{"id":680,"date":"2022-09-27T02:31:26","date_gmt":"2022-09-27T02:31:26","guid":{"rendered":"https:\/\/grupotech.cl\/?p=680"},"modified":"2025-09-05T21:24:46","modified_gmt":"2025-09-05T21:24:46","slug":"octubre-el-mes-de-la-ciberinseguridad","status":"publish","type":"post","link":"https:\/\/grupotech.cl\/en\/blog\/octubre-el-mes-de-la-ciberinseguridad\/","title":{"rendered":"October: "CyberINsecurity month""},"content":{"rendered":"

published by\u00a0alexis fields
\n<\/strong>Managing Director | Grupotech<\/strong>
\nSeptember 27, 2022<\/p>\n

I am happy to start writing on the Grupotech blog on this date, after a full month of events related to Cybersecurity.<\/p>\n

This is not another post criticizing infrastructure or security policies like everyone else, I would like to be able to share a couple of experiences related to the main actors of this September, called the month of CyberINsecurity.<\/strong><\/p>\n

Joint Chiefs of Staff (EMCO)<\/strong><\/h4>\n

The email accounts of EMCO officials that were intervened are 162. In total, more than 400 thousand messages sent and received by those boxes were exposed between 2012 and May 2022, although most are concentrated from 2018 onwards. The information adds up to 340 gigabytes<\/i>. The metadata of the files indicates that the hack occurred between May 7 and May 16 of this year.<\/p>\n

The group of hackers behind Guacamaya said in a statement that the leaking of EMCO emails is the first step in an intervention called "Repressive Forces" and that it would include information from other Latin American countries. For the next few days they announced the publication of documents from the armed forces and police of Mexico, Peru, El Salvador and Colombia.<\/p>\n

Worrying.<\/p>\n

Power of attorney\u00a0<\/strong><\/h4>\n

I remember when I was 17 years old, I had just left high school after studying telecommunications, I stayed in a company that provided computer services for the Judiciary, my job was to direct the support team, making visits and preventive maintenance. At that time it caught my attention that they used McAfee as an antivirus, since according to me and my very short professional career, it was not one of the best solutions, in fact in forums like "Undetectables" and others related to Malware, they made fun of the poor system defense he represented.<\/p>\n

When I had opportunities to consult some people from the IT area of the PJUD about this, they told me that they were what they needed since they were required; "have an antivirus solution installed."<\/p>\n

A good listener few words.<\/p>\n

Falabella Bank<\/strong><\/h4>\n

We learned to live with a pandemic, a social crisis, economic crises, but today we practically live in a post-apocalyptic environment (if they have a Falabella bank account) I must say that I am from a generation that does not use coins, I practically only charge a card and mobile payment methods.<\/p>\n

Today, to buy I had to look in different corners of the house, coins, some change or something that would allow me to buy, to my surprise and uncertainty, my Falabella bank checking account had disappeared.<\/p>\n

I don't want to be exaggerated, but it gave me problems when carrying out at least 3 normal transactions, fortunately I always have some backup, but will it be too soon to deny some kind of Cyberattack on the bank?<\/p>\n

My conclusion is; We must analyze what the institutions today consider Cybersecurity, generate regulations and update the laws with more severe punishments, they really do not seem to have the expected effect and it is unfortunate in all existing aspects.<\/p>\n

I believe that there is greater importance when it comes to passing a control or a regulation, than a real spirit of protecting data, both internal, as well as that of customers and suppliers.<\/p>\n

When you allow obsolete equipment and ornamental antivirus to continue to exist after 17 years, we are not really complying with cybersecurity, rather we work on the opposite side.<\/p><\/blockquote>\n

As data, in Cut Security<\/a> we have a service which we call defense365<\/a>, this includes many protocols with which computers with Windows 7 should have been urgently patched, at least to have prevented the propagation of these types of attacks (the technical information of this attack can be found in a post from 2016 by googling: "How can they not hack my company").<\/p>","protected":false},"excerpt":{"rendered":"

