Alberto Hernández Moreno is dedicated to making the new digital environment, more and more ubiquitous in our lives, a safer place. The director general of the National Institute of Cybersecurity (Incibe) is clear that it is necessary for people to take more seriously the threats that run when using the computer, mobile or even smart TV.
What threats do we expose ourselves exactly? According to the Ministry of the Interior, in 2017 there were 123,064 incidents related to cybersecurity. Of these, only 885 went to the so-called critical operators, such as power stations, banks, and so on. The vast majority fell on ordinary citizens. "In the end, cybercriminals move because of the cost-benefit ratio. When they develop something very sophisticated it is because it is aimed at some organization from which they are going to make a lot of money, but normally it is more important to obtain a little bit of many, "he stresses.
Massive and well-targeted attacks
The fraud accounted for 74% of the crimes detected last year, followed by threats and coercion (14%) and computer falsification (3.6%). The attacks are massive, but well directed. "In the top 10 of frauds to citizens we would put the scams in rents, the scams in falsified products, the false lenders and the brides or boyfriends by Internet", enumerates Hernandez.
Boyfriends online? Yes, those contacts, usually very good looking, that talk to the victim for a couple of months through a digital channel until they ask for money to go see it and disappear. Or, in another version, they send you one or two sex videos when there is already confidence and then they ask for one of them. And if they sting, they extort money to not publish it. "If I am a divorced person of 40 or 50 years old and I post that on social networks, I am a candidate to develop an attack directed against me," he illustrates.
Let's forget the stereotype of a hacker who works on his own: the Hernandez team, which works closely with the National Police and the Civil Guard, knows very well that the ones behind these actions are organized criminal groups, often international scale and remotely. Its toolbox has several options in addition to those commented.
One of the most used is the ransomware. An email arrives that, posing as a financial institution, the lighting company or some other trusted contact, they ask that a file be downloaded that actually contains a malware what the team encrypts. Then they ask for a ransom to free him. "These attacks are not aimed at the more affluent. They are asking for ransoms of 100 or 200 euros, amounts that everyone can pay. "
Fraud to managers
The level of sophistication of the threats is increasing because the awareness of the people, fortunately, also grows ".
Another very common is the fraud of the CEO: someone sends an email to the financial director of a company posing as the president or CEO of the same in which he says he has to make an urgent international transfer to a bank account attached. "They are well-designed emails, although problems with a call would be avoided," says Hernández.
The online stores that seem to sell bargains but then the product never comes, extortions like the described case of digital boyfriends, harassment … The threats are multiple, and will increase as the Internet of Things unfolds, when the refrigerator or washing machine are also connected. "We are advocating that they be manufactured and designed in a safe way, but the technology is vulnerable. It will be necessary to manage it and use it correctly. " In the United States even pacemakers have been hacked, asking the victims for rescues in exchange for letting the device continue to function.
What does tomorrow hold? Should we expect an environment with more cyber-insecurities? "The level of sophistication of the threats is increasing because the awareness of the people, fortunately, also grows," explains Hernández. And he continues with a paradoxical fact: "But that does not mean that the most lucrative threats are very complex. The malware with the highest incidence in Spain is Conficker, which was developed in 2007 and after six months had been solved. That means there are still many systems in this country that have not been updated since then. "