DOCSLIB.ORG

D2.2 Final Report on Cybersecurity Indicators & Open Source

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
D2.2 Final Report on Cybersecurity Indicators & Open Source D2.2 Final Report on Cybersecurity Indicators & Open Source Intelligence Methodologies Work Package WP2: Metrics of Cybersecurity Document Dissemination Level P Public x CΟ Confidential, only for members of the Consortium (including the Commission Services) Document Due Date: 28/02/2019 Document Submission Date: 28/02/2019 This work is performed within the SAINT Project – Systemic Analyser in Network Threats – with the support of the European Commission and the Horizon 2020 Program, under Grant Agreement No 740829 D2.2 Final Report on Cybersecurity Indicators & Open Source Intelligence Methodologies Document Information Deliverable number: D2.2 Deliverable title: Final report on Cybersecurity Indicators & Open Source Intelligence Methodologies Deliverable version: 1.0 Work Package number: WP2 Work Package title: Metrics of Cybersecurity Due Date of delivery: 28/02/2019 Actual date of delivery: Dissemination level: Public Editor(s): Jart Armin (CYBE), Bryn Thompson (CYBE) Contributor(s): Yannis Stamatiou (CTI), Edgardo Montes de Oca (MNTMG) Reviewer(s): Olivia Odell (AS), Dimitris , Kavallieros (KEMEA) Ethical advisor(s): Christina Chalanouli (KEMEA), Project name: Systemic Analyser in Network Threats Project Acronym SAINT Project starting date: 1/5/2017 Project duration: 24 months Rights: SAINT Consortium Version History Version Date Beneficiary Description 0.1 21/12/2017 CYBE CTI MI First draft 0.2 28/01/2019 CYBE CTI MI 2nd Draft 0.3 15/02/2019 CYBE CTI MI 3rd Draft 0.4 19/02/2019 CYBE 4th Draft 0.5 21/02/2019 CYBE 5th draft for review. 0.6 25/02/2019 CYBE/AS/KEMEA Final draft 1.0 27/02/2019 CYBE Final 1.1 04/03/2019 CYBE Add missing text on malware & Figure # Copyright SAINT Consortium. All rights reserved. 2 D2.2 Final Report on Cybersecurity Indicators & Open Source Intelligence Methodologies Table of Contents 1 Introduction ............................................................................................................................................... 8 2 Cyber Security Taxonomies and Ontology............................................................................................... 10 2.1 OAT ontology ................................................................................................................................... 12 2.2 OWASP Top 10 – web application risks ........................................................................................... 16 3 SAINT Selection of Cybersecurity Indicators – Phase 1 – (M1 to M6) ..................................................... 18 3.1 ENISA’s Top 15 ................................................................................................................................. 18 4 Final Open Source Cybersecurity Indicator Data Sets with WP2 and WP5 Phase 2 – (M3 – M9) ........... 20 5 Indicators - Econometrics ........................................................................................................................ 28 5.1 Online population experienced cybercrime (EU) ............................................................................ 28 5.2 Time spent / lost per victim of cybercrime ..................................................................................... 29 5.3 Cost of cybercrime (EU) ................................................................................................................... 29 5.4 Cost of a data breach ....................................................................................................................... 30 5.5 Cost to individuals of cybersecurity measures ................................................................................ 30 5.6 Cost to enterprises of cybersecurity measures ............................................................................... 31 5.7 Cost to governments of cybersecurity measures ............................................................................ 32 5.8 Number of individuals working in cybersecurity (2018 EU) ............................................................ 32 5.9 Estimates for cybersecurity personnel needed (by 2020 EU) ......................................................... 33 6 Indicators - Cybercrime Activity .............................................................................................................. 34 6.1 Malware ........................................................................................................................................... 34 6.1.1 Trojans ..................................................................................................................................... 36 6.1.2 Viruses (computer) .................................................................................................................. 36 6.1.3 Worms ..................................................................................................................................... 36 6.2 Web based attacks .......................................................................................................................... 36 6.2.1 RFI (remote file inclusion), ....................................................................................................... 