Ransomware incidents increase 4-fold in 2 years: Spain suffered fewer attacks and was more aware in 2020 than USA, France or Italy

This is an automated machine translation of an article published by Business Insider in a different language. Machine translations can generate errors or inaccuracies; we will continue the work to improve these translations. You can find the original version here.

Ransomware is a type of malicious code that when introduced into the systems of a company or an organization is dedicated to encrypting all its files and spread across all devices. It has thus become a favorite weapon of cybercriminal groups who then demand ransoms from their victims in exchange for a return to normality.

Precisely because of the pandemic, such incidents increased by nearly 90% according to a VMware report. Now, expanding the focus, CrowdStrike ensures in a new document that this type of cyber-attacks has increased 4-fold from January 2019 to the present.

An increase of 300%, according to the Global Threat Report for 2021. Although only a few cases are reported in the media -the most recent and controversial is the cyberattack with Ryuk that has left the systems of the Public Employment Service out of service-, the reality is that cyberattacks with ransomware are the order of the day.

The second half of 2019 already saw a wave of cyberattacks that fiercely hit some Spanish companies such as Everis and Prosegur. Just before the pandemic began in March last year, a hospital in Torrejón de Ardoz suffered a cyberattack that caused many healthcare workers to have to operate without IT resources.

Unions and Computer Science associations explode and denounce precariousness and lack of resources in the administration while the SEPE tries to recover from the cyber-attack.

During the pandemic, the situation worsened even more. SegurCaixa Adeslas or Mapfre suffered cyber-attacks of this kind. In addition, one of the worst fears of the cybersecurity industry came true: cybercriminal groups no longer limited themselves to ‘kidnapping’ and ‘encrypting’ their victims’ information: they also began to steal it in order to leak it to the public if ransoms were not paid. It happened, for example, to the Spanish railway infrastructure company, Adif.

CrowdStrike’s new report, which has been compiled using its network analysis tools and information from various vendors, also highlights that intrusions aimed at stealing information on COVID-19 vaccines have been one of the main targets of cybercriminals.

Another statistic from the cybersecurity company states that 40% of companies in Spain suffered a ransomware attack during the most complicated period of the pandemic last year. Out of the 100%, 23% of the firms acknowledge that they suffered one attack, and 17% that they suffered more than one.

However, the data shown by the Spanish cybersecurity ecosystem are very positive. In a table drawn up by the firm, Spain is the second country in which the companies consulted suffered the fewest attacks with ransomware. It is only surpassed by the United Kingdom, where 39% of the companies detected intrusions in their systems.

By neighboring countries, France acknowledges that 60% of its companies suffered ransomware incidents. The number is similar in Germany, with 59%. In Italy, 56%. In the United States, 58%. The global average is that 63% of the companies surveyed suffered cyber-attacks of this type.

This is what cybercriminals pay on the dark web for your data: stolen Spanish credit cards are among the most expensive, only 30 euros.

But Spain also stands out in something else. Of all those surveyed in Spain, 45% acknowledged that they had not suffered any ransomware incident but recognized that it could happen in the coming months. Of all the Spanish cybersecurity specialists consulted by the company, only 14% considered it unlikely that they would suffer an attack of this type.

That 45% is the highest percentage of all the countries surveyed by the firm. Specialists in France or Italy, for example, considered 28% and 27% that they could suffer incursions such as those described.

The high percentage of Spanish cybersecurity experts who admit that they could suffer a cyberattack of this kind in the coming months can be interpreted in two ways. Either they are resigned because they lack all the defenses they should have, or they are clearly aware that incidents can happen at any time.

The CrowdStrike survey has been done with 2,200 cybersecurity professionals around the world, of which 1,100 have a position with which they make decisions in their companies and the other 1,100 are professionals. In Spain, 100 people were surveyed.

Read the original article on Business Insider

The SEPE did not have certificates from the Cryptologic Center at the time it suffered its great hacking

This is an automated machine translation of an article published by Business Insider in a different language. Machine translations can generate errors or inaccuracies; we will continue the work to improve these translations. You can find the original version here.

The SEPE continues at half throttle in the wake of the cyberattack it suffered last week. While its system technicians are trying to restore all services as quickly as possible, day after day details are emerging about what happened behind the incident.

One of these details is that the Public Employment Service was not yet certified by the National Cryptologic Center. The CCN is a body under the CNI that ensures compliance and certification of administrations and companies on the National Security Scheme.

According to Invertia this Thursday, the employment agency was not on the list of administrations certified in the National Security Scheme of the CCN. The list does include several regional ministries of Andalusia, several city councils, and various entities of the General State Administration. The list is public and accessible and can be consulted here.

Specialist sources consulted by the economic media point out that the adaptation to the National Security Scheme is “an ongoing process” and that the CCN is already working precisely with the SEPE in adapting and adapting its computer systems to the requirements demanded by this certification.

What is known at the moment is that the SEPE was hit by a ransomware-type malicious code known as Ryuk. When the news came out on Tuesday, which was reported by Vozpópuli, the agency’s technicians had to shut down all the systems in order to prevent the intruder program from spreading through the entity’s internal networks.

This computer blackout lasted for days, which forced SEPE officials to work for days with pen and paper, taking notes of the job seekers who requested an appointment or a procedure, while waiting for normality to be restored.

Cyber-attacks on the administration soar after the blow to the SEPE: a tax agency warns that it is being supplanted with malicious emails.

