In our previous annual breakdown of Spanish cyber security, we saw that the shift to working from home as a result of COVID-19 had huge ramifications on businesses; attackers saw an opportunity to exploit companies using remote technology for the first time, and they went for it.
This year, some of those attacks have shrunk back, but the war in Ukraine has complicated life not just for businesses, but criminal gangs too.
In this article:
In 2021, Spain was one of the world's biggest targets for RDP attacks. The final four months of that year broke all previous records, with RDP attacks reaching an annual growth of 897%. Spain suffered 51 billion RDP password-guessing attacks, putting it way ahead of second place (Italy, with 25 billion) (ESET 2021).
However, the threat seems to have shrunk. Indeed, from Q1-Q2 2022, RDP attacks dropped by 89.4% (ESET 2022). Spain went from first place to third. This is great news and a bit of relief, but remember it's a drop from tens of billions to just billions - these attacks are still a threat and should not be ignored.
What is an RDP password-guessing attack? Also known as a 'brute force' attack, RDP password guessing is where attackers use computer programs to literally 'guess' people's passwords. Weak passwords can be guessed very quickly, even instantly. Once an attacker has an employee's RDP password, they can access the company network as that employee and begin their attack.
Why has it dropped so much?
There are a lot of factors at play here, all of which will likely have contributed in some part to the reduction in RDP attack attempts. For starters, the Russian war of aggression in Ukraine splintered a number of cyber crime factions and pulled resources away from state-sponsored actors, leading to a change in the global make-up of cyber crime.
Additionally, RDP attacks spiked as a result of the mass shift to remote working due to COVID-19, and that remote work shift has since calmed down. Not to mention the fact that companies have improved their security maturity.
In the past, cyber crime was viewed as a government or financial sector problem - public agencies, defense forces, utilities and major finance corporations (i.e. banks) were some of the biggest targets. These days, just about anyone might become a target and cyber crime gangs are spreading their attacks out.
Who are ransomware gangs targeting in Spain?
Manufacturing was the hardest-hit industry in Spain last year, way ahead of the rest. IT, shipping & logistics, and chemical & pharmaceuticals were also prime targets (SOCRadar).
What about phishing attacks?
Phishing attacks targeted mainly three Spanish sectors: Fintech and finance as might be expected, but also healthcare. Unfortunately, these attacks were also harder to spot than in previous years, as now 71% of attackers are using HTTPS protocol instead of HTTP.
State-sponsored targets in Spain
Spanish companies are coming under attack from bad actors funded or associated in some way with governments. The groups attacking Spain were identified to be primarily associated with Russia and North Korea, according to SOCRadar intelligence.
That said, due to the war in Ukraine, some groups fell apart and even turned on each other. The largest casualty was Conti, one of the world's most prolific cyber gangs, which has fractured into numerous smaller factions since mid 2022.
Once, if a group wanted to, say, attack a target using ransomware, they would have to develop the malware themselves, reconnoiter a target's system, hack into it, extract the ransom, and cover their tracks well enough not to get caught.
But, this is increasingly no longer the case. Groups are splitting up into individual outsourced 'affiliates', allowing cyber criminals to specialize in key areas of the attack process while reducing each group's individual footprint on a crime, helping them evade the detection of law enforcement.
This is called 'Cybercrime-as-a-service'. It's the adoption of similar business models to genuine software vendors: licensed or productized services, training, customer support, even marketing. Much like in genuine business, it has enabled criminal groups like ransomware gangs to scale conveniently and quickly, and expand their revenues.
Supply chain attacks are a growing problem. As organizations automate and digitize, they must rely on software vendors from across the world to provide services they can't produce in-house. This has led to a situation where a great many businesses rely on very few.
Cyber criminals know this. By attacking one major supplier, they can gain access to the networks of thousands, if not tens or hundreds of thousands of that supplier's customers. We saw this with the SolarWinds hack in 2020 and the Log4j exploit in 2022, and it's likely we'll see it again in 2023.
What is a supply chain attack? The compromising of a popular software supplier in order to gain access to its customers (or fellow suppliers). Also known as vendor risk, third-party risk or supply chain compromise.
Are governments doing anything to prevent this problem?
Yes. Perhaps most relevant for Spanish companies, the European Commission and the US government have both released their strategies for countering cyber threats like a supply chain compromise. The NIS2 Directive is an example from the EU, and Executive Order 14028 is an example from the US.
Learn more: Are you reviewing your third parties for security risks?
We mentioned this last year and it's relevant again this year. It is absolutely critical that all Spanish companies, not just major enterprises or those within the most commonly targeted sectors, raise cyber awareness levels among employees.
Human error is one of the easiest factors for cyber criminals to exploit, and it's a factor in some of the most common attacks on Spanish businesses. Phishing and social engineering targets people directly, while RDP password-guessing attacks look to break open weak employee passwords. But both of these problems can be mitigated with better training.
Learn more: How exposed is your business to human error?
Good data backups can help prevent some of the harm of a ransomware attack (or any other malware which disrupts or destroys data). It may also allow you to circumvent having to pay up, if you can recover your system instead of paying for the key.
Some top tips to ensure your backup strategy will work effectively include:
Software exploits are generally only available to attackers for a short period of time. Once an exploit has been discovered, its developers patch the hole and then the attacker must find an alternate route into target networks. For example, Microsoft built extra security measures into RDP for Windows 11 in the wake of mass RDP hacks.
You don't need to know every single software exploit in the global market, you just need to keep your various systems and devices up to date. That means computer operating systems, phones or tablets, apps, and smart devices. Prepare a policy that will help you manage the process of regularly updating every company device on a regular basis, and ensure it has an accountable person to oversee it.
Employees, even administrators, should not have unrestricted access to your IT network. Anyone with free, complete access is a huge security risk - if that person's account is compromised, their attacker gains similar free access and can do what they like within the network.
In 2023, consider upgrading your identity and access management policies, utilizing the principles of ZeroTrust and least privilege. These policies in combination should help you segment your system, while still ensuring employees can log on when they need to, for as long as they need to.
Supply chain risk is probably one of the biggest for Spanish companies in 2023 because of how global it is. A supplier could be anywhere, with any amount of security protecting it, and still impact a Spanish business.
Some things to consider in 2023 are:
Cyber security is a lot to think about -attackers really will try to come at you from all sides. But you don't have to figure everything out yourself, especially if you're struggling to hire the right digital talent for the job.
Here at dig8ital, we can handle all aspects of cyber security, from planning through to implementation and review. Contact us for a free maturity consultation and we'll chat to you about your unique needs.