36 6.2.2 LFI (local file inclusion),............................................................................................................ 37 6.2.3 XSA (cross server attack), ........................................................................................................ 37 6.2.4 RCE (remote code execution) .................................................................................................. 37 6.3 Web application attacks .................................................................................................................. 37 6.4 Denial of Service (DoS, DDoS, DrDoS) ............................................................................................. 38 6.5 Botnets ............................................................................................................................................ 41 6.6 Phishing ........................................................................................................................................... 42 6.7 Ransomware .................................................................................................................................... 43 6.8 Exploit kits ....................................................................................................................................... 44 6.8.1 Crimeware ............................................................................................................................... 46 6.8.2 Cybercrime as a service ........................................................................................................... 46 6.9 APT (Advanced Persistent Threats) ................................................................................................. 46 Copyright SAINT Consortium. All rights reserved. 3 D2.2 Final Report on Cybersecurity Indicators & Open Source Intelligence Methodologies 6.10 Data breaches .................................................................................................................................. 48 6.11 Cyber attacks ................................................................................................................................... 49 6.12 Identity theft .................................................................................................................................... 50 6.13 Cyber espionage .............................................................................................................................. 50 6.13.1 RATs (Remote Access Trojan) .................................................................................................. 51 6.13.2 Cyberterrorism ........................................................................................................................ 52 6.13.3 Cyberwarfare ........................................................................................................................... 52 6.14 Intrusion (computer) ....................................................................................................................... 52 6.14.1 Spyware ................................................................................................................................... 53 6.14.2 Malvertising ............................................................................................................................. 53 6.14.3 Clickjacking .............................................................................................................................. 53 6.14.4 Grayware ................................................................................................................................. 53 6.14.5 Backdoors ................................................................................................................................ 54 6.14.6 Adware ..................................................................................................................................... 54 6.15 Cryptovirology ................................................................................................................................. 54 6.16 Malicious software (badware) ......................................................................................................... 55 6.16.1 Rootkits ...................................................................................................................................
Load more

Recommended publications
  • Q International Business Machines Corporation
    Table of Contents UNITED STATES SECURITIES AND EXCHANGE COMMISSION WASHINGTON, DC 20549 FORM 10 - Q QUARTERLY REPORT PURSUANT TO SECTION 13 or 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 FOR THE QUARTER ENDED JUNE 30, 2017 1-2360 (Commission file number) INTERNATIONAL BUSINESS MACHINES CORPORATION (Exact name of registrant as specified in its charter) New York 13-0871985 (State of incorporation) (IRS employer identification number) Armonk, New York 10504 (Address of principal executive offices) (Zip Code) 914-499-1900 (Registrant’s telephone number) Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section l3 or l5(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes _ No Indicate by check mark whether the registrant has submitted electronically and posted on its corporate Web site, if any, every Interactive Data File required to be submitted and posted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit and post such files). Yes _ No Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.
