As the Vodafone network was confirmed after a computer attack that had an unprecedented impact on the country on Monday night, the investigation by the Cyber Crime Division of the Criminal Police continues without solid elements in the hands of investigators such as the IP. And many more open views. In the PJ realm, as Nascer do SOL knows, there is also concern about broadcast information, while there is no certainty about the origin and motives of the attack. Strategy: Closer to hearts. The day after the attack, at a press conference chaired by the division’s director Carlos Cabrero, the officer did not comment again and declined to comment on the steps.
A ‘little info’ on the Russian track
The attack may have been a politically motivated act in the wake of tensions between Moscow and Kiev, one of the scenes set on the table from the outset, when cyber security expert Jose Tripolot said the threat was strong. In the United States and Europe. “All NATO member states are being targeted by this kind of attack,” a retired Technico professor told me.
This week, Reuters reported that the European Central Bank has issued guidance to banks against such possibilities. In Ukraine, concerns about cyberware have been on the rise in the United States since 2020, with the Solar Winds attack – the infiltration of the computers of nine federal agencies and hundreds of American companies, linked by US intelligence to Russian intelligence. It has become a real threat.
On Tuesday, Carlos Capriro, director of PJ’s cybercrime combat division, said the hypothesis that the attack on Vodafone was of Russian descent was “not real” and that it was “abuse.” This Friday, Expresso reported an element that could not disprove the hypothesis at trial, however, according to Nascer do SOL, all footage is still open and is considered “a little information”. According to the weekly magazine, two weeks ago, on January 24, Portuguese officials learned that a hacker had published a post on the Russian online forum Exploit.in. Revenue between US $ 1 billion and US $ 4 billion. “I will listen to your price proposals” quoted weekly as being proposed on the basis of a bid of $ 2500 (approximately 2100 euros).
According to Expresso, this lead, which could link the case to the Russian hacker, is being investigated by the authorities and was discovered by the US cyber intelligence agency Mandiant, which monitors these closed forums and the DarkWeb. At Nascer do SOL, Mandiant declined to comment on the information and did not comment on whether he supported the Portuguese authorities’ investigation.
In its report on what to expect in 2022, the company points out that cyber attacks of Russian descent are one of the threats that will increase in the context of the current tension. “Russia will maintain an aggressive stance in late 2021 (when the document was released) and until 2022, targeting NATO, Eastern Europe, Ukraine, Afghanistan and the energy sector.” The company also points to other state actors in cyberspace operations: Iran, Israel and other Middle Eastern countries based on its targets, China, ‘cyber espionage’ operations and North Korea.
Another warning from the consultant is that ransomware attacks are hacking into computer systems by hackers seeking ransom money for data recovery. According to investigative sources, this week Germain de Souza’s lab network was shut down until this Sunday, which is different from Vodafone’s character, which has shut down the entire network. No redemption request. These attacks have increased and continue to increase over the past decade, Mandient warns: “The ransomware business will continue to be very lucrative until international governments and technological innovations change the cost-benefit calculation for attackers.” Be careful: tactics are evolving. According to the consultant, there is a movement for hackers to use themselves as ‘infiltrators’ in the companies they intend to attack.
The issue of misuse of credentials was raised by some experts, who considered one of the hypotheses they publicly intervened this week to be a “malicious and terrorist” attack, as Vodafone reported. It affected private clients, companies and emergency and fire systems, but also hospitals with services supported by the Vodafone network. According to the DECO, compensation should only be paid if the company is known to be responsible for the outage.