DOCSLIB.ORG

Cyber Security Assessment Netherlands CSAN 2016

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Cyber Security Assessment Netherlands CSAN 2016 CSAN Netherlands Assessment Security Cyber Cyber Security Assessment Netherlands csan 2016 Publication National Cyber Security Centre PO Box 117, 2501 CC The Hague, the Netherlands Turfmarkt 147, 2511 DP The Hague, the Netherlands +31 70 751 55 55 More information www.ncsc.nl [email protected] October 2016 Cyber Security Assessment Netherlands csan 2016 National Cyber Security Centre The National Cyber Security Centre (NCSC), in collaboration with the business community, government bodies and academics, is working to increase the ability of Dutch society to defend itself in the digital domain. The NCSC supports the central government and organisations with a vital function in society by providing them with expertise and advice, threat response and with actions to strengthen crisis management. In addition, the NCSC provides information and advice to citizens, the government and the business community relating to awareness and prevention. The NCSC thus constitutes the central reporting and information point for IT threats and security incidents. The NCSC is part of the Cyber Security Department of the National Coordinator for Security and Counterterrorism. National Coordinator for Security and Counterterrorism The National Coordinator for Security and Counterterrorism (NCTV) protects the Netherlands against threats that may disrupt society. Together with its partners within the government, the science community and the business sector, the NCTV ensures that the Dutch critical infrastructure is safe and remains so. Collaboration and sources In drawing up this report, the NCSC gratefully used information provided by the following parties: - The various ministries - Military Intelligence and Security Service (MIVD) - Defence Computer Emergency Response Team (DefCERT) - General Intelligence and Security Service (AIVD) - Dutch National Police (National High Tech Crime Unit) - Public Prosecution Service - Representatives of critical infrastructure organisations, members of the Information Sharing and Analysis Centres (ISACs) and other NCSC partners - NCTV - National Management Organisation for Internet Providers (Nationale Beheersorganisatie Internet Providers) - Internet Standards Platform (Platform Internetstandaarden) - Bits of Freedom - Consumers' Association - ICT Netherlands (Nederland ICT) - Dutch Payments Association - Confederation of Netherlands Industry and Employers (VNO-NCW) - Scientific institutions - Universities - Experts in the field of cybersecurity The contributions of these parties have, together with substantive reviews, publicly accessible sources, a survey, information from the critical infrastructure and analyses from the NCSC, contributed to the substantive quality of this assessment. 5 6 Table of contents Summary 9 5 Resilience: Measures 57 Key findings 11 Human beings 57 Insight into threats and actors 11 Technology 58 Dutch developments 61 Introduction 15 International developments 63 Responsible or coordinated vulnerability disclosure 63 1 Manifestations 17 Conclusion and looking ahead 65 Activities aimed at monetary gain 17 Activities aimed at acquiring information 19 6 Interests 69 Activities aimed at disruption 21 Societal interests 69 Manifestations with unintentional damage 21 The development of interests 69 Conclusion and looking ahead 71 2 Threats: Actors 25 Professional criminals 25 Appendix 1 State actors 27 NCSC statistics 73 Terrorists 28 Responsible disclosure 73 Hacktivists 28 Security advisories 74 Cyber vandals and script kiddies 29 Cybersecurity incidents registered with the NCSC 76 Internal actors 30 Cyber researchers 30 Appendix 2 Private organisations 30 Sectoral assessment of cybersecurity 80 Conclusion and looking ahead 32 Appendix 3 3 Threats: Tools 37 Terms and abbreviations 86 Malware 37 Tools 40 Denial-of-Service attacks 42 Obfuscation: hiding criminal activity 43 Attack vectors 44 Conclusion and looking ahead 46 4 Resilience: Vulnerabilities 51 Organisational developments 51 Developments on the user's side 53 Technical developments 53 Conclusion and looking ahead 54 Professional criminals have evolved into sophisticated actors and carry out long-lasting and high-quality operations Digital economic espionage by foreign intelligence services puts the competitiveness of the Netherlands under pressure Ransomware is commonplace and has become even more advanced Advertising networks have not yet shown the ability to cope with malvertising 8 Summary | CSAN 2016 Summary The Cyber Security Assessment Netherlands (CSAN) 2016 offers insight into interests, threats and resilience, as well as related developments in the field of cybersecurity. This CSAN focuses primarily on the Netherlands, for the period from May 2015 to April 2016. The