    [Show full text]
  • The Massachusetts-Israel Economic Impact Study
    The Massachusetts-Israel Economic Impact Study 2016 Edition: The Boston-Israel Power Partnership An expanding relationship that generates revenue, jobs, and investment for the benefit of both economies Boston Tel Aviv June 2016 Prepared for the New England-Israel Business Council With support from CJP of Greater Boston Based on research by Stax, Inc. With additional research by TAMID @ Boston University by David Goodtree Table of Contents » Executive Summary ....................................................................................................... 4 » Israeli Innovation Is a Major Driver of the Massachusetts Economy ............................4 » About the Title of This Whitepaper .....................................................................................5 » Israeli Entrepreneurs Choose Boston To Build Global Businesses ..................... 6 » Boston is a Gateway for Israel to U.S. and Global Markets ............................................6 » Revenue ...................................................................................................................................7 » Jobs ...........................................................................................................................................8 » Capital ......................................................................................................................................8 » Acquisitions .............................................................................................................................10
    [Show full text]
  • IBM Highlights, 1985-1989 (PDF, 145KB)
    IBM HIGHLIGHTS, 1985 -1989 Year Page(s) 1985 2 - 7 1986 7 - 13 1987 13 - 18 1988 18 - 24 1989 24 - 30 February 2003 1406HC02 2 1985 Business Performance IBM’s gross income is $50.05 billion, up nine percent from 1984, and its net earnings are $6.55 billion, up 20 percent from the year before. There are 405,535 employees and 798,152 stockholders at year-end. Organization IBM President John F. Akers succeeds John R. Opel as chief executive officer, effective February 1. Mr. Akers also is to head the Corporate Management Board and serve as chairman of its Policy Committee and Business Operations Committee. PC dealer sales, support and operations are transferred from the Entry Systems Division (ESD) to the National Distribution Division, while the marketing function for IBM’s Personal Computer continues to be an ESD responsibility. IBM announces in September a reorganization of its U.S. marketing operations. Under the realignment, to take effect on Jan. 1, 1986, the National Accounts Division, which markets IBM products to the company’s largest customers, and the National Marketing Division, which serves primarily medium-sized and small customer accounts, are reorganized into two geographic marketing divisions: The North-Central Marketing Division and the South-West Marketing Division. The National Distribution Division, which directs IBM’s marketing efforts through Product Centers, value-added remarketers, and authorized dealers, is to merge its distribution channels, personal computer dealer operations and systems supplies field sales forces into a single sales organization. The National Service Division is to realign its field service operations to be symmetrical with the new marketing organizations.
    [Show full text]
  • Corporate Responsibility Report 2020 Environmental Results to Removing More Than 11,000 Passenger Vehicles from the Road During the Year
    2020 Corporate Responsibility Report Letter from the Chairman and CEO While the events of 2020 have tested and tried the world’s resolve in entirely new ways, they also revealed humanity’s determination to adapt and emerge stronger. It was a profound reminder that, when pressed for more, individuals and organizations will rise to reinvent themselves and apply ingenuity to the most challenging of societal problems. I am extremely proud of the work that IBMers have done to combat the global COVID-19 emergency, address systemic racism and establish new protocols for the future of work. At IBM: – We led with purpose and culture, empowering the IBMer at the center of our efforts. As IBM focuses on leadership in the era of hybrid cloud and AI, we are taking a number of decisive steps to create a culture where all employees can thrive. In March 2020, we transitioned 95 percent of IBMers to remote work within days, and throughout the year, we launched global initiatives to support the health and well-being of IBMers amid the pandemic. Today, we are shaping the future of work for a post-COVID era, building on our longtime approach to flexible and collaborative innovation. We are making every effort to address employee needs and commitments for empathy, transparency and social responsibility in this new era. Arvind Krishna Chairman and – We applied science and technology to accelerate Chief Executive Officer discovery, provide trusted information and respond resiliently to the pandemic. We helped organize the High – We reinforced our fight against climate change with Performance Computing Consortium to equip scientists leadership and innovation.