Ransomware usually hits companies and public administrations with the aim of encrypting files, hard disks, and, in general, an organization’s servers. When the organization is compromised, it usually receives a message from the cyber criminals operating the attacking program demanding a ransom if the victim wants to get back to normal.

In recent months, these ransomware attacks have been transformed and cybercriminals now also engage in a second form of blackmail: if victims do not pay the ransom, the cyber criminals threaten to publish all the sensitive information they have stolen during the attack.

Colleges, unions, and associations have lamented the disinvestment in cybersecurity that has taken place in recent years in the public administration. ASTIC, an organization of systems technicians from the administration itself, warned in a recent communiquéthat the pandemic had prioritized the continuity of services or business over security. It claimed that it was time to “make up for lost time”.

It is still unclear how Ryuk was able to reach SEPE. Ransomware can be distributed via malicious phishing emails and botnets. In other words: they are not always targeted, premeditated attacks.

During the worst months of the pandemic, many of the cybercriminal collectives operating this ransomware promised that they would not attack hospitals, healthcare facilities, or laboratories. However, many of these malicious codes, when distributed by armies of bots-imprisoners, webcams, compromised servers and controlled as if it were an army of zombies – sometimes shooting everything.

Some specialists pointed out to Business Insider Spain that the attack could well have come that way or through phishing known as spear phishing. Just like a fraudulent email masquerading as a legitimate message, spear phishing has the particularity that in order to work, the attackers have spied on and studied a person to the millimeter.

For example, these cybercriminals could have sent a fraudulent email to a SEPE employee pretending to be a relative or a friend, which would make him trust and click on a link he should not have clicked on and which automatically downloaded Ryuk onto the SEPE’s computer systems.

Read the original article on Business Insider

Rural areas, the new home of innovation: what is empty Spain (or part of it) doing to ride the wave of digitalization?

This is an automated machine translation of an article published by Business Insider in a different language. Machine translations can generate errors or inaccuracies; we will continue the work to improve these translations. You can find the original version here.

José V. Roces, a postdoctoral researcher at the Creaf center, finished his Ph.D. five years ago and left Spain in 2017 in search of international experience. Although he explains to Business Insider Spain that he was not forced to leave, he emphasizes that it becomes an almost indispensable condition in research, which especially affects many female colleagues, who on many occasions decide to leave the career.

“The problem of the system is not so much this, which can be, buxt that you leave and manage to return, but you are not clear if you will be able to continue in Spain or if you have to leave again. Resources are scarce and in Spain, we train a lot of researchers. It is very difficult to get long contracts and to have stability,” the researcher emphasizes.

Many young Spaniards like Roces are forced every year to leave their places of origin to go abroad or to other large cities in the country, such as Madrid or Barcelona, where they are more likely to find work, and not only in research. The most immediate consequence is that the towns in these regions, located in the center of the country and on the periphery, are emptying and aging since the few remaining inhabitants are generally of advanced age.

Asturias is one of the most aged regions in Spain and also has a youth unemployment rate of 37.5%, which is why young Asturians decide to try their luck in other regions or countries. In recent years, the number of Asturians leaving “la tierrina” has not stopped growing: according to INE data from 2019, 37.1% of graduates from the region in 2014 work in another autonomous community or country.

Youth unemployment data in other areas of the emptied Spain are also bulky: in Castilla-La Mancha the rate is 36.79%; in Aragon, 34.37%; in Galicia, 33.66%; and in Castilla y León, 31.97%. There is no miracle solution that will erase these figures, but there are original ideas on the table that could at least reduce them.

One example is the decision of the Principality of Asturias to bring its technology centers to rural areas, with a clear intention: to retain talent and maintain territorial cohesion. But this is not the only measure that the community has implemented, nor is it the only administration that has programs related to innovation and research to curb the flight of its inhabitants to large cities.

Business Insider España has talked to the administrations of the Principality of Asturias, Aragón, Galicia, Castilla y León, and Castilla-La Mancha to find out what measures and programs they are putting in place in this regard, as well as to 2 startups that are not located in big cities, to find out what are the disadvantages of not having their headquarters in these.

“Physical presence is hardly needed”.

“In Spain, we do good science for the resources we allocate,” Roces insists. “The problem is that we allocate very, very little. The percentage of GDP that we invest is much lower than the European average and the surrounding countries”.

The innovation budgets of the autonomous communities and the central government have increased this year thanks to the European funds that will be arriving in the coming months and amount to 150,000 million euros.

However, many of the technology centers that will benefit from this money are located in large cities.

The map drawn up by the Spanish R&D Observatory shows a large number of institutions related to research and innovation in Madrid, where 373 can be found, a figure that contrasts with that of other autonomous communities, which can barely be counted on the fingers of one hand.

This graph shows how Spain has become the leader in youth unemployment in Europe.

“Ultimately, in Spain, much of the research ends up being done in Madrid or Barcelona. People end up there because that is where there are more opportunities, but those people would also have no problem going to live in a smaller area with a higher quality of life if there was a temporary continuity”, defends Roces.

Startup location trends are similar: most are based in large cities. Herminio Fernández is CEO of Eurocoinpay, a startup based in León that makes it possible to pay everyday expenses with cryptocurrencies. Fernández explains that startups located in “more depressed” parts of Spain have disadvantages compared to others located in large cities in terms of credibility, reaching official bodies, etc. However, talent detection is not one of them.

“Physical presence is almost not needed,” he explains. “The Internet has broken down physical boundaries.” The CEO and founder of Gijón-based startup i4life, Marián García, agrees and stresses that now all meetings are virtual, so there are no longer as many problems as before. “Before, there were differences in communication. Everything was based on face-to-face meetings, face-to-face business… Then being far away from the nuclei and with less communication was a huge handicap.”

