third Cyber Security Assessment Netherlands - NCSC

More documents

Recommendations

Info

However, it is assumed that they are involved with many DDoS attacks and with (attempts at) publications of the information stolen in digital break-ins. As far as we know, to date there have been no cyber attacks by terrorists against the internet or by the internet to create disruptive damage. It seems that terrorists do not (yet) have sufficient skills and means to carry out cyber attacks that could disrupt society. Threats: tools Attackers use (technical) tools to abuse and/or to increase vulnerabilities. These actors mainly rely on countless self-developed or readily available exploit kits, botnets, (spear) phishing, and (mobile) malware. States can develop and deploy advanced tools, while cyber criminals continue to develop their particular existing tools. Cyber crime is becoming increasingly professional, offering services and tools for hire, for mounting cyber attacks and siphoning off money. This criminal cyber services sector is also known as ‘cyber crime as a service’. Renting out botnets for DDoS attacks is one example of this. The most commonly used technical tools are exploit kits, malware, and botnets. With exploit kits becoming easier to use, it is becoming simpler to abuse the rising number of technical vulnerabilities. Even tools for use in DDoS attacks are relatively easy to come by. Mutations in malware mean that there are so many variants in circulation that anti-virus programs cannot detect them all. Botnets continue to be an important tool for states and cyber criminals, and they often remain under the radar for the owners of misused IT systems. With the increase in the use of mobile devices, there was also an increase in mobile malware. On the human side, we see that criminals are becoming more daring. Phishing continues to be a successful method with which to tempt users, and users are more often becoming the victim of ransomware, a specific form of malware used to kidnap the user’s computer. Phishing actions by telephone were particularly notable in the past year. Resilience: vulnerabilities Resilience involves protecting interests from their vulnerabilities either by removing (the absence of ) the vulnerability or by taking measures to reduce the vulnerability. As long as vulnerabilities exist, our society will remain exposed to cyber attacks. The IT sector continues to be highly vulnerable. Following a few years of reduced levels, the number of openly published vulnerabilities in software is increasing again (+27 per cent) and the number of published vulnerabilities in industrial control systems is also rising. Data has become mobile and loss or theft of mobile devices makes the data stored on these devices possibly accessible to the finder. In the case of hyperconnectivity, all types of devices are connected, not only smart phones, tablets or computers, but all forms of devices imaginable, from fridges to cars, which means that the existing vulnerabilities can be abused in a wide variety of ways. The end-user holds a great responsibility for security, but increasingly often faces vulnerabilities in devices over which he has little influence. In addition, security for computers and other devices requires knowledge that many end-users do not have. Also, consu - merisation means that private and business usage has merged, and some combinations are not always compatible. Business information is being taken out of an organisation’s area of influence to become susceptible to leaks. At the same time, private information is becoming accessible to organisations. Cloud computing has many advantages, but it introduces risks as well, including the fact that access is not always well protected and the cloud reduces the autonomy of organisations relating to the quantity of requests from foreign governments. Cloud computing presents challenges for the detection and prosecution of crime. Many organisations do not have basic measures in order, such as patch and update management or a password policy. This is why old vulnerabilities and methods of attack are still effective. Finally, one crucial vulnerability is that many organisations do not have the necessary knowledge, detection methods, and ability to handle incidents well. Resilience: measures Many initiatives involving resilience that were cited in the previous edition of the CSBN either have been started or are now in full swing. During the past year - partly because of large incidents - the public and political attention towards cyber security has noticeably increased. The need has also reached the boardroom, meaning that the subject of cyber security or information security is often given great importance. The government and the business community pay more attention than previously to measures and this also happens more often in collaboration. Noticeable examples of this are the campaigns for raising awareness, such as ‘Alert Online’, ‘Bank data and log-in codes. Keep them secret’ and ‘Protect your company’. In addition to this, closer collaboration in the area of exchange of information and the agreements reached between banks and the government in connection with the DDoS attacks are good examples. In the area of research and innovation there have been various research programmes set up for the purpose of tackling the issues in connection with cyber security in collaboration between the government, the business community, and the academic community. A guideline has also been published for setting up a policy of responsible disclosure, which involves pointing out IT vulnerabilities in a responsible manner. This is a handout for organisations and reporters as to how vulnerabilities in information systems and (software) products can be reported and dealt with in a responsible manner. The increased awareness has also recently led to new initiatives and supplementary measures at a national level and in individual organisations. They thus respond to the ever-increasing dependence on IT and changing threats. The effectiveness of the initiatives can only be measured in the long term. 10
