A Russian Cyber Attack Left CSIC Without Internet Connection For Two Weeks | #government | #hacking | #cyberattack

The Ministry of Science and Innovation has confirmed that the Higher Council for Scientific Research (CSIC) and its affiliated centers suffered a Russian cyber attack on 16 and 17 July. The statement comes a week after several of the agency’s investigators revealed themselves through various media—including a letter to the editor published by ABC—condemning that the attack cut off all connections to the network. Were. However, to date, only a quarter of the centers have recovered them, although the Ministry of Science and Innovation has assured that the problem will be resolved “in the next few days”.

According to the ministry, the cyberattack was detected on July 18 and “the protocol identified by the Cybersecurity Operations Center (COCS) and the National Cryptologic Center (CCN) was activated immediately.” Among the measures adopted was the disconnection of the entire network, a situation that still exists for most centres, which have to be connected to their individual lines to continue functioning.

“Since last week, following a minor and localized computer attack, Spanish cyber security authorities decided to disconnect the entire CSIC from the Internet ‘Sign Die’,” he denounced in this newspaper. Paul Chacon Montes, investigator of the organism. “Shameful, the Chief Investigating Agent is passive and nobody cares.” Chacon pointed to an “apparent failure in forecasting and a complete lack of minimal damage assessment”, in addition to consequences such as investigation delays, communications cuts or administration blockades.

Other researchers also condemned the situation via social networks:

And some pointed to a “structural problem” in the response system to this type of problem.

“We understand that a ransomware attack is something complex that can take time to resolve,” he tells ABC. David Arroyo GardenoCyber ​​Security Researcher at CSIC’s Institute of Physical and Information Technology.–, But the problem here is that the protocol required, at the moment, does not exist. Exactly on 18 July, Arroyo was to make a critical delivery by 31 July, but the network went down without warning due to a firewall activated to try to prevent damage. He says. As a cybersecurity expert, he was able to turn to other sources to find out. He was a ransomwareA method by which cybercriminals encrypt part of an attacked organization or company’s information for the purpose of demanding a ransom in exchange for releasing the data.

However, the ministry does not indicate anything about possible payouts to cybercriminals, only that the attack is “similar to that of other research centers such as the Max Planck Institute or the National Aeronautics and Space Administration of the United States (NASA).” , “The situation in Spain cannot be compared with organizations like the US, where an attack on this type of research becomes a matter of direct national security.”

Still, Arroyo Gardeno insists that this break is already causing great harm to CSIC researchers. “I’ve been unemployed for two weeks, which is going to affect my annual plan. Six other researchers relying on me will be left on the road in January if our work doesn’t progress. Years of work is crippling.”

Although on behalf of the government they assure that “in the absence of the final report of the investigation (…), no loss or abduction of sensitive or confidential information has been detected”, the truth is that Ukraine at the beginning of the invasion Russia has already warned its employees to turn off equipment over the weekend in case of possible attacks of this type. “Something that has been observed has not been effective,” emphasizes the researcher.

What to do in case of ransomware attack?

But what steps should be taken once such an attack is detected? “We have two objectives: to restore service and identify where cybercriminals have gone,” he tells ABC. Lawrence Martinez, director of cyber security company Securízame. “And this process can be delayed for a variety of reasons, such as it is a very large organization or the backup is compromised or even non-existent.”

According to Martinez, the purpose of these cybercriminals is to obtain a ransom that “can even reach one million euros.” “Before, cybercriminals gave you the virus and left; Now, they continue to trace the data and use it against you, so interacting with them can be a difficult task.”

“The biggest problem here is that there is no defined protocol on what to do in these cases in a complex institution like CSIC. We don’t know where we are or how long it will take to solve it,” says Arroyo Gardeno. And on behalf of the government they have issued a statement only when we have condemned it through the network.

past attacks

These cyber attacks on public governance bodies are not new: some bodies such as the Public Employment Service (SEPE), the National Statistical Institute and various ministries such as education and culture, justice or economic affairs and digital transformation were apparently victims in 2021. targeted attacks.

This year, along with the conflict in Ukraine, attacks continue to increase in all EU member states, including Spain. “For example, a similar attack a few months ago affected the Autonomous University of Barcelona, ​​which was closed for almost three months. In the last decade we have seen how these incidents have increased, but with the help of COVID and more recently After the war Ukraine and Russia they grew rapidly,” says Arroyo Gardeno.

Original Source link

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Leave a Reply

Your email address will not be published.

+ twenty nine = thirty one