    [Show full text]
  • It's Time to Get Serious About Endpoint Security
    22-28 July 2014 | ComputerWeekly.com HOME NEWS IBM PARTNERSHIP GIVES APPLE ENTERPRISE MUSCLE EXPERTS DEBATE STARTUP SUCCESS OUTSIDE LONDON PORT FACILITIES BUSINESS EXPLOITS ERP TO DIVERSIFY CARAVAN CLUB OUTSOURCES IT TO THE CLOUD EDITOR’S COMMENT OPINION BUYER’S GUIDE TO ENDPOINT SECURITY It’s time to get IN-MEMORY DATABASES: WHAT THEY DO AND WHAT THEY NEED serious about STREAMLINING THE STAFF APPRAISAL PROCESS endpoint security WITH BILLIONS OF DEVICES JOINING CORPORATE NETWORKS EVERY YEAR, SECURING THE ENDPOINT HAS NEVER BEEN A MORE DOWNTIME PRESSING CHALLENGE TO IT SECURITY PROFESSIONALS computerweekly.com 22-28 July 2014 1 VOLKER WITT/FOTOLIA VOLKER THE WEEK IN IT HOME IT suppliers IT skills Microsoft to cut 18,000 jobs by mid-2015 Lloyds Bank strives to boost digital NEWS Microsoft is to cut 18,000 jobs next year, skills for SMEs and charities with the acquired Nokia business bearing Lloyds Banking Group has announced that IBM PARTNERSHIP the brunt of its strategy to change. A total it will push forward with a government-led GIVES APPLE of 12,500 cuts will be made in profes- initiative to increase the digital capability ENTERPRISE MUSCLE sional and factory positions eliminated of SMEs and charities across the UK. The through the alignment of the Nokia busi- bank, which is already part of the Digital EXPERTS DEBATE ness with Microsoft’s main operations. Inclusion Delivery Board, will oversee the STARTUP SUCCESS OUTSIDE LONDON The company said staff affected will be project by working with government, the notified over the next six months, with the digital skills charity Go ON UK and the six cuts completed by the end of June 2015.
    [Show full text]
  • Master Index Version 2 Release 3
    IBM Tivoli Operations Planning and Control Master Index Version 2 Release 3 SH19-4375-02 IBM Tivoli Operations Planning and Control Master Index Version 2 Release 3 SH19-4375-02 Note Before using this information and the product it supports, be sure to read the general information under “Notices” on page v. ISO 9001 Certification This product was developed using an ISO 9001 certified quality system. Certification has been awarded by the Italian quality system certification group, CSQ (Certification No. CISQ/CSQ 9150.IBM7). CSQ is a member of the mutually recognized organization of European assessors, ITQS, which assesses and certifies quality systems in the field of information technology enterprises. Third Edition (December 1999) This is a major revision of, and obsoletes, SH19-4375-01. This edition applies to Version 2 Release 3 Modification Level 0 of Tivoli Operations Planning and Control, Program Number 5697-OPC, and to all subsequent releases and modifications until otherwise indicated in new editions or technical newsletters. Technical changes or additions to the text to describe the Tivoli Job Scheduling Console Support are indicated by a vertical line to the left of the change. Make sure you are using the correct edition for the level of the product. Order publications through your IBM representative or the IBM branch office serving your locality. Publications are not stocked at the address below. IBM welcomes your comments. A form for readers' comments appears at the back of this publication. If the form has been removed, address your comments to: Tivoli OPC Information Development Rome Tivoli Laboratory IBM Italy S.p.A.