CSAN is published annually by the National Cyber Security Centre and is drawn up in cooperation with public and private partners. In the past year, state actors and professional criminals formed competitive position of the Netherlands. In addition to the largest threat for the Netherlands in the field of economic espionage, foreign intelligence services actively collect cybersecurity. Over the reporting period, they have caused many political information via digital pathways. The Dutch government incidents, or have attempted to do so. Also, the threat that suffers regular digital attacks. Political espionage undermines emanates from these groups is huge, and has grown in the past politics and government and is therefore a threat to the year. democratic legal order. Abroad, manifestations by state actors have been observed that deploy sabotage and other (military) cyber Criminals have, over the past year, focused massively on capabilities. The threat has increased for the Netherlands. State ransomware and the degree of organisation of criminal actors have deployed digital attacks abroad more frequently to campaigns is continually increasing. achieve their strategic objectives, to influence conflicts and, in On a regular basis, organisations in society must deal with some cases, to support an armed struggle. Cybersecurity measures computers and data that have been made inaccessible by taken can also protect against a digital component of hybrid ransomware. For criminals, campaigns with ransomware are easy attacks. to carry out. Criminals take into account the purchasing power of victims: sometimes more ransom is demanded if (large) Encryption has received much attention over the past year. The organisations are infected. Thus, ransomware, in recent years, has interests of the parties are sometimes at odds with each other. In developed into the tool of choice for professional criminals to the discussion on the relevance of encryption, the interests of make money. The classic measures of regular backups and network detection and national security must be balanced against the segmentation can limit the impact of ransomware attacks. In security of the internet and the privacy of its users. In the addition to short actions aimed at making money quickly, Netherlands, the government has published its official position on professional criminals are expanding their methods: professional encryption. The government endorses the importance of strong criminals have evolved into sophisticated actors and carry out encryption for internet safety, in support of the protection of the long-lasting and high-quality operations. In the past year, privacy of citizens, for confidential communications of several long-running campaigns were observed, using government and businesses and for the Dutch economy. The advanced forms of spear phishing. With this, both the government has sent its position on encryption to the House of investments and the proceeds of the campaigns have increased. Representatives. The government is of the opinion that it is not In the past, this way of working was the domain of state actors. currently appropriate to take legal measures to restrict the development, availability or the use of encryption. State actors have, over the past year, carried out a great deal of digital espionage on the leading Dutch sectors. Digital economic Hacktivists and terrorists in the field of cybersecurity pose less espionage by foreign intelligence services puts pressure on the of a threat than state actors and professional criminals, but 9 ncsc | Cyber Security Assessment Netherlands these actors have developed over the past year. There have been Advertising networks do not seem to be able to cope with no terrorist attacks recently using digital resources. However, they malvertising yet. This method of malware distribution remains do generate a lot of media attention with small-scale digital attacks popular and is a growing problem that is not easy to solve: the which require little knowledge or skill. Hacktivists have, over the manner in which ads are bought in real time and presented to the past year, focused on the online publishing of sensitive corporate user happens out of sight of website owners. Currently, advertising information and personal information. networks do not thoroughly check the content of their ads. Combined with the fact that many systems do not have the latest Cyber vandals and script kiddies are a growing threat. They can updates, this provides a large attack surface. Effective protection carry out digital attacks with accessible tools and at low cost. Think against malvertising without affecting the revenue model of of booter services to perform DDoS attacks; these are forms of websites requires fundamental
Recommended publications
  • BUGS in the SYSTEM a Primer on the Software Vulnerability Ecosystem and Its Policy Implications

