Nothing and no one is exempt from the risk of cyber attacks. It does not matter whether we are talking about a private citizen or a large multinational company, whether you are in the North or the South, the East or the West, and whether your computer is open like the doors of a shopping center on the first day of sale or you have invested significant sums in security. Of course, all this adjusts some parameters, such as the level of risk and the probability of success of the attack. But no one is immune to being in the spotlight at some point.

This can sometimes give the (wrong) impression that cybercriminals have agreed to focus their attacks on a region, a country, a certain type of industry, or even a specific company or institution. And although there is no evidence of this, apart from the coincidence, we will definitely end this last week of May 2024 many people think that about our country.

The reason is that in recent days We know of a large number of successful attacks against Spanish companies and public entities. Of course, it is necessary to clarify at this point that the fact that the attacks were known this week does not mean that they happened during it. Cyberattacks usually, and this is not an exception, become public when their authors share them or put the assets they managed to loot for sale.

The closest precedent is found in the Banco Santander cyber attack a few weeks ago, which resulted in the exfiltration of personal data of the entity’s clients in Spain, Chile and Uruguay, as well as its employees. The bank said that no information related to passwords, operations and so on was leaked, but even so, the type of information the attackers obtained can be used in phishing and spearphishing campaigns, which is what makes this action so dangerous.

Well, if we thought the shock of the month was over we still had a dark week ahead of uswhich only in Spain and this week had three protagonists in the form of three cyberattacks:

• Iberdrola: The first “surprise” of the week came when we learned that Iberdrola, one of the main electricity companies in our country, suffered an attack at the beginning of the month, in which they confirmed the leakage of personal data and asked whether financial, with approximately 850,000 clients.
• Phone: Practically in parallel, we also learned that Telefónica could have suffered an attack, as a result of which cybercriminals would have obtained personal data from clients and employees, up to 120,000 personal records in total. In this case we are talking about physical addresses, full names, email addresses and phone numbers.
• Directorate General of Transport (DGT): and because there are no two without three, today we learned about another attack, this time on DGT, through which the attackers would obtain (and put on sale) a database of registered vehicles, with license plates, type, make and model of the vehicle, name, address and population owner and up-to-date insurance information, for a total of more than 34 million vehicles.

That cyber security is a problem, a huge problem, has been a reality for some time now, but it’s true that many people don’t remember this until the cyber attacks come. The problem is that to a large extent Those who suffer from its consequences are not responsible for the security policy, but the users.

More information: 1/2/3