Although at the moment there is no official information, as we can read by social networksIt seems that a Phishing attack against Telefónica has managed to sneak a virus, yet to be identified, into the network that is causing havoc. This malware is causing many of the employees’ computers to be giving all kinds of errors (blue screens) and may even be encrypting the data on the hard drives (ransomware) of all the computers.
From Telefónica there is talk of thousands of infected computers, so the company is ordering all workers to turn off the computers to prevent the infection from continuing to spread over the network. The problem is at the national level and does not affect only the headquarters, but affects all national subsidiaries.
Although at the moment only the infection of the Telefónica network has been confirmed, there is talk that the networks of Vodafone and BBVA could also be infected, as well as other companies that, little by little, are coming to light.
Users are not in danger
As we have said, the infection is located within the internal networks of the companies. Although the type of malware and how it works have not yet been identified, it is most likely that it will not get out of the internal network, so users are not in danger of being infected or the Internet access service will be cut off.
In the case of BBVA, the result is the same, since it is a centralized computer attack in the branches, the safest thing is that it does not affect online banking, although, as a precaution, we would prefer not to use this service, at least until that more details can be known about it.
We will update the article when we learn more about what is probably the most serious cyber attack so far this year.
Telefónica has just sent its workers home. The attack is very serious and it will be very difficult to mitigate it. The attack appears to have also exploited an unresolved Zero-Day vulnerability in Windows.
Since BBVA They seem to ensure that, although they have been the targets of the attack, their firewalls have blocked it and they have not ended up infected.
At first it was believed that other companies, such as Capgemini, They had also been attacked, but ultimately these companies have not suffered this cyber attack.
Banco Popular may also be infected.
Iberdrola and Gas Natural Fenosa have also confirmed to be affected by the attack.
The cyber attack is believed to be of Chinese origin, and is concealed as a fake Windows update.
Telefónica’s internal sources claim to have already controlled the computer attack. The scope, finally, seems to have not been as wide as was initially assured. Hackers have exploited a serious security flaw in Windows 10 and, when there were more computers and virtual machines connected at the same time, they have launched the attack against large companies.
The computer attack was carried out through a vulnerability in the Windows 10 SMB protocol. Microsoft patched this vulnerability last March, so if Windows is up to date there is no danger. If we use a Windows without updating we can be in danger.
– Chema Alonso (@chemaalonso) May 12, 2017