May 12 was a particularly busy day at Incibe’s headquarters outside the northern city of León, beginning at 9.15 am when the first warnings of the WannaCry ransomware attacks appeared. “We were informed unofficially that something was happening at Telefónica,” says Marcos Gómez, Incibe’s deputy director.
More than 350,000 companies and organizations in 180 countries came under attack from a virus that encrypts the content on a computer’s hard drive and then demands payment of a ransom it to be unlocked.
Alberto Hernández, Director General of Incibe
Spain was not as badly affected as the United Kingdom, where the computer systems of 16 hospitals were paralyzed, but the country is a target, with some 1,000 cyberattacks launched over the last three years, according to Incibe, most of them against energy infrastructure. “The threats out there in the real world, such as spying, terrorism and extortion are now cyber threats. And the reasons are the same as before,” says Alberto Hernández, Incibe’s director general.
In December, Spain’s interior minister, Juan Ignacio Zoido, issued a warning in the Spanish Congress about the dangers Spain faces: “The seriousness [of the problem], of the potential consequences, among them the loss of human life, along with the serious economic damage and disruption of all kinds that an event of this magnitude could provoke more than justify the government making this one of our top security priorities.”
Incibe works as a kind of cyber police force, its staff “combing the internet” and laying “bait” for the “bad guys”
The most common cyberattacks work via software that infiltrate a computer’s hard drive allowing remote access. There is also denial-of-service attack (DoS attack), where the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the internet.
“The protection of critical infrastructure has a digital dimension, with protection [against such cyber threats] increasingly important to our security,” says the latest report from the Spanish government’s National Security Executive.
Hernández says that while cyberattacks of the kind that kept Incibe busy on May 12 and in the following days are on the increase, the authorities’ ability to counter them are improving.
“We have to take three factors into account,” he says, adding: “It’s true that there are more attacks taking place, but we are also better able to detect them, while those affected by them are notifying us more often.”
Incibe monitors cyberattacks in real time around the world and in Spain. On May 23 at 6pm, there were 9,715 Internet Protocol (IP) addresses (the unique string of numbers that identifies each device communicating on an online network) being threatened. In Barcelona, the figure was 5,276 and in Seville it was 1,529.
Incibe works as a kind of cyber-police force, its staff talking about “combing” the web in search of suspicious “movements” and “statements” by hackers. They lay “bait” for the “bad guys,” and carry out “sample analysis.” Their efforts are not directed solely at helping key infrastructure: in 2016, the agency registered more than 115,000 cyberattacks against private individuals, universities, businesses and institutions, almost twice the number it recorded in 2015. In the first quarter of this year, it has already registered more than 50,000 such attacks.
English version by Nick Lyne.