In our previous annual breakdown of Spanish cyber security, we saw that the shift to working from home as a result of COVID-19 had huge ramifications on businesses; attackers saw an opportunity to exploit companies using remote technology for the first time, and they went for it.
This year, some of those attacks have shrunk back, but the war in Ukraine has complicated life not just for businesses, but criminal gangs too.
In this article:
- Spain’s top cyber security trends for 2023
- Top cyber threats to Spain, in numbers
- What to focus on in 2023
Spain’s top cyber security trends for 2023
RDP attacks still a threat, but not as great as previously
In 2021, Spain was one of the world’s biggest targets for RDP attacks. The final four months of that year broke all previous records, with RDP attacks reaching an annual growth of 897%. Spain suffered 51 billion RDP password-guessing attacks, putting it way ahead of second place (Italy, with 25 billion) (ESET 2021).
However, the threat seems to have shrunk. Indeed, from Q1-Q2 2022, RDP attacks dropped by 89.4% (ESET 2022). Spain went from first place to third. This is great news and a bit of relief, but remember it’s a drop from tens of billions to just billions – these attacks are still a threat and should not be ignored.
What is an RDP password-guessing attack? Also known as a ‘brute force’ attack, RDP password guessing is where attackers use computer programs to literally ‘guess’ people’s passwords. Weak passwords can be guessed very quickly, even instantly. Once an attacker has an employee’s RDP password, they can access the company network as that employee and begin their attack.
Why has it dropped so much?
There are a lot of factors at play here, all of which will likely have contributed in some part to the reduction in RDP attack attempts. For starters, the Russian war of aggression in Ukraine splintered a number of cyber crime factions and pulled resources away from state-sponsored actors, leading to a change in the global make-up of cyber crime.
Additionally, RDP attacks spiked as a result of the mass shift to remote working due to COVID-19, and that remote work shift has since calmed down. Not to mention the fact that companies have improved their security maturity.
Cyber gangs target a broad section of industries
In the past, cyber crime was viewed as a government or financial sector problem – public agencies, defense forces, utilities and major finance corporations (i.e. banks) were some of the biggest targets. These days, just about anyone might become a target and cyber crime gangs are spreading their attacks out.
Who are ransomware gangs targeting in Spain?
Manufacturing was the hardest-hit industry in Spain last year, way ahead of the rest. IT, shipping & logistics, and chemical & pharmaceuticals were also prime targets (SOCRadar).
What about phishing attacks?
Phishing attacks targeted mainly three Spanish sectors: Fintech and finance as might be expected, but also healthcare. Unfortunately, these attacks were also harder to spot than in previous years, as now 71% of attackers are using HTTPS protocol instead of HTTP.
State-sponsored targets in Spain
Spanish companies are coming under attack from bad actors funded or associated in some way with governments. The groups attacking Spain were identified to be primarily associated with Russia and North Korea, according to SOCRadar intelligence.
That said, due to the war in Ukraine, some groups fell apart and even turned on each other. The largest casualty was Conti, one of the world’s most prolific cyber gangs, which has fractured into numerous smaller factions since mid 2022.
‘As-a-service’ cyber crime drives scale
Once, if a group wanted to, say, attack a target using ransomware, they would have to develop the malware themselves, reconnoiter a target’s system, hack into it, extract the ransom, and cover their tracks well enough not to get caught.
But, this is increasingly no longer the case. Groups are splitting up into individual outsourced ‘affiliates’, allowing cyber criminals to specialize in key areas of the attack process while reducing each group’s individual footprint on a crime, helping them evade the detection of law enforcement.
This is called ‘Cybercrime-as-a-service’. It’s the adoption of similar business models to genuine software vendors: licensed or productized services, training, customer support, even marketing. Much like in genuine business, it has enabled criminal groups like ransomware gangs to scale conveniently and quickly, and expand their revenues.
Disruption to IT supply chain threatens Spanish companies
Supply chain attacks are a growing problem. As organizations automate and digitize, they must rely on software vendors from across the world to provide services they can’t produce in-house. This has led to a situation where a great many businesses rely on very few.
Cyber criminals know this. By attacking one major supplier, they can gain access to the networks of thousands, if not tens or hundreds of thousands of that supplier’s customers. We saw this with the SolarWinds hack in 2020 and the Log4j exploit in 2022, and it’s likely we’ll see it again in 2023.
