Since the beginning of the year, and comparing data with previous years, cyber-attacks seem to have multiplied in Spain. Last March, the cloud security company Datos101 published a report with the following results: in one year, cyber-attacks have grown by 125% in Spain, bringing the number of daily cyber-attacks to 40,000.
The report came weeks after the Spanish Public Employment Service (SEPE) saw its data and computers blocked by the RYUK ransomware. Last week, three months later, the Ministry of Labour was again attacked by ransomware.
How well protected are public entities?
According to the National Cryptologic Centre (part of the CNI), only six websites of the General State Administration have a Certificate of Conformity of the National Security Scheme (ENS) granted by an accredited certification body. However, Samuel Parra, data protection specialist and CEO of the specialised company Égida, told Nius Diario: “Being ENS-certified is a guarantee, important, yes, but it does not mean that you have 100% IT security because it does not exist, neither in Spain nor anywhere else in the world. This is why it is perfectly compatible for an administration to be the victim of an attack and also to be certified in the ENS. However, non-certified administrations are going to be more vulnerable”.
Cyberkidnapping for millions in bitcoins
Last May, the United States suffered a cyber-attack that led to the hijacking of the oil pipeline linking Texas and New York. The cybercriminals used a ransomware-type virus to steal all of the company’s data, crippling its operations. Following the pattern of ransomwares, they demanded a ransom to unlock the data, and received 75 bitcoins in return, around 4.3 million euros at the time.
Moreover, according to experts, the pandemic seems to have played a role in the increase in cyber-attacks. According to Silvia Barrera, National Police Inspector and Head of Technological Investigation in La Rioja: “Although there are no figures at the moment, we have noticed an increase. In addition, in times of economic crisis it is more difficult for people who have been left without economic resources and some of them consider committing crimes”.
The big targets in Spain
According to Inspector Barrera, the targets of cyber-attacks in Spain tend to be essential services: hospitals, oil companies, electricity companies and operators… After all, cyber criminals are looking to make as much money as possible, and they know that since these are essential services, people don’t usually wait to look for alternatives, and they tend to pay the ransom immediately.
Anyone can be hacked
Governments are constantly under attack by cybercriminals, and the purposes can be economic, political or what is known as Hacktivism. “The problem with cybersecurity is that this can happen to anyone,” says Enrique Serrano, CEO of Hackrocks. “In Spain there is a lot of talent in cybersecurity. Spanish hackers have been European champions twice and I know from experience that the level of our law enforcement agencies is very high. But cybersecurity, on the side of the good guys, is always a step behind. When a cybercriminal discovers a vulnerability, until it is detected, in that period we can all fall.”
A country of vulnerable SMEs
The National Cybersecurity Institute (INCIBE) managed more than 130,000 cybersecurity incidents in 2020, according to the organisation’s own data. Spain is a country of SMEs and this is where cyber-attacks can be devastating and even lead to bankruptcy. One of the most common attacks tends to be ransomware, the type of virus for which cybercriminals demand a ransom in exchange for the information that has been compromised. Attacks of this type can be financially disastrous for family businesses, which is why it is necessary to invest in cyber security.
#Cyber-security #Cyber-attacks #Ransomware
Source: Nius Diario
To keep up to date with our blog follow us on our social networks: