A large-scale Russian cyberattack directed at the infrastructure of the Higher Council for Scientific Research (CSIC) It has forced to cut off communications with the Institute of Natural Products and Agrobiology (IPNA) in Tenerife, dependent on it, for several weeks. The measures to stop the computer attack, which occurred between July 16 and 17, have caused the Canarian research center to suffer Occasional problems with cable and Wi-Fi internet connectionsa cut in the telephone line for at least two weeks and a blockade of communications with the central headquarters of the CSIC, in Madrid, which is still being restored.
To avoid problems in the performance of the researchers, from an early stage the IPNA management urged all employees to work from home. “This solution has allowed everyone to continue working with their own internet network,” highlights the director of the IPNA, Juan Ignacio Padrón. Although they were “less than a day” without cable internet connection, the wifi has been malfunctioning for several days. They have also been lucky that their emails have continued to work. “I have continued to send articles,” says Padrón. All this has allowed researchers to maintain their scientific activity despite this isolation.
The biggest setbacks have been assumed by the administration area. «The self-signature did not work for us nor have we been able to resolve contracts, because they have cut off communications with the headquarters in Madrid», highlights the director, who insists that during this time they have been working “blindly”. According to him, the Administration has been operating for almost three weeks “at a very slow pace” and it is in these days when this area “begins to see the light.”
Padron claims that “it took a long time to restore everything”, but highlights the “transparency” with which the central body has transferred the information to the staff. “They had already warned us,” he stresses. And it is that since the war between Russia and Ukraine broke out, CSIC workers have been warned of the importance of protecting all data. “They told us that we had to disconnect all the computers from the network, because if we can’t leave doors open for these kinds of attacks to take place,” he says.
The research center has not, however, been one of the most affected by this Russian computer attack. The measures used to control and resolve the attack have led to a cut of access to the network in various centers, following the strict international protocol necessary to stop the incident and guarantee that the attack does not spread to centers that have not been directly affected. . Thus, after two weeks, only a quarter of the 121 CSIC research institutes distributed throughout Spain have an Internet connection, a telephone connection and electricity. The rest have not yet appreciated the restoration of the system and continue to have problems in being able to carry out their research activity in the laboratories. However, there are centers that have not even noticed the failure of the network. This is the case of the Oceanographic Center of the Canary Islands, of the Spanish Institute of Oceanography (IEO) – also attached to the CSIC – which claims not to have had any difficulties derived from the Russian cyberattack
The ransomware-type cyberattack – data kidnapping – was detected on July 18 and the protocol marked by the Cybersecurity Operations Center (COCS) and the National Cryptology Center (CCN) was immediately activated.
This attack is similar to that suffered by other research centers such as the Max Planck Institute or the United States National Aeronautics and Space Administration (NASA). In the absence of the final report of the investigation, the experts point out that, to date, no loss or kidnapping of sensitive or confidential information has been detected.
The Council has multiple security mechanisms that prevent more than 260,000 registered attacks daily, but with this latest scare they have also decided to strengthen their protection shields. Its new antiviruses are based on big data technology, which gives them greater “intelligence” and robustness in the event of receiving large-scale attacks. Connections with the central body will be completely reopened when all the computers integrated into the CSIC network install this new antivirus.