clic para version en español

 ¿Cyber-attack in Colombia, who is responsible for the information?

¿Cyber-attack in Colombia, who is responsible for the information?
Origin: Germán Realpe
Published: 2023-10-05

As John Chambers, former CEO of Cisco, said, “There are two types of companies: those that have been hacked and those that don't know they have been hacked.” This statement has never been stronger in Colombia than on September 12, 2023, when the country woke up to the digital chaos of an unprecedented cyberattack that left more than 70 digital services of the national government and several private entities offline.


What initially appeared to be a technical inconvenience quickly turned out to be a sophisticated and devastating cyber operation, exposing the vulnerability of our digital infrastructure.


The worrying issue for various people who work in cybersecurity was the poor communication of the incident by the provider IFX Networks, which published a statement that did not give many clues.


The government acted correctly by convening cybersecurity capabilities, including the support of the Colombian Cyber Emergency Response Group (COLCERT) and the Computer Emergency Response Team (CSIRT) associated with the Presidency, as the creation of a PMU (Unified Command Post), with different actors including MINTIC.


Identification of the adversary


Three days later, on September 15, COLCERT and CSIRT Presidency issued an official statement, called the context of the incident. The diagnosis: a ransomware known as MarioLocker. This threat was not unknown in the world of cybersecurity. With more than 459 incidents globally. «COLCERT, through its Cyber Threat Intelligence analysis, identified linked artifacts that indicate possible vulnerabilities that could be exploited by third parties. These vulnerabilities can affect devices and assets related to cloud resources, as Microsoft notes. The spread of the threat can impact services linked to information systems and remote connection tools in virtualized environments,” reads the report.


This already showed several issues: cybercriminals were able to take advantage of the vulnerabilities of virtualized environments, and strategically plan the cyberattack. Such as the lack of continuity strategy of public and private entities and the service provider. The damage is incalculable due to the lack of availability of information. This is the biggest 'scar' left by the crisis of recent weeks. All of this vital data is something that the government will have to identify, as many entities were unable to access the information for more than 8 days.


Establishing consequential damage and lost profits is presented as a monumental challenge, mainly because we do not have a precedent for an attack of this magnitude and nature.


Some causes behind the attack


Several factors contributed to the magnitude of this cyberattack. First, it is good to highlight something that has not been mentioned and that is that Colombia has had an MSPI model for years that includes documentation, standards and procedures on cybersecurity issues. Likewise, in the MSPI model, you can even find the incident report formats.


Saying that there are no processes and documents is false. The Colombian model is good in documentation, the problem is that controls failed in several processes.


Some of the causes of the attack can be reflected in topics such as:


1- Lack of backup copies and continuity strategy The resources were literally in the same place. This means that some entities do not have easy access to backup copies. The IFX Networks incident revealed a critical vulnerability in many entities' data backup strategy: all their data, including backups, was stored in the same cloud. This concentration of information at a single point of failure underscores the importance of diversifying storage and backup strategies to ensure business continuity in the face of attacks. The absence of simulation exercises was strongly manifested: the real attack became the crudest and most revealing simulation, evidencing failures in RPO (Recovery Point Objective) and RTO (Recovery Time Objective).


2- Prioritizing price over security In some cases the Colombia Compra Eficiente pricing framework clouds were purchased at a lower price, but not with better information security. It is worth reviewing the model in terms of cybersecurity; in the existing catalog, security should prevail rather than price.


3 –Vulnerability management Everything indicates that cybercriminals exploited a specific vulnerability related to virtualization in the IFX Networks infrastructure. This breach, apparently not properly managed, allowed unprecedented access to the systems, revealing a lack of proactive strategy in vulnerability management. Controls on cloud providers must be increasingly stricter and ethical hacking tests, vulnerability analysis and controls must be constantly demonstrated in all environments.


4 –Communication management During the incident, IFX Networks' communication processes left much to be desired. Despite the magnitude of the attack and the implications for numerous entities, the information provided was scarce and, at times, late. It was not until September 19 that clearer and more detailed statements about the situation began to emerge.


The lack of transparency and intermittency in the availability of its website in the previous days only intensified the uncertainty and concern among the affected entities and the general public. Timely and clear communication is essential in times of crisis, and in this case, a notable deficiency in that regard was evident. On September 21, 2023, the company reported that it had managed to restore services for 90% of its customers, with the expectation of a full recovery soon.


5 –The evolution of Ransomware Which has been evolving over the years, making its anatomy more and more specialized, cybercriminals could take advantage of vulnerabilities and achieve their objectives. According to reports from cybersecurity companies, such as Sophos, ransomware attacks are becoming increasingly specialized. In fact, in 76% of cases, cybercriminals manage to successfully encrypt their victims' data, evidencing a growing sophistication in their methods.


