Translate

12 de mayo de 2017

Telefónica's corporate network suffers a cyberattack: you know what is the Ransomware?

Telefónica's corporate network suffers a cyberattack: you know what is the ransomware?



The Coporativa telephone network has been corrupted this morning through a cyberattack ransomware. 
The telecommunications company explained to  the Economist  that l to vulnerability and is controlled  and that has affected a point of its workers but not the entire company.
Ransomware attack  is a type of c iberamenaza  that  blocks files and computers of users. 
To unlock  the cyber attackers require payment of a sum of money,  usually in  bitcoins,  within a short period of time. 
Meanwhile,  a provider who works with BBVA  has confirmed this medium  has been warned  to disconnect from common services to prevent the spread. 
For its part, the bank official sources  have clarified that they are working "normally and that our network is not affected."
In either case,  this cyberattack has not affected the company's customers or their services  continue to operate normally.
As a measure of protection and containing the spread of the virus,  the teleco has asked its workers to turn off the computer and disconnect the corporate WiFi for other teams do not become infected. 
Since  Telefónica  they say they are already working on solving the problem of employee teams.

What is ransomware?

Ransomware is a type of cyberattack  that once access tosystem  is done with all computer data and blocks any access to that information. 
From that moment,  the pirates extort and threaten the company in exchange for recovering their material.
Thus, the attack that received some of the workers have blocked computers completely. 
In order to unlock them ,  cybercriminals  demand the  payment bitcoins  before a narrow time frame. 
The truth is that ransomware attacks are no exception in business, but a method of acting by cybercriminals increasingly common. 
Specifically, in 2016, this type of cyber threats grew more than ever  with  an attack on companies every forty seconds around the world.

What is Ransomware? 

