Teleworking triggers the risk of suffering a cyber attack in Spain

“Pass me to your boss or I’ll upload the data to the deep web [la parte de internet que no aparece en los buscadores convencionales]. I want to make you an offer.

-I do not can. Send me everything in writing.

This is how Marta (38 years old, Madrid), in charge of cybersecurity in a recreational video game company, answered by phone to “Mr Hacker”, when he tried to hijack the company’s servers. The hacker tried to blackmail her by threatening to publish the data she had stolen, such as the payroll of the company’s workers, or the IDs of her clients. She asked for a ransom of one million dollars in cryptocurrencies. But Marta resisted: “He gave us the link of onions (an anonymous address) and we saw that he had published the payslips with the information crossed out.” What Marta experienced could seem like part of an episode of a police series, but it is not an isolated case. In the last year, the authorities detected 180,000 cyberattacks in Spain, according to the sum of the data from the National Institute of Cybersecurity (Incibe) and the Ministry of Defense. “Teleworking has increased exposure and has caused an increase in cyberattacks,” says the Executive in a letter sent to Congress.

Of the 109,000 security incidents on-line served by Incibe, 90,100 affected citizens and businesses. The rest were related to strategic operators (680) or to the Spanish Academic and Research Network (RedIRIS: 18,278), according to the body’s balance.

The Public Administrations are not spared either. Cyber ​​espionage on the president, Pedro Sánchez, and the Defense Minister, Margarita Robles by the Israeli Pegasus program is just one example: in 2020, 82,530 cybersecurity incidents were recorded and, last year, 69,202. Of them, more than half affected regional or local administrations, which in 2021 suffered three times as many attacks as in 2016 (39,483 compared to 11,991), according to data from the Ministry of Defense, which reflects that the worst moment for these organizations was the pandemic (43,091 incidents in 2020) .

Andalusia has accumulated the highest number of cyberattacks on its administrations in the last six years: 53,364. They are followed by the Valencian Community (25,451) and Madrid (20,514). At the bottom are Cantabria, Melilla, Ceuta and Navarra. Marcos Gómez, deputy director of services at the National Institute of Cybersecurity, explains the difference between regions: “Where more cybercriminal activity is detected is where there are more people who connect to the Internet. Although there are larger regions, there is more population dispersion and there are not as many connection nodes”.

Marta’s company is in Madrid, one of the regions hardest hit by cybercriminals. The offensive began with an email received by company employees in which the hacker he pretended to be their director, giving them a usual task: “Check this Excel, please”. Of the 400 workers, only three fell for the trap. They downloaded the document and the virus began to spread through the network. It was March 2020. “They took advantage of the fact that we were all teleworking from home. If you are in the office, the firewall [el cortafuegos digital que bloquea el acceso no autorizado] it acts as an umbrella, but when you are at home connected to a private network you have many more insecure points”.

The company cut off the connection to the outside to prevent their servers from being hijacked. “They realized that we had caught them,” recalls the employee. At that moment they began to call the office, where only Marta and her team were present, from a hidden number. She “she spoke in English and you could tell that she was reading a piece of paper. She told me that if we didn’t pay she would publish the data,” she recalls. The cybercriminals did not have time to encrypt the servers because the National Cryptologic Center monitored them. They did steal information, although they couldn’t relate it: “They had all the data, but they didn’t know who it belonged to because they needed the credentials.” The company was completely stopped for several weeks until they recovered the system.

Gómez explains the consequences of ransomware, or data hijacking: “It is the most damaging computer virus because it prevents the provision of a service and the continuity of a business because it prevents you from connecting to the internet or accessing your data”. Among the most common typologies, he also points out computer fraud (phishing) to vulnerable systems: “Cybercriminals look for systems that are not well protected or updated.” And he recalls the importance of not picking at the hooks, which are usually topics of varied interest: “For example, the coronavirus, the war in Ukraine or even the death of Jesús Mariñas.”

Unauthorized charges

Because the threat is not focused solely on companies, far from it. For example, it keeps citizens like Virginia Aguado (Palma de Mallorca, 48 years old) on alert, who has suffered four cyberattacks in two years: “I was waiting for a package and I received a message from Correos with a logo very similar to the original . Five minutes after opening the link, I had 27 charges between 15 and 25 euros in stores with very strange names.

The following were similar: a charge of 90 euros for two orders through a food delivery application, another of 14 euros on Google Play and, the last, the usurpation of his Netflix account. “They contracted the most expensive rate until I realized it. I have lost all my history and what comes out now is that I have been watching SpongeBob SquarePants and a Korean love soap opera, ”she says, bewildered after having recovered the subscription.

“The most direct target is usually citizens and small and medium-sized companies because they do not have the same level of cybersecurity culture as a large company or a professional,” explains Gómez, deputy director of services at the National Institute of Cybersecurity. And he adds that it is an increasingly frequent problem: “Anyone is exposed to a cyberattack and the malicious codes are becoming more sophisticated.”

Given the increase in threats, the Government announced in March the Cybersecurity Shock Plan, endowed with more than 1,000 million euros, with new measures on the public sector and the entities that supply technologies and services. Among them, the implementation of the Cybersecurity Operation Center of the General State Administration to improve surveillance and detect threats in daily operations in information and communications systems, and the reinforcement of the security of the new 5G electronic communications networks .