The SEPE did not have certificates from the Cryptologic Center at the time it suffered its great hacking

This is an automated machine translation of an article published by Business Insider in a different language. Machine translations can generate errors or inaccuracies; we will continue the work to improve these translations. You can find the original version here.

The SEPE continues at half throttle in the wake of the cyberattack it suffered last week. While its system technicians are trying to restore all services as quickly as possible, day after day details are emerging about what happened behind the incident.

One of these details is that the Public Employment Service was not yet certified by the National Cryptologic Center. The CCN is a body under the CNI that ensures compliance and certification of administrations and companies on the National Security Scheme.

According to Invertia this Thursday, the employment agency was not on the list of administrations certified in the National Security Scheme of the CCN. The list does include several regional ministries of Andalusia, several city councils, and various entities of the General State Administration. The list is public and accessible and can be consulted here.

Specialist sources consulted by the economic media point out that the adaptation to the National Security Scheme is “an ongoing process” and that the CCN is already working precisely with the SEPE in adapting and adapting its computer systems to the requirements demanded by this certification.

What is known at the moment is that the SEPE was hit by a ransomware-type malicious code known as Ryuk. When the news came out on Tuesday, which was reported by Vozpópuli, the agency’s technicians had to shut down all the systems in order to prevent the intruder program from spreading through the entity’s internal networks.

This computer blackout lasted for days, which forced SEPE officials to work for days with pen and paper, taking notes of the job seekers who requested an appointment or a procedure, while waiting for normality to be restored.

Cyber-attacks on the administration soar after the blow to the SEPE: a tax agency warns that it is being supplanted with malicious emails.

Ransomware usually hits companies and public administrations with the aim of encrypting files, hard disks, and, in general, an organization’s servers. When the organization is compromised, it usually receives a message from the cyber criminals operating the attacking program demanding a ransom if the victim wants to get back to normal.

In recent months, these ransomware attacks have been transformed and cybercriminals now also engage in a second form of blackmail: if victims do not pay the ransom, the cyber criminals threaten to publish all the sensitive information they have stolen during the attack.

Colleges, unions, and associations have lamented the disinvestment in cybersecurity that has taken place in recent years in the public administration. ASTIC, an organization of systems technicians from the administration itself, warned in a recent communiquéthat the pandemic had prioritized the continuity of services or business over security. It claimed that it was time to “make up for lost time”.

It is still unclear how Ryuk was able to reach SEPE. Ransomware can be distributed via malicious phishing emails and botnets. In other words: they are not always targeted, premeditated attacks.

During the worst months of the pandemic, many of the cybercriminal collectives operating this ransomware promised that they would not attack hospitals, healthcare facilities, or laboratories. However, many of these malicious codes, when distributed by armies of bots-imprisoners, webcams, compromised servers and controlled as if it were an army of zombies – sometimes shooting everything.

Some specialists pointed out to Business Insider Spain that the attack could well have come that way or through phishing known as spear phishing. Just like a fraudulent email masquerading as a legitimate message, spear phishing has the particularity that in order to work, the attackers have spied on and studied a person to the millimeter.

For example, these cybercriminals could have sent a fraudulent email to a SEPE employee pretending to be a relative or a friend, which would make him trust and click on a link he should not have clicked on and which automatically downloaded Ryuk onto the SEPE’s computer systems.

Read the original article on Business Insider