The CEO of Eurocoinpay says that before the pandemic, the company was already working remotely, with colleagues connected from other places, even though Eurocoinpay’s headquarters are in León. In addition, she stresses the need for regional and central governments to support R&D companies, because that is “where the future lies for young people”.

“I always say that young people are not going to be able to look for work, they are going to have to invent it,” she defends. “Spain now has a great opportunity with the funds they are going to receive from the European Union (EU).”

For his part, García stresses that working in smaller environments also benefits companies. “There are very few of us, so standing out as an innovator in Madrid among many companies (…) is more difficult,” she says and highlights the support from the Principality of Asturias and the Gijón City Council. “You have the opportunity to have them explain the financing instruments first hand”.

Empowering rural areas as innovation centers

With the youth employment data from these administrations, retaining talent becomes one of their priorities. “This is not about constructing buildings, it’s about articulating socioeconomic transformation plans. It’s very different,” the Asturian Minister of Science, Innovation, and University, Borja Sánchez tells Business Insider España, adding that European funds have to put the value in the rural world. “We have no other choice.”

Sánchez says that the strategy of the Principality has 2 layers: social innovation and connectivity, with the development of 5G technology.

In this first one, he highlights the commitment to rural centers, which is also a question of territorial cohesion. “If you want to deploy innovation throughout the territory, you have to think not only in your central area or in the cities, but also in your councils,” he explains. To this end, the Consejería has decided to transform and adapt our network of Centros de Dinamización Tecnológica Local (CDTL) – known to Asturians as telecenters – as this is where the Principality has staff.

Sánchez points out in the interview that it is important to remember that this is the first time that the autonomous community has a specific Department of Science. “What is most urgent in Asturias is to organize a regional science and technology ecosystem that brings together public and private agents,” Sánchez explains. “That is before injecting a huge amount of resources. It wouldn’t be very intelligent to do so if we don’t have the ecosystem created.

Youth unemployment soars again in Spain: why the jobs of the youngest are the first to disappear in times of crisis, according to experts

The principality’s strategy involves merging all its technology centers, as well as increasing spending centers and encouraging large companies to create their own in the region. “We have to encourage more innovative SMEs and, above all, we have to remake, transform or redirect the role of the technology centers,” explains the minister.

Roces stresses that these measures will not be enough to rehabilitate depopulated areas, but they can be part of the driving force. “Research is not going to be part of the solution by itself in the long term (…). It can be a gamble. The solution involves incorporating many more things and this could be a small part of it. People who do research would have no problem with going to a more unpopulated area if there are good conditions.”

As for repopulation programs in other communities, Aragon -the Zaragoza Provincial Council, specifically- launched in 2018 the Challenge program for young students, better known as rural Erasmus, with the aim of completing their training in municipalities of less than 3,000 inhabitants located in counties particularly hit by depopulation.

Now, the Aragonese government wants to extend it to the rest of the provinces of the autonomous community. These students receive a grant of 300 euros and accommodation and subsistence allowances are also paid. According to the regional government, 79 young university students have obtained jobs thanks to these programs. The number is expected to increase when the program is extended to Huesca and Teruel.

Castilla-La Mancha already agreed in 2016 to define 5 geographical areas with specific development needs and receive what is called Integrated Territorial Investment (ITI). Between 2017 and 2018, the La Mancha government published 2 calls for proposals endowed with 20 million euros in total, of which 7.6 million went to finance 87 projects in ITI areas, 40% of the total submitted.

Among them, there is a wide variety of initiatives. For example, one is focused on technological advances applied to support and improve teaching activity in Rural Aggregate Schools (CRA), and another on non-woody biomasses for thermal energy production.

With the slowing down of depopulation also as an objective, the Xunta de Galicia wants to promote the creation of hubs in rural areas, conceived as spaces equipped with 5G connection coworking with 5G connection and the necessary equipment to turn them into spaces for technological entrepreneurship.

Smart villages are another part of the Galician strategy. These are “communities in rural areas that use innovative solutions to improve their resilience based on local strengths and opportunities”, with a participatory approach to develop and implement their strategies to improve their economic, social, or environmental conditions.

In the case of Castilla y León, there is financial aid for entrepreneurship in rural areas, with amounts of 10,000 euros, which increases if the project is innovative or is led by women and young people. In addition, 2 sectors stand out: cybersecurity, for which an investment line will be announced in the coming weeks, and retail, with aid to local entities and merchants’ associations for online promotion and sales.

Skills qualification and job retraining

A report by the consulting firm EY published at the end of 2020 points out that retraining employees will be one of the priorities in terms of people management in the near future, as the need for new skills has accelerated, especially in relation to new technologies.

This need for technology positions means that many people’s skills are becoming obsolete, and many employees need to be retrained to adapt. The lack of technical skills is more noticeable in rural areas: the Asturias counselor specifies that part of the digital transformation of the community lies precisely in the qualification and training of the unemployed. For this reason, most of the autonomous regions contacted have ICT programs for their inhabitants.

Aragon organizes ICT workshops to fight the digital divide aimed at older people or those unfamiliar with the use of these technologies. The courses are given in public centers in towns with less than 2,000 inhabitants. In this way, they also seek to consolidate these spaces.

For its part, the Galician Agency for Technological Modernization (Amtega) launched the Network of Centers for Technological Modernization and Inclusion (CeMIT Network) with the aim of achieving technological convergence with Europe. This network consists of 98 classrooms spread throughout Galicia.

