third Cyber Security Assessment Netherlands - NCSC
third Cyber Security Assessment Netherlands - NCSC
third Cyber Security Assessment Netherlands - NCSC
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Manifestations and incidents<br />
At the moment the greatest threat for governments is aimed<br />
at breaches to the confidentiality of information (particularly<br />
espionage), the continuity of online services (including generic<br />
services) and their own IT. This threat comes from a number<br />
of sides: professional criminals, hacktivists and cyber vandals,<br />
or script kiddies.<br />
The most important threat for the business community concerns<br />
espionage aimed at information sensitive to competition and<br />
financial data abuse for the purpose of monetary theft. This also<br />
happens with manipulation of (financial/bank) transactions. An<br />
increasingly important threat in the past year is online disruption,<br />
particularly for businesses providing vital online services.<br />
Moreover, several different groups of actors are stealing all types<br />
of business information for their own use, for publication or for<br />
selling on to <strong>third</strong> parties. Examples include client data or information<br />
on corporate IT provisions.<br />
Citizens are affected by identity fraud and blackmail. Citizens become<br />
involved when their data is stolen, published, sold, or misused.<br />
When information is stolen directly from citizens, such interests<br />
as money (damage through attacks on electronic banking), privacy,<br />
availability of online services and digital identity are all affected.<br />
Citizens are particularly concerned with the protection of their own<br />
computers and electronic equipment against malware and ransom -<br />
ware. They are affected indirectly when they are involved in a<br />
cyber attack through their own IT (home computers), unwittingly<br />
becoming part of a botnet.<br />
The number of incidents handled by the <strong>NCSC</strong> increased enormously<br />
during the investigation period. The main reason for this increase<br />
is that on 5 January 2012 the <strong>NCSC</strong> began serving private parties<br />
as well. For incidents involving the government, there has been<br />
a relative increase in malware infections (+13 per cent) and hacking<br />
attempts (+5 per cent).<br />
The discovery of the previously undetected Pobelka botnet provided<br />
insight into large numbers of infected computers and the quantity<br />
of the leaked data. There are probably many more undetected<br />
botnets. This demonstrates that the currently available measures<br />
are inadequate to detect this type of attack.<br />
Recently, basic provisions have been the target of attacks, including<br />
attacks on iDeal, which make payments in web shops temporarily<br />
impossible, and on DigiD, which meant government services<br />
for which log-in is necessary became temporarily inaccessible. «<br />
11