-
Cybersecurity-related crimes have skyrocketed since the start of the pandemic
-
The company Vodafone has been the latest victim of a computer attack that left four million users offline
Recents computer attacks against portuguese companies have become A headache for the Portuguese authorities. A phenomenon that has not stopped growing since the beginning of the pandemic and whose latest victim -in addition to an important network of laboratories- has been the company Vodafone, in an operation that left last week without service to more than four million users and that its president described as a “terrorist act”. The company took several days to fully resume its functions after the interruption of telephone calls, mobile data or text messages, which affected hospitals, firefighters and postal services, as well as private users, for hours.
The first Minister, Antonio Costa, has shown its concern about the increase in these attacks and has alerted companies and administrations to the need to have a security plan to minimize their impact as much as possible. But for now an important part of the companies are still vulnerable to these crimes, including the main media groups in the country, which have become one of the main targets of the hackers. Just over a month ago, the Impresa media group, owner of the weekly Express and from the SIC television channel, suffered an attack that forced the installation of temporary web pages and from which it has not yet recovered. Other important companies such as electricity EDP or the telecommunications company Altice they have also been victims of cyberattacks recently.
Economic reasons
In most of these cases, the affected companies have suffered attacks from ransomwarea malicious code that encrypts computer data and asks for a economic compensation to free them. In other cases, such as that of Vodafone, the Judicial Police (PJ) has ruled out an economic motivation for now. Something that opens the door to a targeted attack, according to the researcher of the Kaspersky cybersecurity company, Daniel Creus. “In this type of threat, the objective is not the profit motive but the theft of information or sabotage. Taking into account the type of company it is, it is probably an act of sabotage, although it is still early to tell.” “, he points out.
The PJ has requested the cooperation of other countries to “know the origin, extension and motivation” of these attacks, while the Minister of the Interior and Justice, Francisca Van Dunem, has warned of the increasing complexity of cybercrimes and the need for institutions to follow a constant adaptation to try to avoid them. Something that so far has not been achieved. According to latest data from the National Cybersecurity Center (CNCS)the percentage of public institutions with defined cybersecurity strategies was 61% in 2020six points less than in the previous year.
increased awareness
Creus maintains that the security systems are robust enough but warns of a lack of awareness, both in the public and private spheres, to implement them. “This situation is comparable to vaccination against covid-19. An entity or a company by itself will not be able to combat cybercrime, we need everyone’s involvement to improve global security,” explains the expert, who adds that despite progress in terms of cooperation between public and private bodies, the pace still insufficient. “The nature of cybercrime is at a breakneck pace and catching up is very difficult.”
Related news
The Portuguese Parliament approved in 2018 a cybersecurity law which contemplates fines of up to 50,000 euros for public administration companies and for critical infrastructure operators -including energy or transport- that do not have a cybersecurity plan. In addition to greater control, the Portuguese Government has opted for a reinforcement of the CNCS budget, which will include an injection of €33 million from European recovery funds.
The increase in investment in cybersecurity is a fundamental step to prevent new attacks, according to the professor at the University of Aveiro Rui Aguiar, who also points to a greater training and qualification. “Portugal has to bet on new professionals who are prepared to deal with this problem. The conditions must be created to train a new work force, new soldiers for the cybersecurity war”. A war that will be common in the coming years. “People will suffer many more robberies and attacks in front of the computer than when they are on the street”, he says.