Cyberattacks on Spanish municipalities: what has happened and why is it an alert for the local administration

In recent weeks there have been several cyberattacks on Spanish municipalities, affecting local corporations in different parts of the country. Incidents such as those recorded in Adeje, Beniel or Motril have not only caused operational interruptions, but have refocused on a worrying reality: the enterprise IT security and public remains a weak point in many local administrations.

This article analyzes what is known about these incidents, why municipalities have become a recurring target, and what strategic lessons public entities should learn to reduce the risk of a security breach.

‍

What is known about cyberattacks on city councils?

Although each case presents peculiarities, the attacks recorded during this month share a common pattern: affect key internal systems and require emergency measures to be activated to maintain administrative activity.

In the case of Adeje, the incident focused on the Municipal website, which was temporarily out of service after unauthorized access was detected. According to published information, critical systems and the electronic office were not compromised, and services were restored after implementing containment measures.

More serious was the situation in Beniel (Murcia), where the Computer attack blocked municipal systems, forcing employees to temporarily return to using paper in order to continue providing basic services. These types of scenarios highlight the real impact that a security breach can have on an administration's daily life.

In Motril (Granada), the incident was related to commitment of a corporate email account, from which messages containing malware were sent. Although an exfiltration of data has not been confirmed, the attack forced credentials to be reinforced and internal protocols reviewed to prevent further spread.

‍

Why local government has become a goal

City councils manage Sensitive citizen information, suppliers and employees, in addition to providing essential services. However, many of them operate with limited digital infrastructures, both at the technological and budgetary levels.

Among the factors that explain why this sector is especially vulnerable, the following stand out:

• Legacy systems or systems without frequent updates.
• Lack of continuous monitoring and early detection.
• Limited resources for specialized cybersecurity.
• High dependence on email as an operational channel.
• Increasing regulatory requirements without a clear compliance strategy

For attackers, these conditions make the local administration an attractive target for ransomware campaigns, credential theft, or opportunistic attacks.

‍

How do these types of computer attacks occur

Although not all technical details are public, this type of computer attacks they usually originate from well-known vectors. At the municipal level, the most common are:

1. Targeted phishing to public employees to steal credentials.
2. Use of weak or reused passwords in corporate services.
3. Lack of two-factor authentication in critical accesses.
4. Unpatched vulnerabilities in servers or web applications.
5. Absence of internal segmentation and access control.

In many cases, the initial attack goes unnoticed for days or weeks, until the impact becomes visible and requires drastic action.

‍

Key lessons for municipalities and public entities

Recent incidents leave clear lessons that go beyond the specific case of each municipality. Some key lessons are:

• Prevention is cheaper than the answer: regular audits and vulnerability analysis dramatically reduce risk.
• Early detection makes a difference: having 24/7 monitoring makes it possible to contain the attack before it spreads.
• The human factor remains critical: Staff awareness is one of the most effective defenses.
• Service continuity must be planned: returning to paper cannot be the only alternative to a digital incident.
• Compliance with regulations is not enough if there is no strategy: ENS, GDPR or NIS2 must be integrated into a realistic approach to cybersecurity.

These recommendations not only apply to large cities, but also—and especially— to medium and small municipalities.

‍

Cybersecurity as a strategic priority in the public sector

The cyberattacks on Spanish municipalities recorded this month are not isolated events. They reflect a clear trend: the Cybersecurity is no longer a technical issue, but rather a strategic issue affecting the provision of services, citizen trust and the legal responsibility of administrations.

Investing in protection, detection and response is not a superfluous expense, but a necessary measure to ensure the resilience of public services in the face of an increasingly active threat environment.

‍

Apolo Cybersecurity: expert support for public administrations

In Apolo Cybersecurity we help municipalities and public entities to anticipate, detect and respond dealing with these types of incidents through vulnerability analysis services, SOC 24/7, CISO as a Service and continuity plans adapted to the public sector.

If your organization wants to assess its level of exposure and reinforce its cybersecurity strategy before suffering a security breach, we can help you do so with judgment and experience. Contact our team and let's discuss together how to better protect your essential systems and services.