The ICT skills learned can be accredited with a CODIX, that is, a certification of digital skills in office automation, which is obtained by passing a test organized by the Agency for Technological Modernization of Galicia (Amtega).

What will happen with 5G in 2021: operators prepare for more investments and spectrum auctions, although you will most likely be little affected for now

Castilla y León also organizes training courses in new digital skills and Castilla-La Mancha offers its citizens courses in basic and advanced office automation, internet, and new technologies, as well as workshops to teach network management, internet shopping, and digital culture, among others.

A good internet connection, the key to attracting teleworkers

The confinement, which forced employees and students to do their work from home, highlighted the great digital divide that exists in Spain, where there are still villages that do not have access to the network. For this reason, another of the most frequently repeated measures is the implementation of programs that seek to bring the Internet to every corner of the territory.

The Department of Science, University and Knowledge Society of Aragon has just launched the 100×100 plan, with the aim of bringing 100 megabytes to 100% of the territory, with an investment of 20 million euros (complementary to that of the central government) to deploy broadband and guarantee internet connection as a right.

For the implementation of 5G technology, Aragon wants to implement 3 pilot projects to test its effectiveness in strategic sectors. They will work on autonomous vehicles, self-sufficient farms and virtual reality applied to tourism.

The Principality of Asturias is also initiating the procedures to deploy 5G technology, after meeting last year’s goal of making the Internet available throughout the region. Sánchez stresses in the interview that improving connectivity is key to attracting telework, especially for people who appreciate the environment.

In May 2020, the Institute for Business Competitiveness (ICE) of Castilla y León reached an agreement with the European Space Agency (ESA) to develop a project that would allow the extension of the signal and connectivity in rural areas through 5G networks.

Castilla-La Mancha, meanwhile, has connected all its educational centers to ultrafast broadband thanks to the Escuelas Conectadas program, which has benefited 1,105 schools, Special Education Centers (CEE) and Grouped Rural Centers (CRA).

Read the original article on Business Insider

Nokia, Samsung, Ericsson among brands ditching World Mobile Congress

This is an automated machine translation of an article published by Business Insider in a different language. Machine translations can generate errors or inaccuracies; we will continue the work to improve these translations. You can find the original version here.

History repeats itself. Or, at least, so it seems. The big tech companies that had confirmed their presence for the 2021 edition of the Mobile World Congress in Barcelona are backtracking and announcing that they will not be attending the event this year either.

The fair had pinned its hopes on making amends for the situation that occurred last year, when it had to be canceled due to the brands’ refusals to participate because of COVID-19, and holding the MWC, despite everything.

To this end, the GSMA, the company that organizes Mobile, this week unveiled a long list of sanitary measures they had established together with the Catalan authorities to hold the event with maximum guarantees for health. Among them, rapid negative tests every 72 hours or the need to fill out a health questionnaire on a daily basis.

However, this seems not to have been enough for the big technology brands, as some of the industry heavyweights announced, just hours later, that they did not think it was enough in view of the risk it posed to their workers and decided to cancel their physical presence in Barcelona. However, they did say that they would participate virtually if the opportunity arose.

Ericsson, Nokia, and Sony have been some of those who, as in 2020, have precipitated the wave of cancellations that is expected to end in the postponement of the event, scheduled for June this year, or its definitive cancelation. In fact, carriers have been lobbying the GSMA for months to postpone it to the last quarter of the year, when the vaccination campaign is expected to be more advanced.

Experts point out that there is a lot of money at stake, not only the 9.5 million euros of the ransom they will have to pay back if it is not held in 2021 but also bookings, tickets, or sponsorships.

These are all the companies that have canceled their participation in MWC 2021 so far:

1. Ericsson

The first brand that has decided to cancel its participation (again) in the Mobile World Congress in Barcelona due to sanitary conditions has been Ericsson.

The Swedish network operator has explained that the risk is too high to attend, as they were expecting customers from 120 different countries with different vaccination rates in each of them, so they consider the risk to attend too high.

The company was already among the first to announce its withdrawal in 2020 from the event, just 24 hours after sending a ‘Save the date’ for the press conference that would take place inside the venue.

2. Nokia

Ericsson was followed by Nokia, which confirmed that it would not attend MWC this year either, at least in person, after assessing the health measures presented by the GSMA.

The brand has explained in a statement that no workers will be transferred to Barcelona next June, when the event is scheduled to take place, due to the coronavirus, but has stated that, if online activities are organized, it will join in.

Nokia said that “given the international nature of the event” and that the vaccine is still in its early stages, they have taken the “considered decision to participate only in the virtual event”.

3. Sony

Sony has been another company that has announced in recent hours its refusal to attend the event in Barcelona.

The brand has shown its willingness to present all its new products through telematic and digital tools, in accordance with the global objective of halting the spread of COVID-19.

4. Oracle

Computer giant Oracle will also not attend the tech show, Digital Economy reported.

Unlike others such as Sony or Nokia, the US company will not participate online either.

5. Facebook

Mark Zuckerberg’s company has also declined an invitation to attend the next edition of the Mobile World Congress in Barcelona, as reported by La Vanguardia.

Facebook has explained that its risk prevention and health protection policy advises against attending the congress in person due to the health situation.

However, like other brands, it has expressed its willingness to explore the options of participating virtually in the event.

Read the original article on Business Insider

Why Spain doesn’t have its own space agency

This is an automated machine translation of an article published by Business Insider in a different language. Machine translations can generate errors or inaccuracies; we will continue the work to improve these translations. You can find the original version here.