    BUGS in the SYSTEM a Primer on the Software Vulnerability Ecosystem and Its Policy Implications

    ANDI WILSON, ROSS SCHULMAN, KEVIN BANKSTON, AND TREY HERR BUGS IN THE SYSTEM A Primer on the Software Vulnerability Ecosystem and its Policy Implications JULY 2016 About the Authors About New America New America is committed to renewing American politics, Andi Wilson is a policy analyst at New America’s Open prosperity, and purpose in the Digital Age. We generate big Technology Institute, where she researches and writes ideas, bridge the gap between technology and policy, and about the relationship between technology and policy. curate broad public conversation. We combine the best of With a specific focus on cybersecurity, Andi is currently a policy research institute, technology laboratory, public working on issues including encryption, vulnerabilities forum, media platform, and a venture capital fund for equities, surveillance, and internet freedom. ideas. We are a distinctive community of thinkers, writers, researchers, technologists, and community activists who Ross Schulman is a co-director of the Cybersecurity believe deeply in the possibility of American renewal. Initiative and senior policy counsel at New America’s Open Find out more at newamerica.org/our-story. Technology Institute, where he focuses on cybersecurity, encryption, surveillance, and Internet governance. Prior to joining OTI, Ross worked for Google in Mountain About the Cybersecurity Initiative View, California. Ross has also worked at the Computer The Internet has connected us. Yet the policies and and Communications Industry Association, the Center debates that surround the security of our networks are for Democracy and Technology, and on Capitol Hill for too often disconnected, disjointed, and stuck in an Senators Wyden and Feingold. unsuccessful status quo.
  • Ransom Where?

    Ransom Where?

    Ransom where? Holding data hostage with ransomware May 2019 Author With the evolution of digitization and increased interconnectivity, the cyberthreat landscape has transformed from merely a security and privacy concern to a danger much more insidious by nature — ransomware. Ransomware is a type of malware that is designed to encrypt, Imani Barnes Analyst 646.572.3930 destroy or shut down networks in exchange [email protected] for a paid ransom. Through the deployment of ransomware, cybercriminals are no longer just seeking to steal credit card information and other sensitive personally identifiable information (PII). Instead, they have upped their games to manipulate organizations into paying large sums of money in exchange for the safe release of their data and control of their systems. While there are some business sectors in which the presence of this cyberexposure is overt, cybercriminals are broadening their scopes of potential victims to include targets of opportunity1 across a multitude of industries. This paper will provide insight into how ransomware evolved as a cyberextortion instrument, identify notorious strains and explain how companies can protect themselves. 1 WIRED. “Meet LockerGoga, the Ransomware Crippling Industrial Firms” March 25, 2019; https://www.wired.com/story/lockergoga-ransomware-crippling-industrial-firms/. 2 Ransom where? | May 2019 A brief history of ransomware The first signs of ransomware appeared in 1989 in the healthcare industry. An attacker used infected floppy disks to encrypt computer files, claiming that the user was in “breach of a licensing agreement,”2 and demanded $189 for a decryption key. While the attempt to extort was unsuccessful, this attack became commonly known as PC Cyborg and set the archetype in motion for future attacks.
  • 2016.4 Vol.28 Mac はマルウェアから 100%安全か

