Blackbill: Cyberas hypothesis is almost ignored. But there are still doubts – the internet

A week later A blackout It is described as one of the largest electrical system failures in Europe And, in Portugal, left millions of people without electricity for about 10 hours, The reason for this incident is still being investigated, but the possibility of a cyberratoke that is considered initially has now been almost eliminated.

First, the Help Minister and Territorial Coordinating Manual Castro Almida was admitted that it was blackout It can be caused by cyberers. “This is likely, but it is not verified” he replied in ads to RTP 3. Lack of confirmation of what is happening, doubts have Avolum, and rumors are raging online, and get another dimension.

Runned fake information in messages such as social networks and WhatsApp Blackout is due to Russian Cyberotake, Ursula Van Der Leen or CNN International Polygraph reported.

But a few hours after the start of the blackout, the first nominations began to fail in the power grid due to computer attack. In Portugal, The National Cyber ​​Seberculture Center (CNCS) has so far announced There are no evidence They refer to CyberatokeAlso warning of false information about those who are successful.

Theresa Ribera, The European Commission said there was no proof of executive vice president, cybersi Heavy cutting on power supply on the Iberian peninsula, a Information is confirmed by the European Agency for Network and Information Security (Enisa).

Under ads In BloombergAlthough a European Agency representative has carefully analyzed the case, The first investigations of technical failure than computer attack.

Day after blackout, The Electric Red of Spain (REE) is a company that operates the country’s power grid, Ignored the hypothesis of cyberers At the source of the event. However, the The Spanish National Court has begun A preliminary investigation to find out if this opportunity can really be ignored.

Can cybership cause blackout?

The hypothesis of Cyberheark is now, almost ignored by effective authorities, The case raises important questions. For example, what happened in the computer attack in Portugal and Spain causes a large -scale blackout?

AO SAPO tek, The official source of CNCs It begins by strengthening in the event of “overseeing the failure of the National Electricity Grid”, which has been a close support with national authorities and European colleagues since this event took place. There is no evidence to detect its source in cyber.

Entity highlights “There is a permanent conversation between CNCs and complex infrastructure operatorsIt aims to improve the cyber-resulsion of the fuel sector, by sharing knowledge and cyber security indicators, through their threats, vulnerability and spread of events. ”

In relation to attacks that cause wide range of disruptions in the National Electric Grid, CNCS explains, “The effect of potential cyberatines on a wide power network depends on the network attack vector and its interconnections”.

“Still, and in the face of the experience of some opponents such as Ukraine, We consider malware with a destructive letter, usually designated by wipers, with a more harmful effect on any mixed network IT/OTDue to the level of difficulties relating to data restoration, ”he explained.

Critical infrastructure has become the target of cybercrimals, in particular, for those with the country’s support. To sapo tek, formal source The Czech Point Software resembles, for example, the case of attacking Ukraine, in 2015The residents of Kiev were left without electricity. In this case, the attack was attributed to the Russian cybermilitating intelligence unit known as Sandworm.

Bruno Castro, Specialist in CEO and Cyber ​​Security and Forensic Analysis of VisionwareAlso represents the same case, highlighting what is given to its features, If modern electrical networks management systems are not protected properly, cybernetic cybert can be harmful.

In addition to Malware, as in the case of Ukraine in 2015, Guardian details, There are many attack vectors by cybercrimans to compromise the critical infrastructure operation As a power network.

Here, for example, Fishing spear campaigns To steal sensitive data and access systems, as well as Search for vulnerability In an industrial environment, without forgetting Attacks on third companies with connections to network operators.

Rumors of Dark Web and Social Networks

Last week, CPC Initiative: Citizens for Cyber ​​Security Given the account Of Advertising on Dark Web, which provides access to complex infrastructure in Mexico, published a few hours after the European event. Although it suggests that there is no public data to confirm this direct connection, the initiative says that the hypothesis cannot be dismissed without a forensic investigation. “

In addition to a statement on the Dark Web, two groups of cybercriminals with a pro -Russian affiliation, CPC pointed out, Dark Storm Team e Nonam 057 (16)Will be Mentioned in publicBy social network x and telegram, Blackout is responsible.

To Tek SAPO, CNCS refers to, “By Cert.Pt, Groups have identified and analyzed the allegations made by the Dark Storm Team and Nonam 057 (16)It has a history of attacks in the past year, almost always rejecting the service, which is unlikely to cause an event that caused the power failure. ” “CNCs have yet to exclude any reason for failing to provide power supply”Emphasizes the entity.

Bruno Castro already says, on the Visionware side “At this point, there is no definite technical evidence to establish a direct relationship between the identified statement and blackout affected by Portugal and Spain”. “Although temporary proximity can increase correlation hypotheses, It is essential to emphasize that the correlation does not indicate the cause”He said.

The officer indicates that the scenario is complex, “This is required Forensic analysis and cooperation between national and international organizations to ensure any connection“.” Therefore, taking lessons at this stage will be premature, ”he said.

The company has found it, although it does not recognize any statement directly related to Portuguese or Spanish entities, which are clearly associated with blackout “Many forums and channels on the telegram have increased their activities, with indirect mention of the program, which is very common after events with this load and media visibility.”.

The official stated that the Dark Storm Team and the Nonam 057 (16) are aware of the alleged arguments of the group, “it is also analyzed in the widespread context of its known activity.” According to Bruno Castro, Both groups “Although they have no direct involvement, there are an unknown and opportunistic suit campaigns of great impact events.”

In the eyes of the CEO of the Visionware, The most acceptable hypothesis is that these groups are aimed at “to extend the perception of energy and cause instability.”Taking advantage of the media coverage of the event. “Of course, all opportunities in research have been considered, but so far, there is no technical evidence to confirm the author of these events by these groups,” he said.

Prepare the worst scenario

In the case of What policies are the operators responsible for power management and distribution in Portugal? However NIS2 DirectiveIt brings new responsibilities to companies, still in the process of transferring to the national context, CNCS stated “The current legal governance of cyberspace security, complex infrastructure operators claim that the new European command will be adopted.”.

They are counting on them Actions related to “notification of events with” relevant or significant impact”But Risk analysis “In relation to all assets, all assets that confirm the continuation of the performance of the networks and information systems used by such operators” And execute Correct security measuresAs provided in the national reference frame of the legal governance of cyberspace security and cyber security.

Entity recalls Operators of critical infrastructure should also adopt CNCS regime and communication actionsIt has the status of permanent contact points and the status of responsible security, also includes listings and essentials of the required assets and prepares updated and annual reports, which should be sent to CNCs.

Bruno Castro has already emphasized, “Increasing dependence on digital systems in the management of the advanced increase and complex infrastructure of cyberers, Entities that cause power grid are essential to implement strong actions of cyber security”, Adding that events such as blackout can also be useful “As a strong warning to the reinforcement of cyberocyleans in the fuel sector”.