Written by
Anna Solana, Contributor
Anna Solana
Contributor
Anna Solana has been writing about technology, business, and science since 1996.
Full Bio
on January 11, 2022
| Topic: Security
When it comes to cyberattacks, it’s not so much matter a question of if an organization will be targeted, but when.
Image: perinjo/GETTY
Early in December 2021, the Catalan government suffered its worst distributed denial of service (DDoS) cyberattack ever. In the space of a few hours, attackers routed 350Gbps of data to the Generalitat’s information systems, representing 100 times more traffic than it would typically receive within the same timeframe. The incident was contained within three hours.
A couple of months prior to the DDoS attack on the Generalitat, the Autonomous University of Barcelona (UAB) was forced to revert to pen, paper and chalkboards when it was hit by a ransomware attack. The connection to the network was reset at the end of December, with most email accounts having been recovered – and a double authentication system applied – which allowed virtual classes to resume. While most systems have since been restored, others aren’t expected to be fully functional until the end of January.
SEE: A winning strategy for cybersecurity (ZDNet special report)
These incidents are, unfortunately, not outliers. According to the Spanish National Institute of Cybersecurity (INCIBE), Spain has seen more than 150,000 cyberattacks since the beginning of the COVID-19 pandemic. Other high-profile cases include: an attack in April last year on the Spanish government agency that manages unemployment benefits; Catalan hospital Moisés Broggi; Barcelona’s public bicycle service, Bicing; as well as a number of companies including beer company Damm. Security firm Checkpoint reveals Spanish companies are now exposed to 961 threats every week, 61% more than in 2020. Clearly, a worrying trend is emerging.
A global nightmare
The latest report from the Cybersecurity Agency of Catalonia, issued in mid-December 2021, points out that “there is an escalation in the magnitude of cyberattacks, the importance of the objectives and the impact they provoke, which constitute a threat to economic and social stability” – not just in Catalonia or Spain, but throughout the world.
The report estimates that cyberattacks against critical infrastructures and supplies (water, electricity, gas) during the second quarter of 2021 increased 300% globally compared to the previous quarter. It also highlights the fragility of the education sector, where cyberattacks have increased by 200%.
This escalation comes as no surprise. A 2017 report from Cybersecurity Ventures predicted that there would be a ransomware attack against businesses every 11 seconds on average by 2021. The pandemic, which has fostered an ecosystem of working from home that is pretty weak by IT security standards, coupled with the fact that exploits are relatively cheap and easy to attain on the dark markets, are to blame.
Experts have warned repeatedly that cybersecurity is a key issue that companies need to make a priority for economic recovery. While companies in Spain are increasingly taking out insurances against cyber threats, payments demanded by ransomware attackers have increased to an average of €182,000, meaning insurers have bumped up their premiums by 25-40%. Small and medium enterprises (SMEs) are paying the price.
Marc Alier, professor and researcher at the Polytechnical University of Catalonia (UPC), tells ZDNet there are many factors that have contributed to the rise in cyberattacks in recent years. For one, web apps, unified systems for authentication, working from home and social engineering have created the perfect recipe for phishing and consequent ransomware attacks, he says.
SEE: CIO priorities: 10 challenges to tackle in 2022
The malicious program that infected the Autonomous University of Barcelona (UAB) encrypted 650,000 files and folders that contained information relating to the campus going back eight years. In October 2021, Spanish media published that ransomware outfit PYSA was responsible for the attack, which demanded 60 bitcoins from the university – approximately €3 million – in exchange for its data.
Only 8% of companies that pay the ransom get the totality of their files back. Dean of UAB, Javier Lafuente, quickly made it clear that the institution was not going to pay up. This is in keeping with the recommendation of the Spanish National Institute of Cybersecurity (INCIBE), which states: “never pay the ransom, as it encourages cyber criminals to continue operating in this way.”
UAB speculated that phishing techniques might have been used to capture credentials from students or staff that were then exploited to gain admin status and deploy ransomware tools. Some of the institution’s IT services not only needed to be restored, but entirely reconstructed.
Security TV
|
Data Management
|
CXO
|
Data Centers