    [Show full text]
  • 2 9215FQ14 FREQUENTLY ASKED QUESTIONS Category Pages Facilities & Buildings 3-10 General Reference 11-20 Human Resources
    2 FREQUENTLY ASKED QUESTIONS Category Pages Facilities & Buildings 3-10 General Reference 11-20 Human Resources 21-22 Legal 23-25 Marketing 26 Personal Names (Individuals) 27 Predecessor Companies 28-29 Products & Services 30-89 Public Relations 90 Research 91-97 April 10, 2007 9215FQ14 3 Facilities & Buildings Q. When did IBM first open its offices in my town? A. While it is not possible for us to provide such information for each and every office facility throughout the world, the following listing provides the date IBM offices were established in more than 300 U.S. and international locations: Adelaide, Australia 1914 Akron, Ohio 1917 Albany, New York 1919 Albuquerque, New Mexico 1940 Alexandria, Egypt 1934 Algiers, Algeria 1932 Altoona, Pennsylvania 1915 Amsterdam, Netherlands 1914 Anchorage, Alaska 1947 Ankara, Turkey 1935 Asheville, North Carolina 1946 Asuncion, Paraguay 1941 Athens, Greece 1935 Atlanta, Georgia 1914 Aurora, Illinois 1946 Austin, Texas 1937 Baghdad, Iraq 1947 Baltimore, Maryland 1915 Bangor, Maine 1946 Barcelona, Spain 1923 Barranquilla, Colombia 1946 Baton Rouge, Louisiana 1938 Beaumont, Texas 1946 Belgrade, Yugoslavia 1926 Belo Horizonte, Brazil 1934 Bergen, Norway 1946 Berlin, Germany 1914 (prior to) Bethlehem, Pennsylvania 1938 Beyrouth, Lebanon 1947 Bilbao, Spain 1946 Birmingham, Alabama 1919 Birmingham, England 1930 Bogota, Colombia 1931 Boise, Idaho 1948 Bordeaux, France 1932 Boston, Massachusetts 1914 Brantford, Ontario 1947 Bremen, Germany 1938 9215FQ14 4 Bridgeport, Connecticut 1919 Brisbane, Australia
    [Show full text]
  • Customization and Tuning Version 2 Release 2
    IBM TME 10 Operations Planning and Control Customization and Tuning Version 2 Release 2 SH19-4380-01 IBM TME 10 Operations Planning and Control Customization and Tuning Version 2 Release 2 SH19-4380-01 Note Before using this information and the product it supports, be sure to read the general information under “Notices” on page xiii. ISO 9001 Certification This product was developed using an ISO 9001 certified quality system. Certification has been awarded by the Italian quality system certification group, CSQ (Certification No. CISQ/CSQ 9150.IBM7). CSQ is a member of the mutually recognized organization of European assessors, ITQS, which assesses and certifies quality systems in the field of information technology enterprises. Second Edition (June 1998) This is a major revision of, and obsoletes, SH19-4380-00. This edition applies to Version 2 Release 2 Modification Level 0 of TME 10 Operations Planning and Control, Program Number 5697-OPC, and to all subsequent releases and modifications until otherwise indicated in new editions or technical newsletters. See the “Summary of TME 10 OPC Version 2 Release 2 Enhancements” on page xxv for the changes made to this manual. Technical changes or additions to the text and illustrations are indicated by a vertical line to the left of the change. Make sure you are using the correct edition for the level of the product. Order publications through your IBM representative or the IBM branch office serving your locality. Publications are not stocked at the address below. IBM welcomes your comments. A form for readers' comments appears at the back of this publication.
    [Show full text]
  • 2014-Ibm-Annual-Report.Pdf
    2014 IBM Annual Report 2014 IBM Annual Report A Letter from the Chairman 1 Dear IBM Investor: The cover of our report to you last year asked: “What will we make of this moment?” This was the critical and urgent decision that we — and our clients — faced. Would we seize upon the major shifts that are reordering our industry and opening up vast new applications of information technology? In my letter, I described our answer: • IBM would help transform industries and professions with data. • We would remake enterprise IT for the era of cloud. • We would reimagine work by helping clients build systems of engagement, underpinned by the imperative of security. At the same time, we would address significant challenges in some of our businesses, principally hardware. We knew we faced a critical year of transformation. It proved to be just that. The work of transforming IBM continues, and much remains to be done. But I am pleased to report that we made significant progress and built momentum in 2014. In this letter I will describe what we have done, and continue to do, to transform and differentiate your company and to position ourselves for leadership in the new era now taking shape. 2 VIRGINIA M. ROMETTY Chairman, President and Chief Executive Officer A Letter from the Chairman 3 Continuing to move to higher value Information technology is one of the most dynamic, fast- changing and fiercely competitive industries in the world, characterized by relentless cycles of innovation and commoditization. Our choice is clear: We pursue a model of high-value innovation, rather than commodity technology, products and services.