What is a supply chain attack? The compromising of a popular software supplier in order to gain access to its customers (or fellow suppliers). Also known as vendor risk, third-party risk or supply chain compromise.
Are governments doing anything to prevent this problem?
Yes. Perhaps most relevant for Spanish companies, the European Commission and the US government have both released their strategies for countering cyber threats like a supply chain compromise. The NIS2 Directive is an example from the EU, and Executive Order 14028 is an example from the US.
Learn more: Are you reviewing your third parties for security risks?
Top cyber threats to Spanish companies, in numbers:
- 90% of Spanish organizations were compromised at least once in the past 12 months. Of those hit specifically with ransomware, 61% paid an average ransom of €19,400 (SOCRadar).
- Supply chain compromise accounted for 17% of network intrusions in 2021-2022 period (ENISA).
- The top three skill lacking among cyber security professionals are (ISACA): soft skills, cloud computing and security controls
- The top three factors increasing the risk of cyber attacks are (ESET): lack of cyber awareness among employees, nation-state attacks and vulnerabilities in the partner/supplier ecosystem
- The global average cost for a data breach is USD $4.35 million (€4 million) (IBM).
- It took an average of 277 days for organizations to identify and contain data breaches in 2022. Bringing this number down to 200 days or less could have saved USD $1.12 million (€1 million) (IBM).
What should your company focus on in 2023?
1. Raise cyber awareness levels across the business
We mentioned this last year and it’s relevant again this year. It is absolutely critical that all Spanish companies, not just major enterprises or those within the most commonly targeted sectors, raise cyber awareness levels among employees.
Human error is one of the easiest factors for cyber criminals to exploit, and it’s a factor in some of the most common attacks on Spanish businesses. Phishing and social engineering targets people directly, while RDP password-guessing attacks look to break open weak employee passwords. But both of these problems can be mitigated with better training.
Learn more: How exposed is your business to human error?
2. Ensure you have a good backup strategy
Good data backups can help prevent some of the harm of a ransomware attack (or any other malware which disrupts or destroys data). It may also allow you to circumvent having to pay up, if you can recover your system instead of paying for the key.
Some top tips to ensure your backup strategy will work effectively include:
- Backup regularly to ensure you never lose too much work.
- If you can’t afford to backup your entire network, highlight mission-critical data and back that up as a priority.
- Test that your backups are actually recoverable.
- Always store your backups in a separate, secure location so that attackers cannot compromise the backup as well as the main network.
3. Keep your devices up to date
Software exploits are generally only available to attackers for a short period of time. Once an exploit has been discovered, its developers patch the hole and then the attacker must find an alternate route into target networks. For example, Microsoft built extra security measures into RDP for Windows 11 in the wake of mass RDP hacks.
You don’t need to know every single software exploit in the global market, you just need to keep your various systems and devices up to date. That means computer operating systems, phones or tablets, apps, and smart devices. Prepare a policy that will help you manage the process of regularly updating every company device on a regular basis, and ensure it has an accountable person to oversee it.
4. Segment your IT network to restrict wanton destruction
Employees, even administrators, should not have unrestricted access to your IT network. Anyone with free, complete access is a huge security risk – if that person’s account is compromised, their attacker gains similar free access and can do what they like within the network.
In 2023, consider upgrading your identity and access management policies, utilizing the principles of ZeroTrust and least privilege. These policies in combination should help you segment your system, while still ensuring employees can log on when they need to, for as long as they need to.
Learn more:
5. Get on top of the risk from your supply chain
Supply chain risk is probably one of the biggest for Spanish companies in 2023 because of how global it is. A supplier could be anywhere, with any amount of security protecting it, and still impact a Spanish business.
Some things to consider in 2023 are:
- Bringing security personnel into vendor contract negotiations so they can ask questions about that company’s cybersecurity, and review the contract for security red flags.
- Keeping an eye on what’s happening in your suppliers’ markets with regards to cyber attacks, so you know who’s attacking who, and with what techniques. This could help you prepare in advance for your suppliers to be compromised.
- Whenever downloading a new software patch, test it first in an isolated environment. Check it for weaknesses or other problems before rolling it out to the rest of the business.
Need help this year? We’re here for you
Cyber security is a lot to think about -attackers really will try to come at you from all sides. But you don’t have to figure everything out yourself, especially if you’re struggling to hire the right digital talent for the job.
Here at dig8ital, we can handle all aspects of cyber security, from planning through to implementation and review. Contact us for a free maturity consultation and we’ll chat to you about your unique needs.