third Cyber Security Assessment Netherlands - NCSC

More documents

Recommendations

Info

tend to unknowingly facilitate this criminal behaviour, but also ‘bulletproof’ providers can be recognized – they are doing so consciously. In between are companies who operate in the twilight zone. International virtual payments processors are frequently used by (high tech) criminals because of the speed and anonymity that can be achieved. 1.3 Tools used by cyber criminals During the reporting period, there has been no substantial change in the way cyber criminals operate. However, criminals are becoming increasingly aggressive in their actions. One example of this is ransomware automatically downloading and displaying child pornography. Botnets remain a popular tool for earning a lot of money. Malware is increasingly being used to take over computers completely, reducing the need to use phishing to collect user credentials. Last year’s CSAN recognised that ransomware plays a key role in cyber crime targeted directly at end users. Its use increased significantly during the reporting period, as did the use of encryption to further thwart law enforcement. Botnets Botnets are clusters of infected computer systems which can be controlled remotely. They are still considered to be the major element in cyber crime. One important feature is that botnets’ architectures make them particularly difficult to eliminate. See also the detailed section on botnets for more information, such as how they work and what happened in recent cases such as Pobelka. A botnet herder’s business model includes renting their botnet out for a range of services. For example, botnets consisting of 100,000 bots are available to let for large-scale attacks for a few hundred U.S. dollars per day. Malware A big portion of known malware is targeted at collecting financially (re)usable data. An important category is made up by banking trojans, designed to abuse personal users’ internet banking environments. Generally this malware will attempt to retrieve the user’s login credentials or to manipulate bank transfers without this being noticed by the user. Encryption and cloud Law enforcement is complicated by the increased use of encryption on both digital communications and file storage. The growing popularity of cloud services creates legal as well as technical challenges, for example raising questions in matters of (police) jurisdiction. Ransomware The spread of so-called ransomware is increasing rapidly. Its emergence was already highlighted in last year’s report. Ransomware hijacks the infected system’s functionality, e.g. by encrypting files or blocking the operating system from working. The malware then demands a payment from the user to restore the functionality – which then seldom happens – and puts the user under pressure not to file a report. Following the first instances in 2009 in Russia and Eastern Europe, ransomware has now spread to Western Europe, the United States and many other countries. More professional ransomware Ransomware is noteably becoming more professional. Criminals use encryption and virtual currencies for their identities to remain concealed. There impact on the victim is also increasing. Criminals are willing to use any means to encourage the user to pay and not to file a report with the police. Examples are: showing police logos, displaying child pornography and switching on the computer’s webcam so that the user is shown on-screen. Just like any type of malware, a ransomware infection can be caught on the regular internet, under the wrong circumstances. This has a direct impact on individual citizens’ sense of security, even more so than hacking, skimming and internet banking fraud. 1.4 Challenges in law enforcement The dichotomy between high tech crime and ‘regular’ cyber crime has a big impact on law enforcement. It is therefore highly valuable to invest in finding and prosecuting the perpetrators of high tech crime. After all, the impact of this type of cyber crime is manifest. Furthermore, less knowledgeable attackers adopt these tools and methods. Of course, improving law enforcement on high tech crime requires the police to make a relatively big investment in people, resources and expertise. In addition to operational limitations, technical complications exist when it comes to digital research. Criminals’ digital tracks leading abroad (such as the IP address used) may result in issues of jurisdiction. Perpetrators are also increasingly using software to completely conceal their location: one popular example is Tor. A new phenomenon is that criminal data is increasingly found in the cloud. Koops [57: WODC 2012] investigated the consequences of this ‘criminal cloudification’ on law enforcement. He concludes that the development in itself does not pose new problems, but it is stressing all the existing legal and technical aspects to the max. In order to address these problems the Minister of Security and Justice in May 2013 proposed legislation on extending police capabilities with respect to performing remote investigations on computers of suspects and, if necessary, to remotely copy data or render it inaccessible. These competences also allow for situations where the system’s physical location is unknown. When combating cyber crime, a problem of a more technical nature is the use of encryption on both digital communications and file storage. Nowadays its quality is such that expertly encrypted data cannot always be decrypted without the owner’s collaboration. Encryption also poses a problem when investigating seized systems. In the context of criminal investigations, the police can already order a third party (but not the suspect) to decrypt the inaccessible 56
