Spain is the favorite caramel of hackers

Spain already has the third most attacked domain in the world, the .es. It only has a .com and .ru, a fact accompanied by reports that suggest that cybersecurity incidents 64% have increased in the country Regarding the previous year. A situation that It does not improve despite the response of Europe And that raises an immediate question: what does Spain have to be so sweet?

And one more. Cofensecompany specialized in defense against phishing, has detected a increase of up to 19 times more attacks on domains. in the period between the last quarter of 2024 and the first of 2025. 99% of these attacks focused on phishing. The other 1% went to distribute different remote access Trojans.

The method. The growing attacks on addresses. They use one of the simplest methods to infect a computer: email. Simulating Microsoft addresses.

From these C2 servers (Command & Control) the attackers can send personalized commands to the computer. In other words:

• Capture the screen
• Register what you write
• Activate or deactivate the camera and microphone of the PC
• Access PC files

Why Spain. Spain is one of the whites more attractive in the world for cybercriminals. Experts like Francisco Valencia, director of Hackrisk.io, points to several reasons for this to happen.

• Strong international presence of Spanish companies.
• Geographic position as a bridge between Europe and America (submarine cables such as Marea, Grace Hopper)
• Changes in the global context after Brexit and deviation of attention to countries such as the United Kingdom.

They are not the only suspects. The rapid digitalization of companies after the arrival of European funds The attack radius increasedweaknesses in small and medium enterprises, and a public administration exposed to vulnerabilitiesand geopolitical interest in the country make Spain The second objective with more cyber thrames detected globally.

The impact. Some of the cyber attacks received in recent weeks are making the Spanish administration itself, preventing access to the systems of some municipalities in the country, and having affected authorities such as CNMCeither national companies like Repsol and Telefónica.

Recent cases. While I write these lines, Spain is mired in two cyber attacks that have left KO the systems of two municipalities. The first is that of Melillawhich adds two weeks under an attack whose authorship a Russian group has been awarded, and the second one that of a small Alicante municipality that has suffered the same fate: Villajoyosa.

The answer. In May 2025, the Council of Ministers approved a package of 1,157 million euros To reinforce national cybersecurity, a budget distributed between defense, digital transformation and public function, interior and the Department of National Security.

The focus is being put also in processing the transposition of the NIS2 directives and the EU Regulation Dora. In other words, force the critical sectors of the country (energy, telecommunications, health, finance …) to notify cybersecurity incidents and implement more robust risk management systems.

At the moment, none of the efforts seems to be materializing in real improvements.

In Xataka | How to change all our passwords according to three cybersecurity experts