It is quite rare for countries, at the national level, to have their own space agency, beyond multinational organizations such as the European Space Agency (ESA). In Europe, for example, there is the Italian Space Agency (ASI), which collaborates closely with ESA and reports directly to the Ministry of University and Scientific and Technological Research.

However, the case of Spain is peculiar, since there is an organization that tries to make up for the absence of a Spanish space agency.

This is the Instituto Nacional de Técnica Aeroespacial (INTA), originally founded in 1942 under the name of Instituto Nacional de Técnica Aeronáutica, which signed, in 1960, a cooperation agreement with NASA for the Mercury program, the first manned program in the United States.

In 1986, with the consolidation of democracy, the organization acquired the category of Public Research Organization (OPI), i.e., in charge of scientific research activities, as well as the provision of technological services.

Despite this consideration, it has never had a significant weight in the country. According to Nature Index, between December 2019 and November 2020, INTA published only 23 research articles.

Pedro Duque does not think it is necessary to create more organizations

In addition to the lack of research content, there is no political will to create a Spanish space agency. As Pedro Duque, Minister of Science and Innovation commented in a telematic event, the path of Spain’s space adventure must be to bring together Spanish contributions within the framework of ESA or through the European Union.

The Minister said during his speech, in which he spoke about various topics in the research field, “More structures can always be created, but it is true that it is scary to invent them and that they do not solve things; for the time being, we remain as we are”.

The European Space Agency is looking for astronauts: what are the requirements and how can you apply as a candidate?

Thus, there are no plans to create any Spanish space agency, not even governmental structures beyond INTA. Leaving aside the investment allocated to the European Space Agency, through the Ministry of Science and Innovation, Spain does not envisage the creation of any agency.

In addition, there is another problem that derives from the political organization itself. Unlike Italy, where the ASI depends on a ministry in charge of scientific research, in Spain, INTA depends on Defense.

In this sense, public funding does not help this organization to become more relevant. The budget allocated to INTA in the General State Budget (PGE) for 2021 is about 154 million euros, adding personnel and research costs.

With this reality on the table, it is clear that Spain’s intention is to continue to collaborate closely with ESA and the European Union, without the need for its own organization to be relevant in the space race.

Read the original article on Business Insider

The fintech map in Spain: 15% growth in the number of companies as the lending sector booms

This is an automated machine translation of an article published by Business Insider in a different language. Machine translations can generate errors or inaccuracies; we will continue the work to improve these translations. You can find the original version here.

The fintech industry is growing in Spain. In general data, the number of companies aimed at this type of business related to finance has increased by 15% in the last year to 463 companies of this type operating in our country, according to data collected by Finnovating.

Within this increase in the financial technology sector, the role that the lending area is taking stands out, which has increased above that percentage.

“There are several business models within lending such as companies that are dedicated to be lending companies, provide guarantees in e-commerce or advance wages per day,” explains Rodrigo García de la Cruz, CEO of Finnovating, in conversation with Business Insider Spain.

In Spain, the fintech industry generates more than 12,000 direct jobs, according to the same report. The pandemic has spurred the digitization of users and business processes, which has kept the sector growing.

Bank and fintech alliances soar in the midst of digitization and branch closures

In addition to the payments business, the asset management sector (known by its Anglo-Saxon name as wealth tech), payments, and neobanks are the other leading verticals.

“There are business areas as in traditional banking; lending (the part focused on loans) and savings are two of the fastest-growing areas,” notes García de la Cruz, who points out that within these large groups there are diverse specializations such as different advisory solutions.

He also points out that in recent months there has been a “great growth” in firms dedicated to crypto-asset management.

Bizum has become a standard in banking

Payments are one of the areas where we have traditionally seen more investment and innovation drive in finance with the creation of new companies, but also with banking itself driving this area.

In fact, a collaboration between entities led to the creation of Bizum, a joint tool for payments between individuals without having an account number, only with the phone, which has been a major disruption in the sector.

Who they are and what they offer you: 13 fintechs already operating in Spain and looking to unseat traditional banks

Despite the fact that banks are making a big push in this area, de la Cruz points out that this does not mean that there is no room for fintechs. “It has affected fintechs by market share,” says the expert, who notes that it has created a new “standard in the financial sector.”

But he points out that there are many different functionalities where technology firms are entering, such as QR payment, card payments, or the creation of tools focused on SMEs.

The last major category to stand out on the sector map are the neobanks with names such as MyInvestor or BNext. Although also with foreign names such as N26, which seeks to grow in Spain where it has been present for some years.

Read the original article on Business Insider

Andalusia claims to have a vaccination passport and Maroto expects it to be operational in Spain in May

This is an automated machine translation of an article published by Business Insider in a different language. Machine translations can generate errors or inaccuracies; we will continue the work to improve these translations. You can find the original version here.

The Minister of Industry, Trade, and Tourism has set a date for the immune passport that the European Union is working on. Reyes Maroto expects this technology to be deployed in Spain by May 19, the date on which the International Tourism Fair, Fitur, begins.

She advanced it this Wednesday in an interview with Antena 3. In it, the head of the portfolio has been confident in having this health passport “as soon as possible” as long as the volume of the vaccinated population is sufficient to allow safe travels, she has clarified.

“It is important that in Spain people have certainty that we are working to reopen tourism, but to do it safely“, she emphasized.

Coordinating the 27, guaranteeing the privacy of health data and ensuring the trust of citizens: Europe’s challenges in implementing the immunization passports.