Publicado por\u00a0Alexis Campos Director General | Grupotech 27 de Septiembre 2022 Me alegra iniciar escribiendo en el blog de Grupotech en esta fecha, tras un mes completo de eventos relacionados a la \u00a0Ciberseguridad. Este no es otro post criticando la infraestructura o las pol\u00edticas de seguridad como todos, quisiera poder compartir un par de experiencias relacionadas a los principales actores de este Septiembre, denominado el mes de la CiberINseguridad. Estado Mayor Conjunto (EMCO) Las cuentas de correos electr\u00f3nicos de funcionarios del EMCO que fueron intervenidas son 162. En total, se expusieron m\u00e1s de 400 mil mensajes enviados y recibidos por esas casillas entre 2012 y mayo de 2022, aunque la mayor\u00eda se concentran desde 2018 en adelante. La informaci\u00f3n suma 340 gigabytes. La metadata de los archivos indica que el hackeo se produjo entre el 7 y el 16 de mayo de este a\u00f1o. El grupo de hackers tras Guacamaya se\u00f1al\u00f3 a trav\u00e9s de un comunicado que la filtraci\u00f3n de los emails del EMCO es el primer paso de una intervenci\u00f3n que llam\u00f3 \u201cFuerzas represivas\u201d y que incluir\u00eda informaci\u00f3n de otros pa\u00edses latinoamericanos. Para los pr\u00f3ximos d\u00edas anunciaron la publicaci\u00f3n de documentos de las fuerzas armadas y polic\u00edas de M\u00e9xico, Per\u00fa, El Salvador y Colombia. Preocupante. Poder Judicial\u00a0 Recuerdo cuando ten\u00eda 17 a\u00f1os, acababa de salir del liceo tras haber estudiado telecomunicaciones, qued\u00e9 en una empresa prestadora de servicios inform\u00e1ticos para el Poder Judicial, mi labor, era dirigir al equipo de soporte realizando visitas y mantenciones preventivas. En ese tiempo me llamaba la atenci\u00f3n que utilizaran McAfee como antivirus, ya que seg\u00fan yo y mi muy corta carrera profesional, no era de las mejores soluciones, de hecho en foros como \u00abIndetectables\u00bb y otros relacionados al Malware, se burlaban del pobre sistema de defensa que representaba. Cuando tuve oportunidades de consultar por esto a algunas personas del \u00e1rea IT del PJUD, me dec\u00edan que eran lo que necesitaban ya que se les exig\u00eda; \u00abtener una soluci\u00f3n de antivirus instalada\u00bb. A buen entendedor, pocas palabras. Banco Falabella Aprendimos a convivir con una pandemia, una crisis social, crisis econ\u00f3micas, pero hoy vivimos pr\u00e1cticamente en un ambiente post apocal\u00edptico (si es que tienen cuenta en banco Falabella) debo decir que soy de una generaci\u00f3n que no usa monedas, pr\u00e1cticamente solo cargo una tarjeta y m\u00e9todos de pago a trav\u00e9s del celular. Hoy, para comprar tuve que buscar en diferentes rincones de la casa, monedas, alg\u00fan vuelto o algo que me permitiera comprar, para mi sorpresa e incertidumbre, mi cuenta corriente del banco Falabella hab\u00eda desaparecido. No quiero ser exagerado, pero me dio problemas al realizar por lo menos 3 transacciones normales, afortunadamente tengo siempre alg\u00fan respaldo, pero, \u00bfser\u00e1 muy pronto para negar alg\u00fan tipo de Ciberataque al banco?. Mi conclusi\u00f3n es; Debemos analizar lo que las instituciones hoy consideran Ciberseguridad, generar normativas y actualizar las leyes con castigos m\u00e1s severos, realmente no parecen tener el efecto esperado y es lamentable en todos los aspectos existentes. Creo que existe una mayor importancia a la hora de pasar un control o una normativa, que un esp\u00edritu real de proteger los datos, tanto internos, como de clientes y proveedores. Cuando permites que tras 17 a\u00f1os sigan existiendo equipos obsoletos y antivirus de adorno, realmente no estamos cumpliendo con la ciberseguridad, m\u00e1s bien trabajamos del lado contrario. Como dato, en Cut Security contamos con un servicio el cual llamamos Defense365, este incluye muchas protocolos con las cuales de manera urgente, se debieron haber parchados los equipos con Windows 7, al menos para haber evitado la propagaci\u00f3n de estos tipos de ataques (la informaci\u00f3n t\u00e9cnica de ese ataque puede encontrarlas en post del a\u00f1o 2016 googleando: \u00abComo no podr\u00e1n hackear mi empresa\u00bb).<\/p>","protected":false},"author":3,"featured_media":681,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_joinchat":[],"footnotes":""},"categories":[7],"tags":[10,8,9],"class_list":["post-680","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cut-security","tag-chile","tag-ciberseguridad","tag-hacking"],"_links":{"self":[{"href":"https:\/\/grupotech.cl\/en\/wp-json\/wp\/v2\/posts\/680","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/grupotech.cl\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/grupotech.cl\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/grupotech.cl\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/grupotech.cl\/en\/wp-json\/wp\/v2\/comments?post=680"}],"version-history":[{"count":5,"href":"https:\/\/grupotech.cl\/en\/wp-json\/wp\/v2\/posts\/680\/revisions"}],"predecessor-version":[{"id":695,"href":"https:\/\/grupotech.cl\/en\/wp-json\/wp\/v2\/posts\/680\/revisions\/695"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/grupotech.cl\/en\/wp-json\/wp\/v2\/media\/681"}],"wp:attachment":[{"href":"https:\/\/grupotech.cl\/en\/wp-json\/wp\/v2\/media?parent=680"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/grupotech.cl\/en\/wp-json\/wp\/v2\/categories?post=680"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/grupotech.cl\/en\/wp-json\/wp\/v2\/tags?post=680"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}