The Seville City Council has returned to paper notes and in-person procedures after suffering the hijacking of its computer systems by a group of cybercriminals, as confirmed by the City Council. The hackers They have claimed up to one and a half million dollars (1,396,642 euros) from the municipal government, although it has assured that “in no case will it negotiate with cybercriminals.” It is the second successful attack on the municipal website in three years.
All services have been affected. Among the most important for citizen efforts are those for requesting an appointment and paying taxes (the second deadline to pay the Real Estate Tax has just begun), which officials have asked to be carried out in person in the authorized bank branches. Emergency devices, such as the Local Police and Firefighters, have also been forced to use paper notes to record and organize actions. The attackers estimate that the damage caused amounts to five million euros.
The delegate of Digital Transformation, Juan Bueno, explained that “the technical managers of the City Council and specialized external personnel are working continuously and jointly to determine the origin and scope of the attack and to be able to establish normality as soon as possible.” “We will act with caution to avoid making mistakes,” he clarified. The municipal budget to prevent cyber attacks in 2022 was 200,000 euros within the global budget of 1,072 million, municipal sources from the new Government team specify.
The National Cryptological Center (CCN-CERT) and the National Police Corps have begun to investigate the kidnapping and believe they have identified the equipment from which the attack began, out of the total of 4,000 computers available to the City Council. Meanwhile, the City Council, as a preventive measure, has interrupted all services “until the specific scope of the cyberattack is known.” At the moment, there is no evidence that the personal data of citizens have been altered by hackers, according to Bueno.
Lockbit
The attack has been carried out with LockBit, an extortion program identified in 2019 and also known as ABCD. This tool is a subclass of encryption virus to demand a ransom in exchange for decrypting files and mainly focuses on companies and official institutions rather than individuals. The Ministry of the Interior warned only two weeks ago of a “mass distribution campaign” of this virus.
LockBit is targeted by pre-designed automated processes, unlike attacks that are manually executed over the network. One of its characteristics is its great capacity for propagation and its difficulty in being located immediately. Sometimes they act for weeks before executing the final attack that causes a denial of service.
Marc Rivero, a security researcher at the computer company Kaspersky, explains. “The attacks of ransomware They are aimed at extortion, since cybercriminals request a financial ransom so that the victim can recover their data. More and more public organizations and companies are victims of this type of threats, which can be largely avoided with cybersecurity solutions and employee training. This is very important. Our company detected more than 74.2 million attempted hacking attacks ransomware last year, which is 20% more than in 2021″.
Along the same lines, Eusebio Nieva, technical director of Check Point Software for Spain and Portugal, states: “Criminal activities have increased in the first half of the year, with an 8% increase in cyberattacks on a global scale, which represents the highest volume in two years. Known threats such as ransomware [secuestro y petición de rescate] and the hacktivism [ataques con fines ideológicos] they have evolved further, with threat groups modifying their methods and tools to infect and affect organizations around the world. Even legacy technology such as USB storage devices, which have long been collecting dust in desk drawers, have gained popularity as messengers of malware”.
“Criminal activities have increased in the first half of the year, with an 8% increase in cyberattacks worldwide”
Eusebio Nieva, technical director of Check Point Software for Spain and Portugal
The groups dedicated to extortion (ransomware), according to the latest report from this security company, have intensified their tools to exploit vulnerabilities in commonly used corporate programs and changed their strategy, going from data encryption to prevent access to them to the direct theft of information to demand a ransom for its recovery.
Artificial intelligence has also emerged as a tool, either to create fake emails that include links that give criminals access to systems (phishing) to create malicious programs capable of identifying even keystrokes.
In the first half of this year, 48 computer extortion groups have been identified that have attacked more than 2,200 entities. New equipment has also appeared, according to Check Point, and an increase in threats originating in Russia has been detected since the war in Ukraine.
The number of threats is one of the highest on record”
Jakub Kroustek, Director of Malware Research at Avast
This company’s data coincides with that of Avast, another computer security company that warns in its latest report: “The risk of attacks is the highest seen in three years.” Spain is one of the most threatened countries along with Vietnam, Argentina, France, Brazil, Mexico, the Czech Republic and the United Kingdom.
“Not only is the number of threats one of the highest on record, but criminals are turning to psychological manipulation more often than traditional hacking techniques. malware[programación maliciosa]. This results in the need for our security to adapt to this new format, although it also requires people to better understand scams and educate themselves as an additional form of defense,” says Jakub Kroustek, Director of Research at Avast Malware
In late August, the FBI officially announced the takedown of the international cyberattack organization Qakbot (also known as Qbot), which has affected more than 700,000 computers worldwide, including financial, government, and healthcare institutions.
Two years ago, the Seville City Council suffered another kidnapping, this time through what is known as CEO fraud, by which the hackers They impersonated the identity of the company that was awarded the contract for the Christmas lights and managed to divert the million euros from the concession to their accounts.
The criminals managed to monitor the digital correspondence through a virus, intercepted the emails from the company that supplied the Christmas lights, altered their content and sent them to the municipal Treasury asking them to change the account number, reports Eva Sáiz. When the Bank of Spain detected a payment from the Administration to an unusual account, it alerted the Sevillian City Council.
You can followEL PAÍS Technology in Facebook andTwitter or sign up here to receive ourweekly newsletter.