    2016.4 Vol.28 Mac はマルウェアから 100%安全か

    2016.4 Vol.28 Mac はマルウェアから 100%安全か セキュリティプレス・アン Mac 向けセキュリティソリューション AhnLab V3 365 Clinic for Mac Mac はマルウェアから 100%安全か AppleのMacは、多くの人にマルウェアから安全だと思われている。しかし実際はWindowほどではないにせよ、Mac向けのマルウ ェアもマルウェア史の初期から存在し続けていた。それは現在も同じで、Macも安全地帯ではないということだ。 今回のプレス・アンでは、最新Mac向けマルウェアの特徴を分析し、Mac環境を保護する方策を探る。 Appleのマッキントッシュ(Macintosh、以下Mac)に対するユーザーの信頼は厚く、次のような挿絵からも見て取れる。コンピューター使用中感電し たキャラに、「コンピューターに異常はないかい?」と聞いたところ「これはMacだから大丈夫」と断言する内容である。 [図1] The Brads- Impossible 2 セキュリティプレス・アン その信頼はセキュリティに関しても絶大で、どうやらMacは安全な環境であると思われているらしい。しかし前述のようにMac向けマルウェアは昔か ら存在していたし、Macの運営環境である「OS X」に移行してから10年間、脅威は持続的に発見されている。もちろんWindowに比べればMac向け マルウェアが少ないのは確かだが、最近発見されるマルウェアの傾向を見るとMacもまたマルウェアの安全地帯ではないことが分かる。最近登場して いるMac向けマルウェアの特徴を分析し、Macを保護するソリューションを見てみよう。 主なMacマルウェア 現在のMacも多くの進化を遂げた。プロセッサやOSの変化により、[図2]のようにOS環境がOS Xに変更された前後で発見されたマルウェアは異なる。 初期 偽装した セキュリティ プログラム リリース リリース [図2] Mac向けマルウェア史タイムライン OS X移行後に登場したマルウェアに関する詳細情報は次の通りだ。 マルウェア(発見時期) 特徴 備考 Renepo -システムセキュリティ設定: 低 -OS X 初のマルウェア (2004) -OS X ファイアウォール解除 -2004/3/3、ニックネーム DimBulbが「Macintosh Underground -ソフトウェアアップデート機能解除 forum」に参加後、3/13からスクリプトワームに対して掲載し、フォーラ -ohphoneX(ボイス及びビデオ共有)、d ムの参加者とマルウェア作成を開始。9/10の掲載バージョンが10/23に sniff(暗号スニファ)、John the Rippe 外部に知れ渡り、10/24から大炎上したことから作成を放棄 r(暗号クラック)をダウンロードインストール -Apple社ではマルウェアではないと否認し、対応せず RSPlug(Dnschanger) -DNSアドレスを変更してフィッシングサイ -使用者に実害を与えた初のOS X向けマルウェア (2007.10) トに誘導し、金銭的要求 3 セキュリティプレス・アン マルウェア(発見時期) 特徴 備考 MacSweeper -常に何かを診断し、購入要求 -OS X初の偽装アンチウィルスプログラム (2008.1.17) -KiVVi Softwareで作成し、強制マーケティングに使用したことで公式謝 罪 -2011/5以降Mac Defender、Mac Protector、Mac Security、 Mac Guard、Mac Shieldなど偽装プログラムが大幅に増加 -Apple社は同年5月末セキュリティアップデートを行い、偽装アンチウィルス
  • Fast, Accurate, Vulnerability Assessments

    Fast, Accurate, Vulnerability Assessments

    SOLUTIONS / MANAGED SECURITY / VULNERABILITY SCANNING Managed Vulnerability Scanning FAST, ACCURATE, SOLUTION VULNERABILITY ASSESSMENTS AT-A-GLANCE • Scanning options include Identify and Mitigate Vulnerabilities that OS, database, application, Threaten Compliance and host • Credentialed Patch Vulnerability scanning is a critical component of protecting any hybrid Audit Scans IT infrastructure system, especially those that need to meet strict • Host/Network FedRAMP, HIPAA, and PCI-DSS compliance requirements. Managing Discovery Scans vulnerabilities helps identify software flaws, missing patches, malware, • CIS Hardening Scans misconfigurations across operating systems, devices and applications. • Web Application Scans Knowledge is Power • Auditing and scanning DataBank’s Managed Vulnerability Scanning solution leverages for WannaCry, Spectre, Meltdown, Bash Shellshock, hundreds of configuration and compliance scanning templates to Badlock, and Shadow audit against industry benchmarks and best practices while powerful Brokers reporting and visibility tools help you to make sense of the findings. DataBank’s Managed Vulnerability Scanning helps you accomplish your goals of identifying and mitigating vulnerabilities before they become a problem. DataBank’s solution is supported by a dedicated staff of security engineers and a seasoned Chief Information Security Officer. KEY BENEFITS LAYERED DEFENSE PROACTIVE SERVICE EXPERT GUIDANCE CONTINUOUS MONITORING HOW IT WORKS ASSET VULNERABILITY VULNERABILITY VULNERABILITY DISCOVERY SCANNING ASSESSMENT
  • The Million Dollar Dissident: NSO Group's Iphone Zero-Days Used Against a UAE Human Rights Defender

    The Million Dollar Dissident: NSO Group's Iphone Zero-Days Used Against a UAE Human Rights Defender

