HODEICLOUD IS NOW A MEMBER OF CYBASQUE

HODEICLOUD IS NOW A MEMBER OF CYBASQUE

Since last Friday, 18th June, HODEICLOUD is a member of THE ASSOCIATION OF BASQUE CYBERSECURITY COMPANIES (CYBASQUE). The group already has more than 50 members, including HODEICLOUD, which will be an active part of it. BORN AT THE BEGINNING OF 2020, CYBASQUE AIMS TO MAKE THE BASQUE COUNTRY AN INTERNATIONAL BENCHMARK IN CYBERSECURITY, PROMOTING THE USE OF CYBERSECURITY IN INDUSTRY, AND RAISING PUBLIC AWARENESS OF THE PHYSICAL AND LOGICAL SECURITY RISKS IN THE DIGITAL ECONOMY WE ARE ENTERING. Seeking to be a reference for the Basque industry and SMEs to adopt innovation in digitisation with guarantees, Cybasque pursues the following objectives: The technical, commercial and economic promotion of the Cybersecurity industries it represents, and of the sector as a whole, thus contributing to the development and progress of the Basque Country. To contrast and defend the interests of the associated companies in the technological, commercial and business fields, as well as to represent them before national and international organisations, and to defend their professional interests. Promote cooperation between members and other sectors of economic activity, to promote the development of the Digital Transformation of organisations, the territory and society as a whole. HODEICLOUD IS A MEMBER OF CYBASQUE, THE ASSOCIATION OF BASQUE CYBERSECURITY COMPANIES. In this way, Cybasque takes on the challenge of promoting the development of cybersecurity in all private spheres of the Basque territory, promoting collaboration with other sectors and driving the development of new products and services, technologies or markets. Therefore, HodeiCloud will cooperate proactively in the development of the Digital Transformation and New Economy of organisations, the territory and society as a whole. #Cybasque #HodeiCloud...
Don’t let your NAS data be “hijacked” – here’s how to protect it from ransomware attacks

Don’t let your NAS data be “hijacked” – here’s how to protect it from ransomware attacks

The recent ransomware attack on QNAP-branded NAS has made more than one owner of this data storage solution nervous. A NAS (network-attached storage) is a server that functions as a repository for files and data. It is, in itself, a computer with its own operating system, and in case of data deletion (accidental or not) it can serve as protection, but if it is compromised it becomes an additional problem. It is impossible to be 100% safe from malware, but here are some tips to minimise its likelihood. 1. Update your software Although it may seem like a basic thing to do, it is necessary to always use the latest available software version of the operating system. This way, the only security flaws that malware writers can exploit are those that have not yet been discovered by the manufacturer, the so-called “zero-day” flaws. To make this more bearable, it is best to configure the NAS to perform updates automatically. If you are not in favour of automatic updates, it would be advisable to have an alert enabled on your mobile phone to indicate when there are updates. 2. Do not use the administrator user Keeping the NAS up to date prevents many attacks, but there are other ways in which ransomware can access the NAS. One common way to use the NAS is as a network drive. If a computer on the network has been infected with ransomware and is authenticated as an administrator on the NAS, it has the ability to remotely encrypt the entire drive. It is true that using the administrator user is not very common...
Spain suffers 40,000 cyber-attacks a day: administrations and SMEs, among the most vulnerable targets

Spain suffers 40,000 cyber-attacks a day: administrations and SMEs, among the most vulnerable targets

Since the beginning of the year, and comparing data with previous years, cyber-attacks seem to have multiplied in Spain. Last March, the cloud security company Datos101 published a report with the following results: in one year, cyber-attacks have grown by 125% in Spain, bringing the number of daily cyber-attacks to 40,000.  The report came weeks after the Spanish Public Employment Service (SEPE) saw its data and computers blocked by the RYUK ransomware. Last week, three months later, the Ministry of Labour was again attacked by ransomware. How well protected are public entities? According to the National Cryptologic Centre (part of the CNI), only six websites of the General State Administration have a Certificate of Conformity of the National Security Scheme (ENS) granted by an accredited certification body. However, Samuel Parra, data protection specialist and CEO of the specialised company Égida, told Nius Diario: “Being ENS-certified is a guarantee, important, yes, but it does not mean that you have 100% IT security because it does not exist, neither in Spain nor anywhere else in the world. This is why it is perfectly compatible for an administration to be the victim of an attack and also to be certified in the ENS. However, non-certified administrations are going to be more vulnerable”. Cyberkidnapping for millions in bitcoins Last May, the United States suffered a cyber-attack that led to the hijacking of the oil pipeline linking Texas and New York. The cybercriminals used a ransomware-type virus to steal all of the company’s data, crippling its operations. Following the pattern of ransomwares, they demanded a ransom to unlock the data, and received 75 bitcoins...
Cybersecurity: the final competitive advantage