This is not the first reference made by the public administration about the vaccination passport. The European Commission will present its proposal on March 17 and the Spanish tourism sector is blindly confident in its usefulness: the managers of several hotel chains emphasized in statements to Business Insider Spain that they will welcome this initiative. Spain is one of the countries that most support this project, although not everyone agrees.

Not even the director of the National Center for the Coordination of Health Alerts, Fernando Simón.

However, there are also buts. This very week China has deployed its own immune passport, following the example of states such as Bahrain and Israel. It has been precisely in Tel Aviv where there have been demonstrations by citizens upset because this passport allows vaccinated people to access certain services -such as bars or gyms- while those who are not yet immunized cannot.

Andalusia claims to be ahead of the curve

And in all this turmoil, last week the Andalusian Government surprisingly launched a campaign on social networks. In it, the regional executive assured that “the vaccination certificate that the European Union wants to implement already exists in Andalusia”.

The ‘immune passport’ that Andalusia has announced is actually a QR code that can be downloaded together with a vaccination certificate (in PDF format) from the website where citizens can consult their health data. The certificate only shows the date on which immunized people have received their two doses of the drug.

“Andalusia is moving forward,” assures a government announcement. “If you have received two doses you can already download [the certificate] (…) through the Salud Andalucía app.” “With this QR code you will be able to prove that you have been vaccinated. We offer our experience to the European Union and the Government of Spain.”

What exactly has the Government of Juan Manuel Moreno Bonilla presented?

“Smoke.” This is how lawyer and technology consultant Sergio Carrasco, from Fase Consulting, puts it.

It is not known what the Andalusian passport is for.

Reuters

The regional Minister of Health, Jesús Aguirre, pointed out at the presentation of the technological solution that it is a certification that can be used for whatever is considered appropriate. Internal communication from the Andalusian Health System weeks ago detailed that the solution offered citizens the possibility of printing the QR code in case they did not have a smartphone or were unaware of its use.

The EU fears that Google or Apple will be ahead of the curve with vaccination passports if they don’t hurry up.

In Bahrain, Israel, or China, the solution adopted to create this technological passport involves more sophisticated applications than a QR code. The Junta de Andalucía is offering citizens the possibility of proving that they have been vaccinated, but it does not clarify why, for what purpose, or to whom.

That is the key, according to Carrasco. In conversation with Business Insider España, the consultant points out that a passport of these characteristics only makes sense “if we talk about it internationally, because the Andalusian solution is not going to be used”. “It is still being worked on and it is not clear what uses it will have.”

The problem of biases

Initially, the European Council agreed two weeks ago that this passport would serve to lift mobility restrictions between European borders. But in Israel, it has ended up being implemented to restrict access to services. “It is one thing for these data to be accessed by the health authorities, but it is another thing for them to be used to restrict certain services,” warns the specialist.

“We have many problems: people still haven’t been vaccinated because not everyone has had the opportunity. Paper vaccination passports exist for travel, but in the case of COVID-19 those who are vaccinated are the groups at risk, and vaccination progresses differently depending on the territory and depending on whether more doses are arriving,” he points out.

The Andalusian announcement reveals the haste that the Spanish administrations are taking with an initiative, that of the immune passport, which worries experts like Carrasco very much. Specifically, the Andalusian certificate can be easily falsified. For example, a QR code that refers the verifier to a website that appears to be the real page of the Andalusian Government.

Immunity passport apps are riddled with privacy risks, pose an ethical problem and may not help stop the spread of COVID-19, research shows

A few days ago, Gemma Galdon, the founder of Eticas Consulting, a company that audits algorithms and their impact on society, expressed herself in similar terms in conversation with Business Insider Spain. “When technology comes into play it becomes problematic because it is not the same as a cardboard card as a digital passport, which already requires data stored in databases managed by entities we can trust.

“Data that can be reused, that can leave people out, or leave behind those who do not have a cell phone,” he warned.

Read the original article on Business Insider

Ericsson announces it will not attend Mobile World Congress for the second year running

This is an automated machine translation of an article published by Business Insider in a different language. Machine translations can generate errors or inaccuracies; we will continue the work to improve these translations. You can find the original version here.

Swedish network operator Ericsson has confirmed that it will not attend the Mobile World Congress in Barcelona (MWC) this year either because it considers that the health guarantees are not sufficient.

As reported in El Español, a global spokesperson for the company explained that they were expecting customers from 120 different countries with different vaccination rates in each of them, so they consider the risk of attending too high.

This announcement came just one day after the event’s organizer, GSMA, explained in a virtual press conference the strict health measures it plans to put in place together with the Catalan authorities for the development of the fair.

Among them, the entity will request the presentation of negative rapid tests every 72 hours, that attendees fill out a daily health questionnaire or use FFP2 masks.

This is what the first Mobile World Congress in Barcelona was like: it all began in 2006.

The situation is reminiscent of the previous year when a flood of cancellations from the main players in the technology sector forced the suspension of the 2020 MWC a month earlier due to COVID-19.

In fact, Ericsson was the first entity to refuse to attend Mobile, followed by LG, Amazon, and Nokia.

Thus, the same media points out that, as it happened 12 months ago, this decision may be the one that triggers the massive withdrawal of companies.

The GSMA continues to maintain the date of its celebration at the end of June after it was postponed several times. However, the big players in the sector have been pressuring the organizer for weeks to find a new date at the end of the year when the vaccination campaign is more advanced.

