EC condemns ‘unacceptable’ cyber-attacks

  • Lusa
  • 11 February 2022

The position comes days after the operator Vodafone was the target of a cyber-attack.

The European Commission told Lusa on Friday that it “strongly condemned” the recent and “unacceptable” cyber-attacks on various entities in Portugal, revealing it was in contact with the Portuguese authorities “to understand better” the magnitude and impact of these incidents.

“We have seen the news. We are aware of several recent cyber incidents in Portugal and have been closely monitoring the situation, together with the Computer Security Incident Response Teams Network [CSIRT],” said an official source of the European Commission in a written reply sent to Lusa.

When asked by Lusa about the consecutive cyber-attacks on Portuguese entities, such as the operator Vodafone, the media groups Impresa and Cofina and the Germano de Sousa laboratories, the same source added: “We strongly condemn these cyberattacks, which are unacceptable”.

“We are also in contact with the Portuguese authorities to better understand their magnitude and impact,” he added, stressing that the European Commission is  “available to help in case of need”.

On Thursday, the European Union Agency for Cybersecurity (ENISA) told Lusa it was “closely monitoring” the recent cyberattacks in Portugal and providing support to the Portuguese emergency response team that is a member of the European network.

This is today highlighted by the EU executive, which told Lusa that ENISA “has been in contact with the Portuguese Computer Security Incident Response Team, which is a member of CSIRT”, explaining that this network “provides a platform for members to cooperate, exchange information and build trust”.

Data from ENISA sent to Lusa revealed that cyber incidents with significant impact on critical sectors – such as media – have increased by 72% in recent years, with a general upward trend in all areas, with a sharp rise in ransomware.

“We are concerned about the increasing number of malicious cyber activities at global level, which is one of the top 15 threats against European citizens, according to ENISA,” the European Commission told Lusa.

Stressing that “cybersecurity is a top priority”, the Community executive also recalled several EU rules to ensure security in this area, such as the Directive on a common level of network and information security, the Cybersecurity Act and the European Electronic Communications Code.

At the EU level, there is also ENISA to provide support to member states, and a European Cybercrime Centre integrated into Europol (EU police).

In addition, in December 2020, the European Commission proposed a new EU cybersecurity strategy and new rules to increase the resilience of critical physical and digital entities, with the institution now calling, in its response to Lusa, for the “swift adoption” of the revised Directive by the co-legislators to “better prevent and respond effectively to cyberattacks”.

The position comes days after the operator Vodafone was the target of a cyber-attack.

As well as the cyber-attack on Vodafone Portugal, the websites of media group Cofina (Record, Correio da Manhã, CMTV, Sábado and Jornal de Negócios) and the Impresa group (which owns SIC and Expresso), as well as the website of the Portuguese Parliament, have also recently been the targets of a cyber-attack.

The Judiciary Police is investigating these attacks.

Also on Thursday, the Germano de Sousa Laboratory Medicine Centre were the target of a cyber-attack.