6 – The response and implications for the future Although the provider has announced the solution to the recent cyberattack, the outlook still presents uncertainty. Since September 18, the Ministry of Information and Communications Technologies (MinTIC) has expressed in different media its decision to take legal action, which predicts a period of analysis and possibly litigation. At the same time, authorities are increasing surveillance on the dark web, looking for signs of leaks that may be linked to the incident, but this is just beginning. Sometimes the information is leaked months later and the patience of a cybercriminal is their greatest virtue. It must be investigated with cyber intelligence and OSINT. This is what is coming in the next few days to establish if any type of information could have been exposed. It is good to establish whether IFX performed any computer forensics to establish all the context.


Likewise, it is not clear if the company had any type of insurance policy or what it is doing for the investigation process. Only IFX Networks and the cracker group truly know the depth of the access and what information was compromised. Time will undoubtedly reveal the truth.


At the end of the day, there are two types of companies: those that have been hacked and those that don't know it yet. But to this reality, we add a third type: those hacked that demonstrate capacity and resilience in their response.

How did you find this material?
How did you like this news?

me encanto el articulo de Mundo Video


I loved

me gusto el articulo de Mundo Video


I liked

no me gusto el articulo de Mundo Video


I dont liked

punto de venta online mundovideo

You can not leave without reading this news!

Online gaming in Chile cannot be the exception that is regulated. 

¿Cyber-attack in Colombia, who is responsible for the information?

The arrival of online casinos has meant a small revolution for many countries in the Latin American area, including Chile. Since we are talking about a sector that in these nations was not properly regulated, both operators and players have encountered certain problems when playing or developing their businesses, respectively.

Fortunately, in the case of Chile, the corresponding reaction has already taken place on the part of the government, with the development of the necessary regulation for this type of company.


One of the main problems that Chileans have when playing in a casino is that the legislation currently does not cover the activity of online casinos that operate within the country. This does not mean that they are illegal, since online gambling is not registered in the old laws that control this activity within the Nation, so their more specific situation would be that of legality. In other words, online gambling is not illegal, but it is not specifically recognized as legal either.


This little limbo in which online casinos in Chile are currently will come to an end once the Government approves the gambling law, which it has been working on for years. The problem is that, as they say, things in the palace go slowly and the Chilean Gambling Law has not been an exception.


In fact, the two laws that are currently aimed at regulating online gambling activity in Chile have not even reached the House of Representatives, but for now they are still hanging around in the corresponding commissions, which makes us think that they will probably still be approved.


is far away At least, it is true that for the moment the courts are respecting the operators that are acting within the situation of illegality discussed, as demonstrated by the responses to certain lawsuits imposed by the Chilean Charity Police against some online casino operators. Its dismissal is a sign that the arrival of online gambling and casinos in this country is already a reality that, as such, must be properly regulated.


The delay in the legislation is causing serious problems both for the development of the sector and for the State as far as tax collection is concerned. Since we are talking about an illegal sector, there are no specific data or records of its potential activity, but certain estimates made by the Government. According to these sources, the income of these rooms would be around 150 million dollars during the financial year 2023.


If we apply to these figures the tax burden that the current casino regulatory bill would be raising, the tax losses that Chile currently due to this lack can be around 60 million dollars over the current betting figures. And it is that this amount is the second aspect that we must consider.


According to various analysts, the legislation on gambling activity would imply doubling the income of online casinos in Chile, as greater marketing activity can be carried out and players have the necessary peace of mind regarding their bets. Something that would logically encourage the growth of the sector and in parallel the income obtained by the Government.


As the last aspect to be highlighted in terms of the tax burden and the potential income of the industry, it is also important to take into account that a legalization of the activity of the casinos would also increase the investments in marketing that the operators would make. Something that would mean a revitalization of the Chilean economy in this sector and would also allow the State to add even more income, apart from those obtained directly from the players.


And it is that the legislation establishes that those who are lucky in the casino must pay 15% of their earnings within their income tax. Another little extra to improve state revenue.


The Double-Edged Sword of Sports Betting. 

¿Cyber-attack in Colombia, who is responsible for the information?

In the US, though, what certainly appears to be the case is that mobile sports betting is gradually becoming a problem across multiple states and, even more concerning, the increasing links that this has to alcoholism and how this has the ability to spiral out of control, with no organizations put in place to help those who are most at risk.

There is a significant danger however, that when sports fans see athletes placing bets, (or being suspected of placing bets), it does little to deter them from doing it themselves - especially when some sports stars become the face of gambling brands as well. Indeed, since 2018, NFL revenue stands at $132 million as a direct result of gambling related sponsorships - a staggering increase on the previous figure of $35 million. It is the same for the NBA, MLB and NHL.