    Research Teaching News Lab Projects GLA2010 In the News About Publications Newsletter People Archives Events Opportunities Contact The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender August 24, 2016 Categories: Bill Marczak, John Scott-Railton, Reports and Briefings Authors: Bill Marczak and John Scott-Railton, Senior Researchers at the Citizen Lab, with the assistance of the research team at Lookout Security. Media coverage: The New York Times, Motherboard, Gizmodo, Wired, Washington Post, ZDNet. This report describes how a government targeted an internationally recognized human rights defender, Ahmed Mansoor, with the Trident, a chain of zero-day exploits designed to infect his iPhone with sophisticated commercial spyware. 1. Executive Summary Ahmed Mansoor is an internationally recognized human rights defender, based in the United Arab Emirates (UAE), and recipient of the Martin Ennals Award (sometimes referred to as a “Nobel Prize for human rights”). On August 10 and 11, 2016, Mansoor received SMS text messages on his iPhone promising “new secrets” about detainees tortured in UAE jails if he clicked on an included link. Instead of clicking, Mansoor sent the messages to Citizen Lab researchers. We recognized the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based “cyber war” company that sells Pegasus, a government- exclusive “lawful intercept” spyware product. NSO Group is reportedly owned by an American venture capital firm, Francisco Partners Management. The ensuing investigation, a collaboration between researchers from Citizen Lab and from Lookout Security, determined that the links led to a chain of zero-day exploits (“zero-days”) that would have remotely jailbroken Mansoor’s stock iPhone 6 and installed sophisticated spyware.
  • BUGS in the SYSTEM a Primer on the Software Vulnerability Ecosystem and Its Policy Implications

    BUGS in the SYSTEM a Primer on the Software Vulnerability Ecosystem and Its Policy Implications

    ANDI WILSON, ROSS SCHULMAN, KEVIN BANKSTON, AND TREY HERR BUGS IN THE SYSTEM A Primer on the Software Vulnerability Ecosystem and its Policy Implications JULY 2016 About the Authors About New America New America is committed to renewing American politics, Andi Wilson is a policy analyst at New America’s Open prosperity, and purpose in the Digital Age. We generate big Technology Institute, where she researches and writes ideas, bridge the gap between technology and policy, and about the relationship between technology and policy. curate broad public conversation. We combine the best of With a specific focus on cybersecurity, Andi is currently a policy research institute, technology laboratory, public working on issues including encryption, vulnerabilities forum, media platform, and a venture capital fund for equities, surveillance, and internet freedom. ideas. We are a distinctive community of thinkers, writers, researchers, technologists, and community activists who Ross Schulman is a co-director of the Cybersecurity believe deeply in the possibility of American renewal. Initiative and senior policy counsel at New America’s Open Find out more at newamerica.org/our-story. Technology Institute, where he focuses on cybersecurity, encryption, surveillance, and Internet governance. Prior to joining OTI, Ross worked for Google in Mountain About the Cybersecurity Initiative View, California. Ross has also worked at the Computer The Internet has connected us. Yet the policies and and Communications Industry Association, the Center debates that surround the security of our networks are for Democracy and Technology, and on Capitol Hill for too often disconnected, disjointed, and stuck in an Senators Wyden and Feingold. unsuccessful status quo.
  • 2015 Threat Report Provides a Comprehensive Overview of the Cyber Threat Landscape Facing Both Companies and Individuals

