A Russian cyberattack left CSIC without an internet connection for two weeks

The Ministry of Science and Innovation has confirmed that the Higher Council for Scientific Research (CSIC) and its affiliated centers suffered a Russian cyberattack on July 16 and 17. The statement comes a week after several agency investigators came forward through various media, including a letter to the editor published by ABC condemning that the attack severed all network connections. Were. However, to date, only a quarter of the centers have recovered them, although the Ministry of Science and Innovation has assured that the problem will be resolved “in the coming days”.

According to the ministry, the cyberattack was detected on July 18 and “the protocol identified by the Cyber ​​Security Operations Center (COCS) and the National Cryptology Center (NCC) was activated immediately.” Among the measures adopted was the disconnection of the entire network, a situation that still exists for most centers, which must be connected to their individual lines to continue operating.

“Since last week, following a minor and localized computer attack, the Spanish cybersecurity authorities have decided to disconnect the entire CSIC from the Internet ‘Sign Die'”, he denounces in this newspaper. Paul Chacon Montes, investigator of the organization. “Ashamed the Chief Investigating Officer is passive and no one cares.” Chacon pointed to an “apparent failure in the forecasts and a total lack of assessment of the minimum damages”, in addition to consequences such as investigation delays, communication cuts or administrative blockages.

Other researchers have also denounced the situation via social networks:

And some have pointed to a “structural problem” in the response system to this type of problem.

“We understand that a ransomware attack is something complex that can take time to resolve,” he told ABC. David Arroyo GardenoCybersecurity researcher at the Institute of Physical and Information Technologies at CSIC.–, But the problem here is that the required protocol, at the moment, does not exist. Exactly on July 18, Arroyo was scheduled to make a critical delivery by July 31, but the network went down without warning due to an activated firewall in an attempt to prevent damage. He says. As a cybersecurity expert, he was able to turn to other sources to find out. It was one RansomwareMethod by which cybercriminals encrypt part of the information of an attacked organization or company with the aim of demanding a ransom in exchange for the disclosure of the data.

However, the ministry does not indicate anything about possible payments to cybercriminals, only that the attack is “similar to that of other research centers such as the Max Planck Institute or the National Aeronautics and Space Administration in the United States. (NASA)”. , “The situation in Spain cannot be compared to organizations like the United States, where an attack on this type of research becomes a matter of direct national security.”

Yet Arroyo Gardeno insists that this rupture is already doing a lot of damage to CSIC researchers. “I have been unemployed for two weeks, which will affect my annual plan. Six other researchers who rely on me will be left on the road in January if our work does not progress. Years of work is crippling.

Although on behalf of the government they assure that “in the absence of the final report of the investigation (…), no loss or removal of sensitive or confidential information has been detected”, the truth is that the Ukraine at the start of the invasion Russia has already warned its employees to turn off equipment during the weekend in case of possible attacks of this type. “What was observed was not effective”, underlines the researcher.

What to do in case of a ransomware attack?

But what steps should be taken once such an attack is detected? “We have two goals: restore service and identify where cybercriminals have gone,” he told ABC. Laurent Martinez, director of the cybersecurity company Securízame. “And that process can be delayed for a variety of reasons, like if it’s a very large organization or the backup is compromised or even non-existent.”

According to Martinez, the goal of these cybercriminals is to obtain a ransom which “can even reach a million euros”. “Before, cybercriminals would give you the virus and leave; Now they continue to plot data and use it against you, so interacting with them can be a difficult task.

“The biggest problem here is that there is no set protocol on what to do in these cases in a complex institution like the SCCI. We don’t know where we are or how long it will take to solve it,” says Arroyo Gardeno. And on behalf of the government, they only issued a statement when we condemned it through the network.

past attacks

These cyberattacks against public governance bodies are not new: certain bodies such as the Public Employment Service (SEPE), the National Institute of Statistics and various ministries such as education and culture, justice or economic affairs and digital transformation would have been victims of this in 2021. attacks.

This year, alongside the conflict in Ukraine, attacks continue to increase in all EU Member States, including Spain. “For example, a similar attack a few months ago affected the Autonomous University of Barcelona, ​​which was closed for almost three months. Over the last decade we have seen how these incidents have increased, but with the aid from COVID and more recently after the war, Ukraine and Russia, they have increased rapidly,” says Arroyo Gardeno.

Comments are closed.