Manifestations and incidents At the moment the greatest threat for governments is aimed at breaches to the confidentiality of information (particularly espionage), the continuity of online services (including generic services) and their own IT. This threat comes from a number of sides: professional criminals, hacktivists and cyber vandals, or script kiddies. The most important threat for the business community concerns espionage aimed at information sensitive to competition and financial data abuse for the purpose of monetary theft. This also happens with manipulation of (financial/bank) transactions. An increasingly important threat in the past year is online disruption, particularly for businesses providing vital online services. Moreover, several different groups of actors are stealing all types of business information for their own use, for publication or for selling on to third parties. Examples include client data or information on corporate IT provisions. Citizens are affected by identity fraud and blackmail. Citizens become involved when their data is stolen, published, sold, or misused. When information is stolen directly from citizens, such interests as money (damage through attacks on electronic banking), privacy, availability of online services and digital identity are all affected. Citizens are particularly concerned with the protection of their own computers and electronic equipment against malware and ransom - ware. They are affected indirectly when they are involved in a cyber attack through their own IT (home computers), unwittingly becoming part of a botnet. The number of incidents handled by the NCSC increased enormously during the investigation period. The main reason for this increase is that on 5 January 2012 the NCSC began serving private parties as well. For incidents involving the government, there has been a relative increase in malware infections (+13 per cent) and hacking attempts (+5 per cent). The discovery of the previously undetected Pobelka botnet provided insight into large numbers of infected computers and the quantity of the leaked data. There are probably many more undetected botnets. This demonstrates that the currently available measures are inadequate to detect this type of attack. Recently, basic provisions have been the target of attacks, including attacks on iDeal, which make payments in web shops temporarily impossible, and on DigiD, which meant government services for which log-in is necessary became temporarily inaccessible. « 11
Page 1: Cyber Security Assessment Netherlan
Page 4 and 5: National Cyber Security Centre The
Page 7: Contents Foreword 3 Summary 7 Intro
Page 10 and 11: on governmental organisations and b
Page 15 and 16: Introduction Information Technology
Page 17: Core assessment 1 Interests 17 2 Th
Page 20 and 21: 1.2 Dependency IT dependency contin
Page 22 and 23: Increased IT dependency in electric
Page 24 and 25: on the internet such as an electric
Page 26 and 27: approached or incited by states for
Page 28 and 29: Actor Intentions Skills Targets Sta
Page 30 and 31: get the script kiddies started. One
Page 32 and 33: location’, there is no one single
Page 34 and 35: Furthermore, business information c
Page 36 and 37: environments often arise from the i
Page 38 and 39: not only smart phones, tablets or c
Page 40 and 41: 5.3 Technology Norms, guidelines an
Page 42 and 43: ACM seeks active collaboration with
Page 45 and 46: Core assessment » 6 Manifestations
Page 53: Core assessment » 6 Manifestations
Page 57 and 58: Detailed section » 1 Cyber crime
Page 59: Detailed section » 1 Cyber crime
Page 62 and 63:
magnitude of digital espionage inci
Page 65 and 66:
Detailed section » 3 Botnets 3 Bot
Page 67 and 68:
Detailed section » 3 Botnets » Do
Page 69 and 70:
Detailed section » 4 DDoS 4 DDoS
Page 71:
Detailed section » 4 DDoS 4.3 Resi
Page 74 and 75:
An attacker can abuse devices linke
Page 77 and 78:
Detailed section » 6 Grip on infor
Page 79 and 80:
Detailed section » 6 Grip on infor
Page 81 and 82:
Detailed section » 7 Vulnerability
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91:
Page 94 and 95:
Leak in the Humannet website belong
Page 96 and 97:
In 2012, ACM received a total of 14
Page 98 and 99:
car park will not open. It is annoy
Page 100 and 101:
9.6 The resilience of ICS Security
Page 102 and 103:
100 [22: McAfee 2013-2] McAfee: Thr
Page 104 and 105:
102
Page 106 and 107:
Incidents Types of government incid
Page 108 and 109:
Classification Classified data Clou
Page 110 and 111:
Information Information security In
Page 112 and 113:
Spoofing/IP spoofing SQL injection
Page 114:
112
show all

third Cyber Security Assessment Netherlands - NCSC

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?