Detailed section » 1 Cyber crime » information. On this topic, the Minister of Security and Justice has announced a bill which also went into consultation in May 2013. 1.5 What are consequences and costs of cyber crime? Based on research, it can be concluded that cyber crime has a considerable impact in terms of victims: the scope is constantly being better highlighted; it accounts for a major proportion of [47: Stol 2013] criminality and is probably on the increase. Recent research looked at the extent to which citizens are falling victim to cyber crime. The results show that this is frequently the case: almost as many citizens (aged 15 and up) had been the victim of hacking (4.3 per cent) as they had been of bicycle theft (4.8 per cent). The Security Monitor 2012 [120] also reports on cyber crime victimisation: its figures are somewhat higher than in the aforementioned research report (for example 6 per cent for hacking). For various reasons, the picture of cyber crime and victimisation is not complete. Companies that are attacked fear reputational harm if they report the attack. As a rule, citizens often do not report being victimized (13.4 per cent of the victims of a digital offence report it). Moreover, the police do not record cyber crime separately, making it difficult to outline a full picture of the number of reports. However it can be concluded based on the available data that the number of reports filed has increased significantly in recent years. National High-Tech Crime Unit After a good doubling of its capacity from 30 to 63 FTEs last year, the police’s National High Tech Crime Unit (NHTCU) is again on the verge of expansion. In 2014 there will be 119 highly trained digital, tactical and financial staff actively working to effectively combat high tech crime. To achieve an effective approach to ransomware, to attacks on vital infrastructures and to other occurrences of high tech crime, the NHTCU collaborates with national and international public and private partners. Mutual legal assistance to other law enforcement agencies is achieved swiftly by means of both regular MLATs and fast-track requests via the worldwide ‘24/7 network’. This guarantees all countries participating in the Convention on Cyber Crime (Budapest Convention) an immediate response if urgent assistance is needed in the joint fight against cyber crime. The financial consequences of cyber crime can be varied and far-reaching for companies and governments equally. Citizens are also noticing the consequences of identity fraud involving internet banking and skimming. In recent years, the amount of money stolen in this way has constantly increased. In 2012, this changed for the very first time. The total fraud involving payment transactions had decreased by 11 per cent in 2012 at 82 million euros. Skimming fraud fell by a good quarter from 38.9 to 29 million euros. At 34.8 million euros, the fraud involving internet banking remained more or less the same (35.0 million in 2011). [37: NVB 2013] Additionally, the largest proportion of this fraud was committed in the first six months of that year (24.8 million euros). There are three possible explanations for the recent decrease in skimming: more effective monitoring by the banks, the introduction of the EMV chip (replacing the magnetic strip, which was susceptible to abuse) and by default prohibiting the use of payment cards outside of Europe (geo-blocking). Also, the 2011 arrival of the Electronic Crimes Taskforce (ECTF) is clearly bearing fruit. « 120 http://veiligheidsmonitor.nl/dsresource?objectid=325461 57
Page 1:
Cyber Security Assessment Netherlan
Page 4 and 5:
National Cyber Security Centre The
Page 7: Contents Foreword 3 Summary 7 Intro
Page 10 and 11: on governmental organisations and b
Page 12 and 13: However, it is assumed that they ar
Page 15 and 16: Introduction Information Technology
Page 17: Core assessment 1 Interests 17 2 Th
Page 20 and 21: 1.2 Dependency IT dependency contin
Page 22 and 23: Increased IT dependency in electric
Page 24 and 25: on the internet such as an electric
Page 26 and 27: approached or incited by states for
Page 28 and 29: Actor Intentions Skills Targets Sta
Page 30 and 31: get the script kiddies started. One
Page 32 and 33: location’, there is no one single
Page 34 and 35: Furthermore, business information c
Page 36 and 37: environments often arise from the i
Page 38 and 39: not only smart phones, tablets or c
Page 40 and 41: 5.3 Technology Norms, guidelines an
Page 42 and 43: ACM seeks active collaboration with
Page 45 and 46: Core assessment » 6 Manifestations
Page 53: Core assessment » 6 Manifestations
Page 57: Detailed section » 1 Cyber crime
Page 62 and 63: magnitude of digital espionage inci
Page 65 and 66: Detailed section » 3 Botnets 3 Bot
Page 67 and 68: Detailed section » 3 Botnets » Do
Page 69 and 70: Detailed section » 4 DDoS 4 DDoS
Page 71: Detailed section » 4 DDoS 4.3 Resi
Page 74 and 75: An attacker can abuse devices linke
Page 77 and 78: Detailed section » 6 Grip on infor
Page 79 and 80: Detailed section » 6 Grip on infor
Page 81 and 82: Detailed section » 7 Vulnerability
Page 91: Detailed section » 7 Vulnerability
Page 94 and 95: Leak in the Humannet website belong
Page 96 and 97: In 2012, ACM received a total of 14
Page 98 and 99: car park will not open. It is annoy
Page 100 and 101: 9.6 The resilience of ICS Security
Page 102 and 103: 100 [22: McAfee 2013-2] McAfee: Thr
Page 104 and 105: 102
Page 106 and 107: Incidents Types of government incid
Page 108 and 109:
Classification Classified data Clou
Page 110 and 111:
Information Information security In
Page 112 and 113:
Spoofing/IP spoofing SQL injection
Page 114:
112
show all

third Cyber Security Assessment Netherlands - NCSC

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?