The computer attack that extorts companies in the network



Ransomware: this word will do increasingly popular. 
With it we refer  to a computer attack consisting of kidnapping and encryption of all information of a device or a company. 
Its operation is very simple:  the CFO or accountant can receive an email with a file of an alleged bill. 
As soon click on it to see what it is, the pirate who sends accesses the system, it is done with all data and blocks any access to that information. 
From that moment,  the pirates extort and threaten the company in exchange for recovering their material . 
"Recently, an Andalusian medium - sized company in the food sector suffered one of these attacks and demanded an initial ransom of one million euros, finely, after negotiations, stood at 40,000 euros , " explains  Alberto Ruíz Rhodes, salts Sophos engineer Iberia. 
The modus operandi of these bands, the bitcoin  is the international currency that allows these operations without trace in the traditional financial system. 
Unfortunately,  the case of this company is not isolated  and computer security firms agree that in the coming months these attacks will be our daily bread. 
"They're so cheap and easy to run  that are spreading at a breakneck speed, are released in massive plan and there is always someone who falls.  The SMEs will be the major victim,  it 's going to come a time that will have to have a budget to address these abuses , "forward  Antonio Ramos , a university professor of  Hacking.
On the occasion of the celebration of  World Day Hacker days  ago, which met in  Madrid  in its fourth edition more than  2,500 information security professionals , we wanted to organize a debate in  elEconomista  around this issue of growing concern. 
It was attended, 
Apart from  Ruíz Rodas and Ramos, Adolfo Perez Coronado , cybersecurity strategy and S21sec Technical advisor; Rafael del Cerro , System Engineer of HPE Aruba in Spain, and  Eusebio Nieva,  technical director of Check Point Iberia. 
The latter explained that 
"Ransomware provider sells it as a service and even makes clear business terms: you stay with 60% of everything you get infected and get through extortion and the other 40% is for me." 
Not forget that  encryption information is something legal  that was developed for anyone to acquire and encrypt their own files. As in so many previous occasions, we are not facing a bad technology, but to a misuse of that application.
"This is one of the trends in cybersecurity most will see in the coming months . We will see an evolution of the threats we've had so far and cases will continue to multiply. Interestingly, in the last two years the most viewed attacks have been with virus that had years, there was even one with over a decade of life. 
That means you have to be prepared for what I had and for everything that is coming , "says  Eusebio Nieva,  technical director of  Check Point Spain and Portugal.
Not worth therefore think that hackers are only interested in attacking big corporations or institutions, as well. The ease with which such attacks is done, nobody is sidelined. Only  varies the amount to be disbursed  according to the turnover of the company. 
And, as we have seen, in many cases it may jeopardize the existence and survival of the company. 
According to the experts meeting,  in the case of SMEs,  the same communications service provider - the telecos-  should provide that security with different filters ... 
Also in the time when  cloud computing services are contracted,  the supplier is responsible for an important part of security.
" We will continue to hear cases and without learning. Only with s ense common and awareness  can be prevented and we must be alert , " says  Adolfo Perez Coronado, Cybersecurity Strategy & Technical advisor S21sec. 
"There are still large organizations they do not even have contingency plans. 
Has caught them off guard , "  he adds. 
Neither  the government are psyched,  to the point that  even in the specifications of IT technologies contests  require that  the latter have certain security protocols , "  adds the same expert. 
So what to expect from a traditional SMEs, which does not suspect for anything that might be in the crosshairs of hackers?
One of the first mistakes is the lack of configuration of security tools. 
We have fond  to plug and play , that  after turning on any device that starts working without further  and, instead,  these experts recommend that we take time to set the security tools to our own needs. 
"The most intuitive security option, by default, is usually the easiest and also the most insecure. 
The manufacturer sets general guidelines and thus avoids the user having to spend ten screens, something that frustrates you. What happens then? Everyone has the general options and so much easier to launch an attack, because it is easy to assume the road to be traveled , "says  Eusebio Nieva , technical director of Check Point Iberia. 
Ideally, these tools come configured in reverse, with everything closed and as they were looking at the needs were giving more and more access permissions. That would take time, but also keep us much safer from potential threats.
Rafael del Cerro, System Engineer of HPE Aruba in Spain,  recalled in this debate in  elEconomista  the case of an industrial cold room that was connected to Internet and through which were stealing company information. 
"It was detected that was moving Teras of information daily. It was a problem that should have been fixed since its configuration, because the machine did not have access to so much information." 
This leads us to talk about everything related to the  Internet of Things  (Internet of Things, IoT),  where concern is high. With  so many networked objects,  also they multiply the points of access to our data, which makes us also more vulnerable if we do not manage permissions we give to each of these devices. 
The espionage carried out by the CIA  through  smart-tvs  is one of the most recent, known for  WikiLeaks. 
It is also hackable a doll or robot  that connects to the Internet and leave it to our children ... 
And the hyper and unstoppable Digitization also has its risks. 
"The automotive industry is what worries me most of all IoT,  because in that case will be within an object, being connected, is also manipulable from anywhere. 
I can go 120 kilometers per hour and to disable me brake or direction ... There,  obligatorily should have rules , but the Administration has always moved behind the industry and often not allowed to advise , "says  Eusebio Nieva , Check Point.
The problem of access is often not very sophisticated. And that forces us to talk once again of the need to maintain good and safe keys than  or 12345, no password ... 
" You raise a keyboard on any company and how many post-it you find the keys of different accounts?" He wondered  Rafael del Cerro , from  HPE Aruba . 
"Workers also need to be aware that there may never use a corporate key to other external accounts gmail, outlook ..." he adds.
To find solutions, you need to discover errors.
 "Another problem is that in any business the financial always has more power than the safety technician and usually require cheaper development, which is often also the least security has" explains  Perez Coronado, S21sec. 
For  Alberto Ruíz Rhodes, Sophos , 
In Spain only invests in security the company has already been compromised." 
Antonio Ramos  went further: 
while they lack training in this field "culture and commitment to the industry, which will only take action when you force yourself missing. Al, in political see a generational gap and it adds that 90% are lawyers. 
I remember once in a ministry that was the victim of an attack as the minister ignored the recommendations and the computer connected to the network when all was said infected because the virus could wait but its not working. 
That proves how far unaware of the scope of these operations. "
All computer security experts meeting on the occasion of  World Day for elEconomista Hacker  agreed that  lack awareness. 
"How many times have we made an appointment to renew the DNI and tell you that no computer error? 
We are used to these developments and platforms are built as shanties. A building falls and the architect is responsible. But if development falls, everyone gets away, "said another participant. 
Have we started the cart before the horse then ?,  we asked. "No, because there are many times that the important thing is to move and do things. 
The first is activated and have the service, and after that we protect or see those risks and patches on patches are putting "answers  Eusebio Nieva, Check Point.
In this unstoppable evolution toward digital, university professor in  Hacking Antonio Ramos  we discovered all the cards on the table: 
"We have put vital services for the development of the human race on the Internet and there is no plan B for the day this can be compromised or fall. 
The day that comes involucionaremos. To care for and know how to build the digital world because if not, we will go back. There is no plan B, or pull the DNI when it appears that there has been a computer error, "he concludes.

No hay comentarios:

Publicar un comentario

No se admiten comentarios con datos personales como teléfonos, direcciones o publicidad encubierta

Entrada destacada

PROYECTO EVACUACIÓN MUNDIAL POR EL COMANDO ASHTAR

SOY IBA OLODUMARE, CONOCIDO POR VOSOTROS COMO VUESTRO DIOS  Os digo hijos míos que el final de estos tiempos se aproximan.  Ningú...