According to the same source, the organizer said it expects at least 45,000 attendees for MWC, half as many as two years ago, which has been described by operators as crazy.

Read the original article on Business Insider

Spain’s calendar to reactivate tourism: Maroto points to spring if 40% of the population is vaccinated

This is an automated machine translation of an article published by Business Insider in a different language. Machine translations can generate errors or inaccuracies; we will continue the work to improve these translations. You can find the original version here.

The long-awaited tourism reboot that has been on the minds of travel industry entrepreneurs for so many months is getting closer and closer.

The intention of the central government is to lift all regional lockdowns this spring, which begins next March 20.

After the businessmen gave for lost the Holy Week and that the majority of autonomies opted to maintain the closings during the holidays, it seems that the tourist reopening will arrive soon after, between the months of April and May, once around 30% or 40% of the Spanish population is vaccinated.

This has been advanced by the Minister of Industry, Trade and Tourism, Reyes Maroto, in an interview on Canal Sur Radio, which reports Europa PressThe Minister said that “when we have that percentage of vaccination in spring, we will be in a position to begin to reopen our destinations in line with what we are working on in the European Union”.

In the interview, the minister indicated that 5 million doses will be received in April, in addition to the approval “in a matter of days” of the Johnson & Johnson vaccine, which will lighten the pace, since it only requires one dose.

However, she insists on the need to advance with “prudence” in the de-escalation to guarantee “the containment of the virus”.

The minister also highlighted the “optimistic outlook” that the central government has for the tourism sector for the summer, taking into account the progress of the vaccination against the coronavirus, which could reach 70% by the end of the summer.

Everything you should know about the package of 11,000 million in aids to commerce, tourism and hotels that will be approved this week by the Council of Ministers.

Matoro has pointed out the work on different instruments that guarantee safe mobility when the conditions for the containment of the pandemic are met, such as the digital certificate.

Finally, asked about the Imserso travel program, the minister pointed out that they are usually marketed in September to start traveling in October, but said that she will try to “even speed up the procedures to reactivate the important demand of a group that will be mostly vaccinated.

Read the original article on Business Insider

The big SEPE hack is the work of Ryuk: how the cyberattack could have come about, what went wrong and why it is now one of the biggest threats on the internet

This is an automated machine translation of an article published by Business Insider in a different language. Machine translations can generate errors or inaccuracies; we will continue the work to improve these translations. You can find the original version here.

No appointments, no web, no systems: Public Employment Service professionals already know what it’s like to work in an organization under cyberattack. The SEPE suffered yesterday an incident with ransomware that has forced them to suspend and delay appointments with users, and to attend with paper and pen to many job seekers.

The news was brought forward by Vozpópuli at noon after it was detected that both the web and the SEPE platform were down.

The public body itself acknowledged incidents on its Twitter profile. Sources from the Ministry of Labor have confirmed to Business Insider Spain that the incident is due to an attack with Ryuk, one of the most prevalent ransomware families in recent years.

The Spanish cybersecurity market will grow by more than 8% in 2021 to 1,324 million euros due to the pandemic, according to IDC.

It is thanks to the fact that its operators know how to use it well. In the cybercriminal ‘industry’ there are developers who create malicious code and sell it to the highest bidder. And there are always those who improve them to make them more undetectable or even to be able to spread faster: just a few days ago BleepingComputer warned that a new variant of this ransomware was able to move laterally between devices connected by a LAN with Windows.

Against these lateral movements, there are already ‘vaccines’ developed by Spanish companies and by the National Cryptologic Center itself, such as Microclaudia, which makes ransomware believe that when they have infected a computer they have already infected the whole system so that they stop spreading.

How Ryuk attacked SEPE

Ryuk has thus become one of the biggest threats to companies around the world. In Spain alone it has struck on several occasions and has done so hard: it was behind an attack on the City Council of Jerez or another on Prosegur at the end of 2019 when it used to be distributed through Emotet, a banking Trojan that has become a whole distributor of malicious code.

This ransomware, which has hit the SEPE causing the first major IT incident in Spain -that transcends- so far in 2021, was also distributed through a botnet -a swarm of bots, vulnerable devices, and computers that have become part of a sort of ‘zombie’ army- called Trickbot, which has recently been dismantled.

“It’s on the podium of the ransomware most used,” explains Eusebio Nieva, Check Point’s technical director for Spain and Portugal. Speaking to Business Insider Spain, José Rosell, managing partner of S2 Grupo, confirms that behind Ryuk there may be highly organized groups.

“In certain places, packages can be purchased to launch campaigns of ransomware and among the clients of this ransomware-as-a-service there may be well-organized or very bungling groups of criminals,” he concludes.

Ryuk, which was first identified in August 2018 as Daniel Creus, an analyst with Kaspersky’s Research and Analysis Team, recalls, does not always respond to a targeted attack. In other words: the SEPE attack may have been fortuitous. Or not. All it takes is for an employee to have clicked on a malicious email where he shouldn’t have, and for the systems not to have been properly protected. This is how perfect storms arise.

Always ask for a financial ransom

REUTERS/Steve Marcus

Gerardo Gutiérrez, the director-general of SEPE, advanced this Tuesday on Cadena Ser that no ransom had been requested and that no data had been compromised. “Confidentiality data is totally assured”. “Unemployment benefits are being paid and will continue to be paid,” he emphasized.

Microsoft suffers a cyber-attack that is already being investigated by the White House: more than 20,000 companies have been affected by a ‘hacking’ of the mail server software.

