As reported by The Record, Vodafone Portugal said yesterday that a large chunk of its customer data services went offline overnight following “a deliberate and malicious cyberattack intended to cause damage and disruption.” The company’s 4G and 5G mobile networks, along with fixed voice, television, SMS, and voice/digital answering services all went offline following the attack. Vodafone is working to restore its services and also working with authorities to investigate the incident.
As Vodafone Portugal continues its investigation into the recent cyberattack on its network, there is a story within the story as customer data appears to be uncompromised, but services have been disrupted. In the coming days, we may learn more about whether or not the telecommunications giant suffered a ransomware attack. Lost quickly in the hustle and bustle of the constant barrage of cyberattacks against critical infrastructure providers in Portugal and other European countries is that two of Portugal\’s largest media companies have yet to fully recover from the cyberattacks they suffered more than one month ago. Those cyberattacks are a reminder of the damage determined and persistent threat groups can cause for the vast majority of organisations today, including the media giant Impresa.
Today, asymmetry in cyber conflict favours attackers and, so far, the attackers are getting more effective at a faster rate than defenders are. This is not cause for despair, but it is a wake-up call for innovation and to find new methods of working together and of countering them. There is a call to arms to all of us to protect the connected world and to reverse this trend. There are ways to be safe and to boost our mutual protection, but simply doing more of the same is a recipe for disaster. Defenders have the most demanding job in cybersecurity and by working daily with security professionals at organisations around the world, we are putting cyber gangs on notice that their next cyberattack will be their last.
Communications are one of the 16 components of the US CISA Critical Infrastructure component – sectors identified as crucial to operations of a functional modern society. An attack on any of these sectors is an attack on the country itself. The methods and operations of this attack must be analyzed, quantified and the mitigation must be communicated and repeated to other communication enterprises. The attackers are looking for any and all vulnerabilities and the seriousness of the events cannot be underestimated.
Technology is a double-edged sword. We love it when it works, and literally can\’t live without it in other situations. The latest attack on Vodafone Portugal is a prime example of the serious impact (potentially life threatening) the loss of technology can have when it\’s disrupted.
While the details of the attack remain largely unknown, the downstream effects of losing the ability to communicate is crippling. The need for resiliency, especially for critical infrastructure, cannot be overstated. Building in redundancy and having the ability to fail over to alternate systems is an absolute must.
As painful as this attack must be for Vodafone, one can only hope a series of lessons learned will be made and potentially shared with others to avoid a similar situation.
Taking down Vodafone’s 4G and 5G network is no simple feat; it would have taken immense planning and sophistication to operate something on this scale. This attack will have not only impacted businesses on a wide scale, but it also suddenly places a threat on the 4G and 5G networks which have until now held a high degree of public confidence. Being able to cause disruption at this level highlights the level of complexity that threat actors are working on, showing that businesses remain behind the everchanging threat landscape curve.