third Cyber Security Assessment Netherlands - NCSC
third Cyber Security Assessment Netherlands - NCSC
third Cyber Security Assessment Netherlands - NCSC
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Table 3 provides a summary of the different main types of threat<br />
together with the most important actors and their objectives. The<br />
paragraphs below detail the main types of threat, indicate which<br />
manifestations are apparent and show the level of the threat. All<br />
of this is finally summarised in the conclusion.<br />
6.1 Attack targeted at information<br />
We are constantly producing, collating, sharing and processing<br />
increasing volumes of information with one another. No one wants<br />
their financial details or personal or business information to fall<br />
into the wrong hands or be manipulated. However cyber attacks<br />
pose a threat that can harm the confidentiality and/or integrity of<br />
this information. This paragraph differentiates between two types<br />
of threat targeted at information: a) theft of information with<br />
possible publication or sale of information and b) manipulation<br />
of information.<br />
6.1.1 Theft of information<br />
Theft information (possibly for publication and sale) concerns<br />
stealing confidential or valuable information. Actors may keep<br />
information for themselves and take personal advantage of it,<br />
but they may also publish or sell it. Information cannot be stolen<br />
in a legal sense – the terms is lifting of the exclusivity since the<br />
information is not removed.<br />
Information regarding financial transactions and identity are<br />
the most common targets of theft<br />
Research carried out by Verizon [106] reveals that it is predominantly<br />
information regarding financial transactions and<br />
identities that is stolen. Verizon states that criminals prefer<br />
information regarding financial transactions and personal<br />
information that can easily be converted into cash. Corporate<br />
espionage focuses on trade secrets, an organisation’s internal<br />
information and system information. Hacktivists target<br />
personal information and organisations’ internal information.<br />
Finally, identities are desirable information to all of these actors.<br />
Digital espionage<br />
The most apparent form of information theft is digital espionage<br />
(primarily) by states. For states, the motivation behind the theft<br />
of information is political, military or economic gain through<br />
digital espionage. [107] The extent to which and the structural way<br />
in which digital espionage is used poses a major threat to national<br />
security and the economy. Throughout this reporting period,<br />
various public and private organisations in the <strong>Netherlands</strong> have<br />
been a victim of this. This threat is therefore classified as ‘high’.<br />
106 Verizon Data Breach Investigations Report 2013.<br />
107 See cyber espionage section.<br />
108 http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf<br />
109 See for example http://hackmageddon.com en http://csis.org/publication/cyber-events-2006<br />
for additional overviews of cyber espionage.<br />
Digital espionage aimed at citizens targets specific individuals<br />
(often dissidents) who are being tracked by states.<br />
Although the origin of digital espionage can rarely be established<br />
conclusively, there are various indications of state involvement. The<br />
General Intelligence and <strong>Security</strong> Service (AIVD) has detected<br />
espionage activities originating from China, Russia, Iran and Syria.<br />
See the detailed sections on <strong>Cyber</strong> Espionage for more information.<br />
There was an increase in the number of cases of digital espionage<br />
discovered last year. The actors behind these attacks dedicate<br />
substantial amounts of money and time to these attacks.<br />
The target is selected deliberately and the attack is targeted until<br />
the aim is achieved. This type of attack is also known as an APT.<br />
Advanced Persistent Threat (APT)<br />
An Advanced Persistent Threat is the threat ensuing from a<br />
targeted ‘long-term’ cyber attack, primarily on knowledgeable<br />
countries and organisations by states and criminal organisations.<br />
The General Intelligence and <strong>Security</strong> Service (AIVD) is<br />
investigating APTs. In these cases, the attacker persistently tries<br />
to penetrate a company and to secretly be present in the IT<br />
infrastructure. During the APT attack, the attacker will primarily<br />
collate ‘confidential’ information and/or prepare for disrupting<br />
the functioning of vital components. The majority of these<br />
attacks are simple in nature and succeed primarily because<br />
of the lack of adequate detection and security measures in<br />
organisations.<br />
In particular, the Mandiant report on what became known<br />
as their ‘APT1’ espionage attack received much publicity. [108]<br />
See the factsheet ‘Persistence pays off (APT)’ from the <strong>NCSC</strong><br />
and the General Intelligence and <strong>Security</strong> Service (AIVD) for<br />
[35: <strong>NCSC</strong> 2013-2]<br />
more information.<br />
The summary on page 45 gives an indication of the scope and<br />
diversity of digital (espionage) attacks. [109] The information comes<br />
from open sources and is expressly not an exhaustive summary.<br />
Given certain similar features, some campaigns may describe the<br />
same attack. The data stated refers to the first publication in open<br />
sources and therefore not the ‘start date’ of the attack. In some<br />
cases, this is months or even years earlier.<br />
Theft of information for financial gain<br />
Criminals steal information to cause harm to others or to put others<br />
under pressure (blackmail). The information acquired (for example<br />
user names and passwords) can also serve as a tool for manipulation<br />
or information.<br />
Theft of information often originates from malware-infected<br />
computers that may possibly form part of a botnet. The computers<br />
in a botnet send the captured information to a central computer.<br />
In December 2012, the <strong>NCSC</strong> received information from the investiga-<br />
44