A Russian cyberattack leaves the CSIC without an internet connection for two weeks

The Ministry of Science and Innovation has confirmed that the Higher Council for Scientific Research (CSIC) and its affiliated centers received a Russian cyberattack on July 16 and 17. The statement comes after a week in which several investigators from the agency manifested themselves through various media -including a letter to the editor published by ABC- denouncing that the attack had caused the cutting of all connections to the network. . However, to date, only a quarter of the centers have recovered them, although the Ministry of Science and Innovation assures that the problem will be solved “in the next few days”.

According to the ministry, the cyberattack was detected on July 18 and “the protocol marked by the Cybersecurity Operations Center (COCS) and the National Cryptologic Center (CCN) was immediately activated.” Among the measures adopted was the disconnection of the entire network, a situation that still exists for most centers, which have to connect through their personal lines in order to continue working.

“Since last week, after a minor and localized computer attack, the Spanish cybersecurity authorities decided to disconnect the entire CSIC from the internet ‘sine die’,” he denounced in this newspaper Paul Chacon Montes, investigator of the organism. “Shameful, the main investigative agent is inoperative and nobody cares.” Chacón pointed out an “obvious lack of foresight and the absolute lack of a minimum damage assessment”, in addition to consequences such as the delay of investigations, communications cut off or the administration blocked.

Other researchers also denounced the situation through social networks:

And some pointed to a “structural problem” in the response systems to this type of problem.

“We understand that a ransomware attack is something complicated that can take time to resolve,” he explained to ABC. David Arroyo Guardenocybersecurity researcher at the Institute of Physical and Information Technologies of the CSIC.-, but the problem here is that protocols are needed that, at the moment, do not exist”. Precisely on July 18, Arroyo had to prepare a delivery important by July 31, but the network went down without warning because of the firewall that was activated to try to contain the damage. there was,” he says. As a cybersecurity expert, he was able to turn to other sources to learn that it was a ransomwarea method by which cybercriminals encrypt part of the information of the attacked organization or company with the aim of demanding a ransom in exchange for releasing the data.

However, the ministry does not indicate anything about a possible payment to cybercriminals, only that this attack “is similar to that suffered by other research centers such as the Max Planck Institute or the National Aeronautics and Space Administration of the United States (NASA)”. “The situation in Spain cannot be compared with organizations such as the American ones, where an attack on research of this type directly becomes a matter of national security.”

Even so, Arroyo Guardeño stresses that this break is already doing a lot of damage to CSIC researchers. “I have been unemployed for two weeks, which is going to affect my annual planning. Six other researchers depend on me who, if our work does not go ahead, will be left on the street in January. The work of years is paralyzed.”

Although from the Government they assure that “in the absence of the final report of the investigation (…) to date, no loss or kidnapping of sensitive or confidential information has been detected”, the truth is that at the beginning of the invasion of Ukraine by Russia has already warned its workers to turn off the equipment on weekends in case of possible attacks of this type. “Something that, as has been seen, has not been effective,” emphasizes the researcher.

What to do in the event of a ransomware attack

But what steps are supposed to be followed once such an attack is detected? “We have two objectives: to re-establish the service and to identify where the cybercriminals have gone,” he explains to ABC Lawrence Martinez, director of the cybersecurity company Securízame. “And this process can be delayed for any number of reasons, like it’s a very large organization or the backups are compromised or even non-existent.”

According to Martínez, the purpose of these cybercriminals is to obtain a ransom that “can even reach a million euros.” “Before, cybercriminals left you the virus and left; now, they stay to find out data and use it against you, so negotiating with them can be a difficult task.”

“The biggest problem here is that in an institution as complex as the CSIC there is no defined protocol on what to do in these cases,” says Arroyo Guardeño. “We don’t know where we are or how long it will take to resolve, and from the Government they have only issued a statement when we have denounced it through networks.

Previous attacks

These cyber attacks on public administration bodies are not new: in 2021 some bodies such as the Public Employment Service (SEPE), the National Institute of Statistics and various ministries such as Education and Culture, Justice or Economic Affairs and Digital Transformation were victims of apparent targeted attacks.

This year, coinciding with the conflict in Ukraine, attacks have continued to increase in all member countries of the European Union, including Spain. “For example, a few months ago a similar attack affected the Autonomous University of Barcelona, ​​which was shut down for almost three months. In the last decade we have seen how these phenomena have increased, but after COVID and lately the war between Ukraine and Russia they have grown exponentially,” says Arroyo Guardeño.

Source link

Leave a Comment