Sunday, October 2

From paralyzing the SEPE to the largest breach in history: 2021, the year of computer insecurity

  • Cyberattacks against private companies and public bodies soar by 15% annually and are already moving a business of 6 billion euros

  • The trend is also consolidated in Spain, where the paralysis of SEPE services has been the most critical ‘hack’ of the year

Although your eyes cannot see it, every 39 seconds there is a cyber attack. While you walk, do sports or watch a series, you Privacy and that of millions of users around the world has become the goal of a computer warfare which is quietly fought under countless lines of code. A threat that you cannot feel but that, nevertheless, does not stop growing. The pandemic has accelerated our digitization, but it has also left us more exposed.

On December 9, experts in cybersecurity Around the world shook hands after discovering a catastrophic vulnerability: log4j, a key functionality of the Java programming language, had a back door that allowed cybercriminals to infiltrate the system and steal information. The difference with other attacks is that this code is massively used by millions of digital services. The clouds of Amazon, Apple Y Microsoft, the cars of Tesla, the videogame Minecraft, the applications of Twitter, banks, insurance companies or public bodies were exposed and with them billions of their users. “The Internet is on fire,” explained Adam Meyers, vice president of cybersecurity firm Crowdstrike.

This gap, considered by several experts as the worst in history, closes a 2021 marked by the computer insecurity. And it is that the restriction measures imposed by the covid, such as the standardization of telecommuting, have accentuated our dependence on screens. The hackers They have not missed that golden opportunity and have launched a wave of attacks that does not stop breaking new records, a trend that is here to stay. The opaque business of cybercrime, in which organized groups and intelligence agencies participate, has gone from moving three trillion euros in 2015 to six trillion this year, according to calculations by Cybercrime Magazine. In 2025 it could exceed 10 trillion, a growth rate of 15% per year.

Biggest attacks of the year

2021 has left a long history of cyber attacks, with different methods and objectives. During the first six months the attacks had grown by 29%, according to a global checkpoint report, but undoubtedly the most popular form of extortion is the ‘ransomware‘, a virus that blocks access to sensitive data and asks to pay a ransom to release it. And the more strategic or critical the paralyzed service, the greater the amount demanded of the victims.

This practice was used in May against Colonial Pipeline, the largest pipeline network in the United States. This year’s main attack paralyzed gasoline supplies in 17 states, which triggered an emergency response, and 75 bitcoins (equivalent to 3.89 million euros) were paid for its ransom. With the same method, the largest meat producer in the world was forced, JBS Foods, and the insurance company CNA to plow up to 10 and 35.4 million respectively, the highest payment ever made public. The Russian criminal group REvil demanded the Taiwanese computer giant Acer the payment of the equivalent of 88.4 million, but it is unknown if he ended up paying it. From Irish Public Health to the NBA, the use of ‘ransomware’ has skyrocketed 93% against all types of businesses.

In addition to Log4j, the biggest breaches of the year include Microsoft Exchange Server, which affected 60,000 companies and nine government agencies in the US and the European Banking Authority; the one that exposed 125GB of Twitch data, including the platform’s code and the salaries of its main creators; or the one that leaked stolen data from up to 533 million users of Facebook, 11 million of them from Spanish accounts.

40,000 attacks a day in Spain

Spain has not been alien to this global phenomenon. In 2020, some 40,000 attacks were detected per day, 125% more than the previous year, according to the company Datos101, a figure that this year has continued to rise. Although not all were successful, that volume helps to visualize the perpetual criminal siege that takes place behind the screens in the country. An analysis by the Ironhack technology training school places Spain as the third nation most at risk of being attacked, only behind the US and Germany.

This year we have seen how different computer viruses have infiltrated the entrails of large companies such as Telefónica, Mediamarkt or Estrella Damm or those of independent media such as El Salto or La Marea to hijack data and demand ransoms. “Most attacks are concentrated against SMEs and the self-employed because they are the ones that have the least cybersecurity measures,” says Marcos Gómez, deputy director of services at the National Cybersecurity Institute (INCIBE). “There is more and more protection, but there is still a lot of work to do.”

Related news

However, the most sensitive targets have been public bodies. This is the case of the Public State Employment Service (SEPE), whose services were paralyzed for two weeks after suffering an attack orchestrated by Russian cybercriminals seeking to discredit the state, according to the National Intelligence Center (CNI), which delayed essential steps in the midst of the crisis such as unemployment or the payment of ERTES. A few days ago, a similar infiltration managed to block access to the digital services of the Generalitat de Catalunya for three hours.

After uncovering the security hole of Log4Shell, the cybersecurity firm Cloudfare detected that every day computer criminals around the world scan the web 35 million times in search of vulnerabilities to exploit. The magnitude of attacks that this can unleash is still unknown. Experts warn that in the face of this growing threat, it is essential to reinforce the security of the systems. And it is that although it ended up being repaired, those who stopped the Log4Shell breach were three volunteer developers who worked on the project “in their free time.”

Leave a Reply

Your email address will not be published.