In many instances, it is being claimed that the legalization of sports betting has saved numerous franchises, because it has made games interesting again for viewers, allowing them to place bets - this interest in turn, having led to lucrative sponsorship deals with the sports betting operators. During live broadcasts, odds are openly discussed among analysts and commentators, aware of their audience and the possible ways in which what they are saying could be interpreted by young adults, especially under the influence of alcohol.


Ultimately, in the vast majority of countries in Europe, a professional athlete is prohibited from betting on his or her own sport. However, there have been numerous cases. Most recently, Italian soccer player Sandro Tonali transferred from AC Milan (Italy) to Newcastle United (England) for approximately $80 million. However, merely a few weeks into his new employment, he was found guilty of breaching betting regulations in Italy, though the English Premier League decided to uphold the rules and agreed to the nine-month suspension from playing football.


Meanwhile, sports betting has become a major problem in society, especially in the UK, over the last two decades and has been the cause of many related issues, such as antisocial behavior, fraud, alcoholism, bankruptcy and homelessness.


In England, charities are set up to help members of society with gambling addiction, which have served as a big help to those who have been seriously affected by it.


What is clear is that sports betting is swiftly becoming a problem across the US, and, frighteningly, it is likely to be only the beginning, with nothing currently seemingly to be put in place to help prevent addiction.


Despite this, Bill Miller, President of the American Gaming Association, has been openly vocal regarding his doubts about gambling addiction in the US, though based on the figures that are being generated, it does leave his statement open to interpretation: “I don’t believe that there is an addiction to mobile betting any more than there is an addiction to utilization of your phone for any other reason.”


Religious mobilization against casinos was of no use, Brazil goes ahead with gambling and Lula has a test by Fire. 

¿Cyber-attack in Colombia, who is responsible for the information?

On the eve of the vote, the mobile phones of several parliamentarians were bombarded with a video of Pastor Silas Malafaia. He called on evangelicals to put pressure on CCJ members, stating that “two-thirds of these senators will vote for re-election in 2026” and threatening to denounce anyone who voted in favor of the project in the elections.



The CNBB (National Conference of Brazilian Bishops) also joined the discussion by sending a public note to Catholic senators. Thus, the note warned about the moral and social damage of betting. On the morning of the vote, Senator Eduardo Girão's (Novo-CE) office mapped the votes and concluded that there was enough support to block the proposal. Girão, one of the opposition leaders, quickly withdrew his request to postpone the vote. He stated that it was necessary to make it clear to society how each senator thought about the issue.


Then, senators who previously supported the release of the games, such as Eduardo Braga (MDB-AM) and Rogério Carvalho (PT-SE), began to ask for the result to be postponed. According to Senator Carlos Viana (Vamos-MG), the parliamentarians realized that they “will lose” if they vote in favor.


It was Lula who ended bingo in Brazil [in 2004, after suspicions of corruption]. If there is any ethics left in this government, let it show it now."


The project has been discussed in the National Congress for more than 30 years. Despite attempts to move forward, the opposition of the evangelical group and conservative sectors has always been an obstacle. But, in recent years, the international lobby has grown and become stronger, promising investments of billions of dollars. MultigameLINK At that time tax collection began to be attractive.


The current text allows the creation of casinos integrated into leisure complexes, such as hotels, shopping centers and restaurants. The proposal authorizes up to three tourist casinos per state, depending on the population and territorial area. But only São Paulo, with more than 25 million inhabitants, could install three resort casinos. Minas Gerais and Rio de Janeiro, with populations between 15 and 25 million, could have two casinos each. Amazonas and Pará, except for territories with more than 1 million km², could also have two casinos each.


The other states and the Federal District would have the right to one casino-resort each. Therefore, if approved, the proposal would legalize gambling, limiting the installation of one for every 700,000 inhabitants per state. Rio de Janeiro, with 16 million inhabitants, could open up to 22 gaming establishments.


The bingo houses would operate in physical, electronic and video bingo formats, the latter being limited to 400 machines per establishment.


The accreditation limit will be one bingo house per 150 thousand inhabitants per city. While territorial betting establishments could also operate bingos and video bingos. Given the uncertainty of the scenario, two government senators stated that the Lula (PT) government must define a position on the proposal. “The PT was always against it. It was Lula who ended bingo in Brazil [in 2004, after suspicions of corruption]. If there is any ethics left in this government, let it show it now,” said Girão, the senators demand the government's position on casinos

Sports betting the worst has already begun 

¿Cyber-attack in Colombia, who is responsible for the information?

Sports betting, suspended soccer players and teams, rigged championships, scandals the order of the day are the daily news lately. In Chile and other countries in the world, the sponsorship of teams by betting houses is distrusted, because it is not entirely unusual to think that some ally with each other and end up favoring a particular bet.


