- Cybersecurity
Asset management and contact details in the event of an incident, new developments in the Security Portal for Local Administrations
On March 2, Microsoft released in an extraordinary statement a series of updates to 4 new critical zero-day vulnerabilities that affect its Exchange technology and that would allow an attacker to remotely take control of the affected server, perform execution of arbitrary code, access the affected server email accounts and even expand on the network. According to some sources, the vulnerabilities have been exploited since January 6 by multiple groups allegedly of Chinese origin.
At first, attacks had been detected exclusively in the United States, but the Catalan Cybersecurity Agency has confirmed evidence of attacks and related incidents in different sectors of the Catalan territory. The volume of new attacks is expected to increase critically in the coming days. However, it should be considered likely that vulnerable servers have already been compromised. So far, access to mail by attackers is motivated by cyberespionage, mainly focusing on the theft of confidential information from compromised networks. On the other hand, the sensitivity of the systems affected by this group of vulnerabilities may cause new criminal groups to soon take advantage of their exploitation to deploy "ransomware".
The manufacturer has released security patches to fix the vulnerabilities and tools to detect the impact. The Catalan Cybersecurity Agency recommends the application of these patches immediately. It is considered essential to perform a backup prior to the deployment of the patches, in order to preserve the evidence that enables potential subsequent investigations. Once the security patches have been applied, it is recommended to check if the servers have been affected. These reviews can be carried out using a series of tools and recommendations included in the related Agency’s cybersecurity statement.
In the event of an incident, please contact us by phone at 900 112 444 or by e-mail at the e-mail address cert@ciberseguretat.cat.
The Cybersecurity Agency of Catalonia, thanks to CATALONIA-CERT, has a high response capacity that allows it to act in a coordinated manner, to minimize the impact of cybersecurity incidents that occur throughout the territory.
Last year, the Catalan Cybersecurity Agency defined a specific cybersecurity service for the local administration, which aims to offer new protection and response capabilities in the face of cybersecurity threats and incidents and thus prevent attacks such as those that are the subject of this press release.
This service is expected to be operational in the early second quarter of 2021, however the following mailbox has been created seguridad.aall@ciberseguretat.cat to resolve any doubts or issues in this regard.