third Cyber Security Assessment Netherlands - NCSC

More documents

Recommendations

Info

(variations of ) DDoS and defacement. Finally, botnets are an important tool for various actors. The greatest threat at the moment for governments is aimed at the importance of the confidentiality of information (particularly against espionage) and continuity of online services (including generic services) and their own IT. This threat comes from a number of sides: states, professional criminals, hacktivists and cyber vandals/script kiddies. The most important threat for the business community concerns espionage aimed at information that is sensitive to competition and of the abuse of financial data for the purpose of theft of monetary values. This also happens through the manipulation of information in the form of changes made to (bank) transactions. An important threat that has increased over the past year is that of disruption of online services particularly for businesses that provide vital online services. Moreover, business information of all types is stolen by several different groups of actors for their own use, for publication or for selling on to third parties. Examples include client data or information about the IT provisions in businesses. The number of incidents handled by the NCSC increased significantly during the reporting period. The main reason for this increase is that as from 5 January 2012 private parties are now also served by the NCSC. In the nature of the incidents involving the government there has been a relative increase in malware infections (+13 per cent) and hacking attempts (+5 per cent). Finding out about the Pobelka botnet provided insight into the large numbers of infected computers and the quantity of the leaked data by means of a botnet that had remained undetected up to that time. There are probably many more undetected botnets. This also shows that the measures currently available for detecting this type of attack are not sufficient. Basic provisions have been the target of attacks in recent times. These include the attacks on iDeal and DigiD that made online payments in web shops temporarily impossible and logging into government services inaccessible, respectively. « Citizens are affected by identity fraud and blackmail. Citizens become involved when it is their data that is stolen, published, sold or misused. Even when the information is stolen directly from them, interests such as money (damage through attacks on electronic banking), privacy, availability of online services and digital identity are all affected. Citizens are particularly concerned with the protection of their own computers and electronic equipment against malware and ransomware. Citizens are affected indirectly when they are involved in a cyber attack through their own IT becoming part of a botnet. 50
Core assessment » 6 Manifestations » »»»»» Targets Actors (threats) Governments Private organisations Citizens States Digital espionage Digital espionage Digital espionage Disruption of IT (use of offensive capabilities) « Disruption of IT (use of offensive capabilities) « Terrorists Disruption of IT Disruption of IT Theft and sale of information« Theft and sale of information« Theft and sale of information« (Professional) criminals Manipulation of information« Manipulation of information« Manipulation of information« Disruption of IT Disruption of IT ñ IT takeover IT takeover IT takeover Cyber vandals and Script kiddies Theft and publication of information « Theft and publication of information « Theft and publication of information « Disruption of IT Disruption of IT IT takeover « Theft and publication of information ò Theft and publication of information ò Theft and publication of information ò Hacktivists Disruption of IT Disruption of IT Disruption of IT ò IT takeover « Defacement « Defacement « Internal actors Theft and publication or sale of received information Theft and publication or sale of received information (blackmail) Disruption of IT « Disruption of IT « Cyber researchers Receiving and publishing information Receiving and publishing information Private organisations Theft of information (business espionage) ñ No actor IT failure ò IT failure ò IT failure ò Table 4. Summary of threats and targets Key to relevance Low Moderate High No new trends or phenomena identified which result in a threat. OR There are (sufficient) measures available to eliminate the threat. OR There have been no notable incidents because of the threat during the reporting period. New trends or phenomena identified which result in a threat. OR There are (limited) measures available to eliminate the threat. OR There have been incidents outside of the Netherlands, and a few minor incidents in the Netherlands. There are clear developments which make the threat applicable. OR Measures have a limited effect, so that the threat remains considerable. OR There have been incidents in the Netherlands. Key to changes: ñ threat has increased ò threat has decreased « threat is new or has not been reported previously 51
Page 1: Cyber Security Assessment Netherlan
Page 4 and 5: National Cyber Security Centre The
Page 7: Contents Foreword 3 Summary 7 Intro
Page 10 and 11: on governmental organisations and b
Page 12 and 13: However, it is assumed that they ar
Page 15 and 16: Introduction Information Technology
Page 17: Core assessment 1 Interests 17 2 Th
Page 20 and 21: 1.2 Dependency IT dependency contin
Page 22 and 23: Increased IT dependency in electric
Page 24 and 25: on the internet such as an electric
Page 26 and 27: approached or incited by states for
Page 28 and 29: Actor Intentions Skills Targets Sta
Page 30 and 31: get the script kiddies started. One
Page 32 and 33: location’, there is no one single
Page 34 and 35: Furthermore, business information c
Page 36 and 37: environments often arise from the i
Page 38 and 39: not only smart phones, tablets or c
Page 40 and 41: 5.3 Technology Norms, guidelines an
Page 42 and 43: ACM seeks active collaboration with
Page 45 and 46: Core assessment » 6 Manifestations
Page 51: Core assessment » 6 Manifestations
Page 57 and 58: Detailed section » 1 Cyber crime
Page 59: Detailed section » 1 Cyber crime
Page 62 and 63: magnitude of digital espionage inci
Page 65 and 66: Detailed section » 3 Botnets 3 Bot
Page 67 and 68: Detailed section » 3 Botnets » Do
Page 69 and 70: Detailed section » 4 DDoS 4 DDoS
Page 71: Detailed section » 4 DDoS 4.3 Resi
Page 74 and 75: An attacker can abuse devices linke
Page 77 and 78: Detailed section » 6 Grip on infor
Page 79 and 80: Detailed section » 6 Grip on infor
Page 81 and 82: Detailed section » 7 Vulnerability
Page 91: Detailed section » 7 Vulnerability
Page 94 and 95: Leak in the Humannet website belong
Page 96 and 97: In 2012, ACM received a total of 14
Page 98 and 99: car park will not open. It is annoy
Page 100 and 101: 9.6 The resilience of ICS Security
Page 102 and 103:
100 [22: McAfee 2013-2] McAfee: Thr
Page 104 and 105:
102
Page 106 and 107:
Incidents Types of government incid
Page 108 and 109:
Classification Classified data Clou
Page 110 and 111:
Information Information security In
Page 112 and 113:
Spoofing/IP spoofing SQL injection
Page 114:
112
show all

third Cyber Security Assessment Netherlands - NCSC

Create successful ePaper yourself

Delete template?

Save as template?