In Europe, especially in Spain, match-fixing is fought by small clubs that have been discovered and where one or two players have finally been personally punished, which is not a deterrent to prevent Premier League matches from being fixed. league.


For its part, the Bundesliga is doing everything in its power and knowledge to closely follow the matches, with a very restricted regulation of sports betting but which does not guarantee full transparency of the results.


But not only he soccer; A few weeks ago, tennis player Younes Rachidi was banned for life for allowing himself to be beaten at will and collecting betting dividends. Bárbara Gatica Avilés Chilean tennis player suspended 3 years; Premier League top scorer Ivan Toney is facing a ban for illegal betting… and the list goes on. In Colombia we are not the exception and Llaneros has been accused of a shameless arrangement to favor a result.


In a column published by Dr. Hernán Peláez, he commented: Thank goodness here, Coljuegos gives a license to betting houses. But I don't know if it monitors the exercise and the yields of these operations and health aid are publicly known —and should be— and education. Or does anyone know? to get out of my ignorance.


I answer: if Coljuegos does financial monitoring BUT it is time for Coljuegos to start a crusade in pursuit of Fair Play and be the guarantor of fair play and prevent soccer from being used to launder money through betting; His function, among others, is control, not just the collection of money; he has to see where he comes from, and that is the task he must take on.


Evert Montero and his self-regulation strategy in the game. 

¿Cyber-attack in Colombia, who is responsible for the information?

What do you mean by the need to have adequate communication and strategy by industry operators?


It is about strategies not focusing only on the brand, a product, or a particular company. Obviously, that is part of the development of the industry, of the individuality that you must have as a brand, but when I talk about strategy it has to do with a much broader 360, where you really consider all the variables that affect the industry in general, not just something. So, I invite companies to get together, review how they are investing, because you also must invest in advertising, in marketing, in all these issues, but also in relationships, in image, in industry positioning.


Why do you consider it necessary to have a relationship with the industries associated with gaming?


We must be much more open. Our relationship must go a little beyond what the activity of games of luck and chance is, we must have a much broader panorama and see who is involved due to some circumstance or another, not only from the sector. In the case of Colombia, we have to look at the State, the Government, the Legislative Branch, in the private sector, the banking sector, the insurer, the control bodies. The different sectors, because the regulator one knows controls it, regulates it and works with the development of the activity, but there are many other instances in which we must participate and participate in spaces where the message of the industry can be taken to another level.


Recently, he had a meeting with the Colombian Banking Association. What can you tell us about that meeting? This activity, I don't know if in the world, but in many countries, there is resistance to the banking sector, and we have to see how we show them how we give them the guarantees so that they open the door to the sector in a broader way.


What did the “self-regulation” project presented by Fecoljuegos consist of?


Our responsibility is not to stay and see how they regulate us and in what way, whoever is going to regulate us, be it the State, the government, the regulator, whatever body it may be. We have to be proactive and in the case of Fecoljuegos we work on the issue of self-regulation, with the media with how the excess and advertising of online platforms is affecting spaces that should be familiar and where there are children, how we should invest not so much money in advertising but in other types of social issues, generating different options so that there is peace of mind for the public around the issue of inviting people to bet.


We put all these issues into a code, we hired a larger self-regulation company in Colombia, and they created a code in which we built with the operators and businessmen some rules where one adjusts to having certain considerations to respect family schedules, which in all the sites do not have betting information, there are alerts so that it is done responsibly. Basically, it is a code focused on social responsibility and responsible gaming. Here I also call for control of illegality, which is a great risk that the industry has.

Soldardura SMD MundoVideo
Santa Marta and its Casinos are pioneers in "Responsible Gambling"
In the city of Santa Marta -Colombia- there was a great void and confusion regarding the p...
After 12% in tax, responsible gambling focus of Colombia
In the framework of the international day of responsible gambling, a discussion was held o...
¿Cyber-attack in Colombia, who is responsible for the information?
As John Chambers, former CEO of Cisco, said, “There are two types of companies: thos...
American Gaming Association AGA, first time ever that new code of conduct for responsible gaming includes online gaming
The AGA Code of Conduct for Responsible Gaming was originally created in 2003, and since t...
North Korean hackers were responsible for the theft of $41 million in cryptocurrency from
North Korean hackers made off with nearly $41 million worth of cryptocurrencies from an on...
Spain in the obligation of creating a new board for responsible online gambling
Spain’s official regulatory body, the “Dirección General de Ordenaci&oa...
Tomorrow Coljuegos starts with Responsible gambling project
For April 14, Coljuegos invites all members of the academic and information sector to make...

(57​​1) 7568829 - 3606414 - 3606415 FAX (57 1)​ ​3605027


Bogotá / Medellín / Cali / Pereira / Barranquilla

Welcome to Mundo Video Corporation
Design & Dev by