Several Costa Rican public institutions take extreme measures to avoid being victims of a cyberattack that compromises their systems and puts sensitive information of the entity and its users at risk.
This past Monday, the Ministry of Finance reported that its tax administration (ATV) and customs (TICA) platforms were out of service after a cyberattack. A group of hackers called Conti claimed responsibility for the hit, claiming to have stolen a terabyte (TB) of data. For it, they asked for a ransom of $10 million (about ¢6,500 million).
The incident caused a serious affectation, not only for the payment of taxes, but also in the import procedures and in the request for certifications in the Public Registry.
The Ministry of Science and Technology also suffered an attack on its page, and it is out of service. The fact would also be attributed to Conti.Other institutions were also affected, so most of them went on high alert to protect their systems.
What can Tico institutions do?
The National Insurance Institute (INS) responded that it has infrastructure and a series of measures to prevent and counteract this type of attack. However, it still takes action as a result of the events in the Treasury.
“Technological efforts have been redoubled according to our preventive protocols, and also at the organizational level to remind our collaborators of their responsibility in preventing cyberattacks,” said the insurance company.
For its part, the Costa Rican Social Security Fund (CCSS) recognized “publications of unknown origin” on its Twitter profile, but ruled out any involvement of financial platforms or the Unique Digital Health File (EDUS).
“The Technology Directorate and the Computer Management Centers of the CCSS remain on alert in the face of this situation and issued a series of recommendations to local levels and officials to double efforts in cybersecurity,” the institution said.
The page of the Mixed Institute of Social Assistance (IMAS) was deactivated “preventively”. This medium tried to find out more details about a possible impact on this platform, but the queries were not answered.
“Preventively and temporarily and due to alerts and incidents that have affected other public institutions, this official IMAS page has been disabled,” reads when entering www.imas.go.cr.
For its part, the Costa Rican Institute of Electricity (ICE) reinforced the surveillance of its systems. So far, it has not registered any affectation, according to the press office of said entity.
The National Meteorological Institute (IMN) investigates an alleged theft of emails that Conti claimed.“Regarding the possible hacking in the IMN we are verifying and as soon as we have information we will share it with you”, is the only information that the unit has issued so far.
In the eye of concern are the state financial entities, whose pages have sensitive data such as access codes for bank accounts.The National Bank ensures that it takes into consideration a series of defense tools for this type of threat.
“It should be noted that this model of the National Bank considers the prevention of attacks continuously, and therefore, all information related to threats associated with the financial, regional or government sector, is a natural input,” said the entity after the consultation made hereby.
Although, at the moment, its services work normally, at the moment it is not possible to carry out the tax payment process because the Treasury page is out of service.
The Bank of Costa Rica (BCR) indicated that it remains “attentive, alert and in a situation of permanent monitoring in all its various channels and digital services.”The entity stated that there is no affectation of the State services that it offers through its offices called Punto País. These operate normally, assured the BCR.
More resources need to be invested
Despite efforts to prevent these cyberattacks, the country has not made the necessary investments to protect critical technology infrastructure nationwide.This was stated by Mario Montero, president of the Chamber of Infocommunication and Technology (Infocom).
According to him, the electricity generation industry, telecommunications facilities, systems inherent to health centers, as well as ports and airports, are being put at risk.
For Montero, among the lessons learned, the country must have an orchestrating entity that can centrally and efficiently coordinate a strategy to be applied to the IT security infrastructure and security management processes, in order to reduce materialization of cyber attacks.
On the other hand, any organization or company would be very vulnerable if it lacks a robust cyber-protection ecosystem, specified Diego González, Cybersecurity coordinator of the Chamber of Information and Communication Technologies (Camtic).He added that there must be policies, protocols and good practices in cybersecurity that institutions are supposed to have implemented.
The President of the Republic Carlos Alvarado instructed the creation of a situation room to find a way out for the hacking of government systems.The Presidential office confirmed that said commission will be made up of the authorities of the Ministry of Science, Innovation, Technology and Telecommunications (Micitt), Directorate of Security and Intelligence (DIS), as well as the Ministries of Public Security, Finance, Presidency, and Communication, which will be in permanent coordination work.
“A series of key actions have been defined. On the one hand, with institutional links, and on the other, working with friendly organizations and countries that can provide collaboration to the country. As well as reinforcing security measures at the institutional level,” said GeaninaDinarte, Minister of the Presidency.
The Treasury also pointed out that an in-depth analysis is carried out with the support of the Microsoft Detection and Response Team and the security team hired by the Ministry for the evaluation and monitoring of events.