The websites of SIC, the Expresso newspaper and Blitz have been attacked by a group of hackers, known as the Lapsus Group, who demand a ransom to unblock access.

“The data will be leaked if the required amount is not paid. We have access to cloud panels (AWS) among other types of devices. The contact for redemption is below”, this is the message that appears when trying to access the Jornal Expresso or SIC.pt website. On the group's other sites, such as SIC Notícias or Blitz, a message appears saying that it is not possible to access the website.

Meanwhile, the Expresso Twitter page was also taken over by the group in question, which published a Telegram link with the caption «Lapsus$ is officially the new president of Portugal».

The Impresa group has already confirmed that the Expresso and SIC websites, as well as some of their pages on social networks, are temporarily unavailable.

Some of the eStrongstep cybersecurity experts claim that:

“Given the increase in cyberattacks and phishing worldwide, ISO 27001 allows your organization to analyze the vulnerabilities that you have in your company, assets and teams and to continually prepare for existing and emerging threats. continuously". 

“It is important to carry out a risk assessment of each process carried out in the organization, so that measures can be taken later to mitigate this risk for information security and personal data protection.”

What to do if your business suffers a cyberattack?

1 - Problem verification/investigation

It is essential to understand the source of the attack, identify the affected systems and the consequences of this situation. A specialist forensic team should be involved to initiate the investigation process.

2 - Problem Communication

Problem communication should be done in two phases. In a first stage, at an internal level, that is, we must inform the company's employees and, in a second stage, if the incident results in a breach of personal data, the company must notify the supervisory authority without undue delay and, at the latest, , within 72 hours after becoming aware of the violation, in addition to which you will also have to inform customers, suppliers and, if necessary, the general public, through a press release, for example.

3 - Data Protection/Prevention

What measures should be taken to resolve the breach of security or minimize the impact of the breach on data subjects?

The organization must be able to regularly assess its level of internal security, through audits, define and implement security policies and make its employees aware of the issue of information security. It is also important that they adopt stronger passwords and multiple-factor authentication and that regularly carry out penetration tests to find out where vulnerabilities are on the network and whether intrusions can be detected.

Strongstep has a set of cybersecurity experts ready to ensure your company's success in improvement and certification activities. Contact our team.