Although the SEPE denies any ransom demand, the nature of this type of incident is usually always the same: the malicious code infects a computer in the system that has become the target of cybercriminals. Once it spreads, the code is activated and starts encrypting all the files on the system to make the computers unusable. A financial ransom is then demanded, usually in cryptocurrencies, for the victim to pay if they want to get back to normal.

Proofpoint, another cybersecurity firm that also works in Spain, has assured that 41% of Spanish companies that suffered cyberattacks last year refused to pay a ransom, which is well above the global average for this type of incident. Worldwide, when a firm suffers such an incident, only 31% agree to pay the ransom demanded by digital mafias.

“It is essential to evaluate the risk versus the reward in these situations, apart from considering other alternatives,” defends Proofpoint’s general manager in Spain, Fernando Anaya.

A possible targeted attack

Precisely because of the way ransomware navigates the network, it can be distributed via botnets or banking Trojans that try to trick users into clicking on a fraudulent link. Everyone receives emails in their inbox that are actually part of massive phishing campaigns with malicious links.

But that possibility does not exclude the possibility that the attack could have been targeted, recalls Check Point’s Eusebio Nieva. “On many occasions, Ryuk attacks can start with a phishing attack that is highly targeted at a specific person,” says the expert. A person who will have been “studied” to learn about their hobbies, their personal relationships, their work routine. All this in order to send an email that is as credible as possible.

Rosell, from S2 Grupo, points out that his researchers’ studies highlight how in many cases Ryuk attacks start “on a Friday at the end of the month”. Sometimes, ransomware can be dormant, sleeping in a computer system waiting to be activated. And Friday at the end of the month is a key date “because that’s when a company has to pay payroll or make invoices.”

This type of malicious code tries to do as much damage as possible precisely to find a desperate victim who has no choice but to agree to pay the ransom demanded.

Nieva continues: “Ryuk is one of the most prevalent, most widely used ransomware attacks, and in general, although it cannot be generalized, it is usually indicative of a premeditated attack”.

Plaintiffs, companies: what data is at risk?

Gerardo Gutiérrez, director-general of SEPE, insists that no confidential or personal data of job seekers or companies have been compromised.

But as Nieva reminds us, “nowadays there is a tendency for ransomware attacks to carry out what is known as double extortion”. The first extortion is to demand a ransom if the victim wants to regain control and normality in their computer systems. The second extortion is to demand the ransom because otherwise, the cybercriminals will leak all the data they have stolen in the attack.

Blackmail with data stolen during ransomware cyberattacks is a trend that was predicted in 2019 and eventually confirmed in 2020. Thus, Adif saw more than 100 gigabytes in company data dumped on the networks. Several experts and security analysts specializing in monitoring ransomware have seen how on the dark web many of these operators publicize their exploits and even share evidence of the data they have managed to usurp.

From Adif to Mapfre: ransomware attacks cost Spanish companies at least 100 million euros a year.

Brett Callow, an analyst at Emsisoft, explains to Business Insider Spain that behind Ryuk there are usually two groups operating it. Neither has a website on the darknet. “The main group, the original group, doesn’t steal data. The secondary group has stolen data on occasion, but they don’t leak it on their own page, they post it randomly on cybercriminal forums”.

To know if data is really at risk, it is necessary to know more details of the incident. Nieva estimates that depending on which IT infrastructures have been affected, recovery from the incident can take several days. Typically, organizations that are attacked in this way will, if they do not pay the ransom – something that is strongly discouraged – resort to backups.

However, Rosell does warn of the “catastrophic” effects that a ransomware attack can have. They have not been seen in their full magnitude because fortunately the greater evils have always been avoided, but the managing partner of S2 Grupo recalls highly publicized cases such as Telefónica’s WannaCry in 2017 or the NotPetya that affected Maersk a year later.

Or a hospital. In Spain, there have been cases of hospitals unable to operate normally because their computer systems were down. In Germany, a woman died after an operation was postponed for this reason.

What went wrong with SEPE’s security

Hackers and Spanish specialists like Marc Almeida have drawn attention to social networks for how illustrative the SEPE website can be.

ENTYSOCIAL:https://twitter.com/cibernicola_es/status/1369275123690246145?ref_src=t...

“It’s anecdotal,” says Check Point’s Nieva. The expert believes that rather than there not having been adequate maintenance of computer security, what the screenshot shared by Almeida on Twitter reveals is that the SEPE has had a “lack of foresight”.

“In the end, this is all a question of raising awareness among users,” claims Rosell, of S2 Grupo. “Despite the fact that from a security point of view a lot is being done, there is obviously still the risk that when you open the attachment of an email that should not have been opened, you get a bug.”

One of the maxims in the cybersecurity industry is to always keep equipment up to date. But the systems of gigantic administrations such as the Employment Service do not always have the latest equipment. The cliché always comes back, and it is common to see officials in various institutions working with operating systems that are no longer supported, such as Windows XP.

“But that doesn’t just happen in public administrations,” Rosell pauses. “You can go and see industrial control systems being used with an old specific program and with an old operating system.” “The personnel in charge of managing it are afraid to change the program because the machinery may stop working because the manufacturer that installed it 15 years ago has disappeared or has ceased to have a relationship with them”.

It’s “an endemic evil” that goes far beyond not updating the operating system. “Clearly, organizations need to do a lot more in terms of security,” he acknowledges. “But anyone who is risk-free should raise their hand. I don’t know any of them. We’re all concerned.” Only, “the more you invest in awareness and security,” “the less risk you have.”

Read the original article on Business Insider