerabilities found are addressed in a time-bound manner. There is also a need for creating a defense for applications from further attacks by using a WAF. WAF helps protect known attacks as well as virtually patch vulnerabilities that are found in the application.

Indusface’s AppTrana is one such complete solution that organizations can consider, which provides all three aspects of application security, risk detection, risk protection, and continuous monitoring. Get started with a free trial here.

Stay tuned for more relevant and interesting security articles. Follow Indusface on FacebookTwitter, and LinkedIn.

web application security banner

Spread the love

Join 47000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Related Posts

Phishing Attack Simulation
Tips to Prepare for an Effective Phishing Attack Simulation

94% of malware comes via email and 32% of security breaches in 2019 included phishing, according to statistics, and while there has been a big improvement in the way SMEs.

Spread the love

Read More
Serialization Attacks and How to Prevent Them
What are Serialization Attacks and How to Prevent Them?

Serialization and deserialization are powerful tools but need to be securely executed to ensure they aren’t counterproductive. Explore here.

Spread the love

Read More
CISO Responsibilities
CISO Responsibilities and Questions to Ask

Beefing up the security of your website is a necessity in today’s rapidly-changing digital landscape, but do you need a CISO?

Spread the love

Read More


Fully Managed SaaS-Based Web Application Security Solution

Get free access to Integrated Application Scanner, Web Application Firewall, DDoS & Bot Mitigation, and CDN for 14 days

Know More Take Free Trial


Indusface is the only cloud WAAP (WAF) vendor with 100% Customer Recommendation for 3 consecutive years.

A Customers’ Choice for 2022 and 2023 - Gartner® Peer Insights™

The reviews and ratings are in!