third Cyber Security Assessment Netherlands - NCSC
third Cyber Security Assessment Netherlands - NCSC
third Cyber Security Assessment Netherlands - NCSC
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Detailed section » 7 Vulnerability of IT<br />
»»<br />
Almost one <strong>third</strong> of the defacements (32 per cent) took place on<br />
a Saturday.<br />
»»<br />
Around one quarter of the defacements (27 per cent) were carried<br />
out by the same hacker or group of hackers (‘T0r3x’).<br />
IPv6 and DNSSEC<br />
As part of the investigation into the characteristics of websites,<br />
the support from DNSSEC and IPv6 in the aforementioned categories<br />
was also reviewed. This yielded the following findings:<br />
Around 12 per cent of the almost 2,000 domains investigated were<br />
supported by DNSSEC. This support is present primarily in the largest<br />
1,000 domains according to Alexa.com (17 per cent) and much lower<br />
in the government and local authorities (both 7 per cent).<br />
Support for IPv6 seem to be behind on the DNSSEC support: for<br />
approximately 3 per cent of all domains, there is an IPv6 address<br />
linked to the ‘www host’ for that domain. Here too, the Alexa top<br />
1,000 appears to be ahead of the government: 4.5 per cent compared<br />
with 2.4 per cent for the government and 0.6 per cent for<br />
local governments. The average is consistent with the picture<br />
of IBM, for example, which in June 2012 established that 3 per cent<br />
of all internet sites have an IPv6 address.<br />
7.3 Tools used<br />
In this chapter, two type of tool are examined in more depth to<br />
the core assessment, these being exploits and malware. Botnets as<br />
a tool are dealt with as a separate detailed section.<br />
7.3.1 Exploits<br />
Exploits appear regularly on the internet, providing a simple way<br />
of abusing known and unknown vulnerabilities. An analysis of the<br />
exploits carried out provides insight into the development of these<br />
exploits over the years. Exploit-db.com is a website that collates<br />
exploits and makes them available to everyone. Looking at the<br />
exploits published since 2005, there is a sharp decrease in publicly<br />
available exploits from the <strong>third</strong> quarter of 2010. IBM also reported<br />
a decrease in public exploits following a peak in 2010. [15: IBM 2012] IBM<br />
cites changes made to software that make it harder to exploit<br />
vulnerabilities as one of the main causes. Another possible cause is<br />
that new (as yet unknown) vulnerabilities are now being sold<br />
commercially.<br />
Exploits primarily target web platforms and Microsoft Windows.<br />
PHP is a particularly popular platform for attack; many open source<br />
PHP applications and plug-ins for CMS applications such as<br />
Wordpress are among the PHP exploits (see Figure 11).<br />
»<br />
200<br />
Exploits per platform 2012Q2 - 2013Q1<br />
150<br />
100<br />
50<br />
0<br />
2012Q2<br />
2012Q3<br />
2012Q4<br />
2013Q1<br />
UNIX BSD Web<br />
Windows Other Hardware<br />
Linux Multiple Apple OS/X<br />
Figure 11. Exploits per platform<br />
85