    [Show full text]
  • Combatting Cybercrime: Tools and Capacity Building for Emerging Economies, Washington, DC: World Bank License: Creative Commons Attribution 3.0 IGO (CC by 3.0 IGO)
    Combatting Cybercrime Tools and Capacity Building for Emerging Economies Page 1 | Chapter 1 | § Table of Contents Combatting Cybercrime Tools and Capacity Building for Emerging Economies Some Rights Reserved This work is a co-publication of The World Bank and the United Nations. The findings, interpretations, and conclusions expressed in this work do not necessarily reflect the views of The World Bank, its Board of Executive Directors, or the governments they represent, or those of the United Nations. The World Bank and the United Nations do not guarantee the accuracy of the data included in this work. The boundaries, colors, denominations, and other information shown on any map in this work do not imply any judgment on the part of The World Bank or the United Nations concerning the legal status of any territory or the endorsement or acceptance of such boundaries. Nothing herein shall constitute or be considered to be a limitation upon or waiver of the privileges and immunities of The World Bank or the United Nations, all of which are specifically reserved. Rights & Permission This work is available under the Creative Commons Attribution 3.0 IGO license (CC BY 3.0 IGO) http://creativecommons.org/licenses/by/3.0/igo. Under the Creative Commons Attribution license, you are free to copy, distribute, transmit, and adapt this work, including for commercial purposes, under the following conditions: Attribution — Please cite the work as follows: World Bank and United Nations. 2017. Combatting Cybercrime: Tools and Capacity Building for Emerging Economies, Washington, DC: World Bank License: Creative Commons Attribution 3.0 IGO (CC BY 3.0 IGO).
    [Show full text]
  • Netview Distribution Manager for MVS General Information Release 7
    For Position Only - Use TIVHIGH.TIF for color printing NetView Distribution Manager for MVS General Information Release 7 Note Before using this information and the product it supports, be sure to read the general information under “Notices” on page ix. ISO 9001 Certification ISO 9001 Certification This product was developed using an ISO 9001 certified quality system. Certification has been awarded by Bureau Veritas Quality International (BVQI) (Certification No. BVQI - 92053). BVQI is a world leader in quality certification and is currently recognized by more than 20 accreditation bodies. Seventh Edition (October 2000) This is a major revision of, and obsoletes, GH19-6792-05. See “Summary of Changes for NetView DM for MVS Release 7” on page xv for an overview of the changes made to this manual. Technical changes or additions to the text and illustrations are indicated by a vertical line to the left of the change. This edition applies to Release 7, Modification Level 0 of the licensed program NetView Distribution Manager for MVS, Program Number 5685-016, and to all subsequent releases and modifications until otherwise indicated in new editions. Make sure you are using the correct edition for the level of the product. Order publications through your IBM or Tivoli representative or the IBM or Tivoli branch office serving your locality. Publications are not stocked at the address given below. A form for reader's comments is provided at the back of this publication. If the form has been removed, address your comments to: Distribution Products Information Development Rome Tivoli Laboratory IBM Italia S.p.A.
    [Show full text]
  • IBM Z Netview: Programming: Pipes
    IBM Z NetView Version 6 Release 3 Programming: Pipes IBM SC27-2859-07 Note Before using this information and the product it supports, read the information in “Notices” on page 309. This edition applies to version 6, release 3 of IBM Z NetView (product number 5697-NV6 ) and to all subsequent versions, releases, and modifications until otherwise indicated in new editions. This edition replaces SC27-2859-05. © Copyright International Business Machines Corporation 1997, 2019. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Figures................................................................................................................. ix About this publication...........................................................................................xi Intended audience...................................................................................................................................... xi Publications................................................................................................................................................. xi IBM Z NetView library............................................................................................................................xi Related publications ............................................................................................................................ xii Terminology in this Library.................................................................................................................
    [Show full text]