Cybersecurity: the final competitive advantage

During the last months, the number of pieces of news related to cyberattacks has grown exponentially. According to the UN, every 39 seconds a cyber-attack takes place in the world, a most worrying figure. Moreover, the number of malicious emails has grown by 600% in the last year. The targets of these cyber-attacks are Ibex 35 companies, SMEs, public corporations… The reality is that these attacks are by no means new, neither in terms of the techniques used nor the objectives they pursue. According to Hiscox Cyber Readiness Report 2020, the average cost per cyberattacks in Spain in 2020 was 66.800€ and it’s nearly half a million in the case of bigger companies. Apart from that, that cost is 30% higher if compared to the average of other countries. Why are cyberattacks profitable in Spain? The main reason why experts think that cyber criminality is profitable in Spain is because there is not enough company culture related to cybersecurity, both among managing and rank-and-file employees. It’s true that the budget for cybersecurity is increasing lately, but nevertheless IT teams are not yet provided with sufficient resources to undertake investments in security infrastructure, nor for the recruitment of cyber-security experts. As a consequence, the attacks that would be easily detected with the proper tools are succeeding in attacking the company. The most common attacks are: phishing (fraudulent emails that steal information or install malwares), those that exploit social engineering techniques (deceiving employees to make payments or providing confidential information) and ransomware (what happened to Everis, extorting through the theft of critical data). The effect of the COVID-19 in cybersecurity Because...
Everis reveals 2 years later that the 2019 cyberattack cost 15 million euros.

Everis reveals 2 years later that the 2019 cyberattack cost 15 million euros.

The technology consultancy and Cadena Ser were blackmailed by hackers who blocked their computers. November 4th 2019 Cadena SER and the technology consultancy Everis suffered a cyberattack that blocked their informatic systems almost completely. More companies suffered the attack, but none stepped up and spoke out. The Ministry of Economy and the National Cybersecurity Institute of Spain (Incibe) did not reveal what type of information had been exposed. The reason for that secrecy was that it was a ransomware type of virus, which consists of a program that encrypts the victim’s files and asks for an economic rescue for the recovery of the data.  Specifically, this virus was called Ryuk, which was part of a Russian group, and which collected more than 3,5 million euros in 52 transactions, according to Crowdstrike. Two years after that it comes to light that the cyberattack meant millions of euros of costs. In the accounts for its latest fiscal year, 2019-2020, it has reported extraordinary costs of 12.87 million euros due to the “sophisticated cyber-attack suffered in November of 2019. On top of that, there is the additional loss of the corresponding business margin and other items, which increase the costs of the cyberattack to 15 million euros. Clients served by Everis include the European Commission, Banco Santander, Telefónica, La Caixa and Banco Sabadell. Losses of millions of euros Provisioning and poor new business performance caused the multinational business and the technology consultancy owned by NTT Data to post a net loss of 107.4 million euros in its latest 2019-2020 fiscal year compared with a profit of 30.6 million euros in the previous...
History’s largest password data collection has been filtered

History’s largest password data collection has been filtered

Even if one is careful with their passwords, some companies are not. As a consequence, hackings occur and our credentials are exposed. In Have I Been Pwned’s database there are almost 11.400 million accounts and recently a database containing a similar amount of data has been filtered, and it’s already considered history’s largest data filtration. As published by CyberNews, this database has been published in a popular hacking forum. The file was in a TXT format, with 100GB of size, containing approximately 8.400 million password entries. Once published in this forum, it’s likely that others have published it later. 8.460 million passwords in 100GB The hacker of this database has nicknamed it “RockYou2021”alluding to the filtration the social media app RockYou suffered in 2009, in which 32 million passwords were exposed. This time, the hacker claimed that the database contained 82.000 million registers, but in reality, they have turned out to be about 8.460 million. Until now, the data filtration record was 3.200 million passwords, in the so-called Compilation of Many Breaches (COMB). In the recent filtration, already considered the largest data filtration in history, the aforementioned COMB would be included. Verify if your password has been filtered Currently, there are about 4.700 million people connected to the Internet, and as the data filtration duplicates that number, it’s highly probable that our passwords have been exposed. This is worrying because someone could hack our accounts or social media. In order to verify if our password has been filtered or not, Have I Been Pwned (HBIP) and CyberNews have launched a tester thanks to which one is able to verify...