Hackers shoot at the Ibex 35: what is behind these cyberattacks?

Foto del autor

By TP

Santander, Telefónica and Iberdrola. On paper, there are few similarities between these three Ibex 35 companies, but in recent weeks they share a common characteristic: The trio has suffered two cyber attacks that have compromised the data of its users.

In the case of the Cantabrian bank, on May 14 it notified that it had been a victim of an «unauthorized access to a database» in which there was information about clients, employees and former workers of the entity in Spain, Chile and Uruguay. «In the database there is no transactional information or access credentials or Internet banking passwords that allow operating with the bank,» the company stated in a statement sent to the National Securities Market Commission (CNMV). Two weeks later, the news broke when the cybersecurity company HackManac warned of a possible data theft that would have affected 120,000 Telefónica users and employees, although in no case would particularly sensitive information such as personal passwords or banking information have been obtained. One day later, Iberdrola announced that another attack had left the data of up to 850,000 of the energy company's customers exposed, although, again, sensitive information was prevented from being obtained. As if that were not enough, this past Friday it was learned that the General Directorate of Traffic (DGT) had been the victim of another cyber attack that would have stolen the data of more than 30 million Spanish drivers and their corresponding vehicles. According to data from the company specialized in cybersecurity Secure&IT, Cyber ​​attacks «are tripling» compared to last year. Likewise, an analysis by Pandora FMS based on the history of Incibe (National Cybersecurity Institute), finds that, in the last two years, cyberattacks on the financial sector represented 25%, as did that of transportation; Furthermore, the energy sector accounted for 22% of cyberattacks and the information technology sector accounted for 18.3%, while the water sector appeared for the first time with 4% of the total. What is happening?

PERFECT STORM?

«There are several factors. So to speak, the perfect storm is forming,» says Ascensio Chazarra, Cyber ​​Threat Management Offering Leader at IBM Consulting EMEA. According to this cybersecurity expert, there are three factors that are largely contributing to this situation, the first being the digital transformation processes that different companies and corporations around the world are carrying out. «As they are forced to open more and more channels to give access to data to their customers and employees, this increases the potential attack surface,» he explains. Secondly, Chazarra highlights that cyberattackers are making use of new technologies such as artificial intelligence (AI), among others, although this factor is in no way «the main one.» On the other hand, Chazarra points out that the increase in cases that we are seeing also has to do with the regulation that applies to these companies: the firms are obliged to make this data public, which can generate the feeling that there is an increase of most notable cases. «I think it is good because it promotes transparency regarding this type of incidents and serves as feedback for companies to invest more in cybersecurity,» says the IBM expert.

IN SEARCH OF THE WEAKEST LINK

The assault on the databases of these large corporations is a complex process, since most of them have sophisticated security systems that manage to stop the vast majority of these cyberattacks. For this reason, attackers are eager to obtain break the weakest link of these large groups: small suppliers and, above all, users.

According to IBM X-Force, the offensive and defensive security services arm of IBM Consulting, in 2023 cybercriminals saw more opportunities through “log in” tactics than by hacking into corporate networks through valid accounts, making this method the preferred weapon of cybercriminals. It is one of the main conclusions drawn from the latest IBM Security X-Force Threat Intelligence Index 2024 report, which reflects that it was observed a 66% increase in attacks caused by legitimate use of valid accounts. The weakest links for European organizations were identities and emails, through the illegitimate use of valid accounts (30%) and 'phishing' (30%). Malware was the most observed action, with 44% of incidents, and the European continent was the region that experienced the highest number of ransomware attacks worldwide (26 %). Additionally, the three most important incident types for organizations based in Europe, where almost one in three attacks occurred, have been credential theft at 28%, extortion at 24%, and data breaches at 28%. 16%. «Attackers were investing more and more in operations to obtain user identities, with 266% increase in data-stealing malware designed to obtain personally identifiable data such as emails, credentials from social networks and messaging applications, bank details or data from cryptocurrency wallets, among others,» explains IBM in this report. Perhaps the most serious thing, explains Chazarra, is that a very important part of these attacks could have been easily avoidable. According to the data in this report, Almost 85% of these cyberattacks could have been mitigated «with patches, multi-factor authentication or principles of least privilege»from which it could be extracted that what the security industry has historically described as «basic security» may be «more difficult to achieve than you think.»
«The attack on the supply chain is a common attack procedure. All organizations are interconnected through our ecosystem of partners and suppliers and in the end they go after the weakest link. Does this percentage mean that they are not investing in cybersecurity? No, in fact, they are increasing their investments. But perhaps in this process they are leaving aside the basic principles of cybersecurity: Maybe they have invested in complex security mechanisms, but they have forgotten the basics«says Chazarra, who compares this situation to buying a state-of-the-art alarm while keeping the house key under the doormat.

AI IS NOT PROFITABLE… YET

On the other hand, it is inevitable to wonder what effect it will have artificial intelligence (AI) in this complex and constantly evolving market such as cybersecurity. Entities like Microsoft They point out that investing in applications that strengthen cybersecurity through the use of this technology is little more than an obligation, although the conclusion reached by IBM experts is substantially different. And the American company emphasizes that Generative AI attacks «not yet profitable». «AI is not having a great impact because of one important factor: organizations dedicated to cybercrime They are still companies that seek a return on investment and there are returns that are much easier to achieve without making large investments. so the basics have been neglected,» explains Chazarra. In the aforementioned report, IBM emphasizes that 'ransomware' groups are oriented «towards a more agile business model» and that these types of attacks on companies saw a decrease of almost 12% last year, as large organizations opted not to pay ransoms and decryption, in favor of rebuilding their infrastructure. «This growing rejection is likely to affect adversaries' income expectations from extortion based on the encryption of information, which is why it has been observed that groups that previously specialized in 'ransomware' have begun to dedicate themselves to information theft,» they add. Specifically, IBM X-Force has found in its analysis that These AI attacks will not proliferate until there is much more widespread implementation of this technology. Specifically, they predict that, when a single generative AI technology approaches 50% of the market share or when it is consolidated into three or fewer technologies, «scale attacks against these platforms could be unleashed, which will mean greater investment in new tools from cybercriminals. «Although generative AI is currently in its pre-mass commercialization phase, It is essential that companies protect their AI models before cybercriminals expand their activity. Enterprises must also recognize that their existing underlying infrastructure is a gateway to their AI models that does not require novel tactics by criminals to attack, highlighting the need for a holistic approach to security in the era of generative AI. «, points out this firm. Likewise, Chazarra remembers that the fight against cybercrime is an «asymmetric war» in which cybercriminals are few, but they are well organized and efficiently share their information, while companies dedicated to cyber defense have large budgets to deal with these threats, but have more difficulty covering everyone equally. «They are using AI a lot for 'phishing' and developing new 'malware', while we use it to generate code. We do not believe that today the impact on cybercrime is great, but we do have to start putting the because from now on in the near future it may be a tool that cyber attackers use more often,» he concludes.