    2015 Threat Report Provides a Comprehensive Overview of the Cyber Threat Landscape Facing Both Companies and Individuals

    THREAT REPORT 2015 AT A GLANCE 2015 HIGHLIGHTS A few of the major events in 2015 concerning security issues. 08 07/15: Hacking Team 07/15: Bugs prompt 02/15: Europol joint breached, data Ford, Range Rover, 08/15: Google patches op takes down Ramnit released online Prius, Chrysler recalls Android Stagefright botnet flaw 09/15: XcodeGhost 07/15: Android 07/15: FBI Darkode tainted apps prompts Stagefright flaw 08/15: Amazon, ENFORCEMENT bazaar shutdown ATTACKS AppStore cleanup VULNERABILITY reported SECURITYPRODUCT Chrome drop Flash ads TOP MALWARE BREACHING THE MEET THE DUKES FAMILIES WALLED GARDEN The Dukes are a well- 12 18 resourced, highly 20 Njw0rm was the most In late 2015, the Apple App prominent new malware family in 2015. Store saw a string of incidents where dedicated and organized developers had used compromised tools cyberespionage group believed to be to unwittingly create apps with malicious working for the Russian Federation since behavior. The apps were able to bypass at least 2008 to collect intelligence in Njw0rm Apple’s review procedures to gain entry support of foreign and security policy decision-making. Angler into the store, and from there into an ordinary user’s iOS device. Gamarue THE CHAIN OF THE CHAIN OF Dorkbot COMPROMISE COMPROMISE: 23 The Stages 28 The Chain of Compromise Nuclear is a user-centric model that illustrates Kilim how cyber attacks combine different Ippedo techniques and resources to compromise Dridex devices and networks. It is defined by 4 main phases: Inception, Intrusion, WormLink Infection, and Invasion. INCEPTION Redirectors wreak havoc on US, Europe (p.28) INTRUSION AnglerEK dominates Flash (p.29) INFECTION The rise of rypto-ransomware (p.31) THREATS BY REGION Europe was particularly affected by the Angler exploit kit.
  • Moonlight Maze,’ Perhaps the Oldest Publicly Acknowledged State Actor, Has Evaded Open Forensic Analysis

    Moonlight Maze,’ Perhaps the Oldest Publicly Acknowledged State Actor, Has Evaded Open Forensic Analysis

    PENQUIN’S MOONLIT MAZE The Dawn of Nation-State Digital Espionage Juan Andres Guerrero-Saade, Costin Raiu (GReAT) Daniel Moore, Thomas Rid (King’s College London) The origins of digital espionage remain hidden in the dark. In most cases, codenames and fragments of stories are all that remains of the ‘prehistoric’ actors that pioneered the now- ubiquitous practice of computer network exploitation. The origins of early operations, tools, and tradecraft are largely unknown: official documents will remain classified for years and decades to come; memories of investigators are eroding as time passes; and often precious forensic evidence is discarded, destroyed, or simply lost as storage devices age. Even ‘Moonlight Maze,’ perhaps the oldest publicly acknowledged state actor, has evaded open forensic analysis. Intrusions began as early as 1996. The early targets: a vast number of US military and government networks, including Wright Patterson and Kelly Air Force Bases, the Army Research Lab, the Naval Sea Systems Command in Indian Head, Maryland, NASA, and the Department of Energy labs. By mid-1998 the FBI and Department of Defense investigators had forensic evidence pointing to Russian ISPs. After a Congressional hearing in late February 1999, news of the FBI’s vast investigation leaked to the public.1 However, little detail ever surfaced regarding the actual means and procedures of this threat actor. Eventually the code name was replaced (with the attackers’ improved intrusion set dubbed Storm Cloud’, and later ‘Makers Mark’) and the original ‘MM’ faded into obscurity without proper technical forensic artefacts to tie these cyberespionage pioneers to the modern menagerie of APT actors we are now all too familiar with.
  • Cyber News for Counterintelligence / Information Technology / Security Professionals 13 November 2014

    Cyber News for Counterintelligence / Information Technology / Security Professionals 13 November 2014

    Cyber News for Counterintelligence / Information Technology / Security Professionals 13 November 2014 Purpose Stuxnet worm entered Iran's nuclear facilities through hacked suppliers Educate recipients of cyber events to aid in protecting Engadget, 13 Nov 2014: You may have heard the common story of how Stuxnet electronically stored DoD, spread: the United States and Israel reportedly developed the worm in the mid- corporate proprietary, and/or Personally Identifiable 2000s to mess with Iran's nuclear program by damaging equipment, and first Information from theft, unleashed it on Iran's Natanz nuclear facility through infected USB drives. It got compromise, espionage out of control, however, and escaped into the wild (that is, the internet) sometime Source later. Relatively straightforward, right? Well, you'll have to toss that version of This publication incorporates open source news articles events aside -- a new book, Countdown to Zero Day, explains that this digital educate readers on security assault played out very differently. Researchers now know that the sabotage- matters in compliance with oriented code first attacked five component vendors that are key to Iran's nuclear USC Title 17, section 107, program, including one that makes the centrifuges Stuxnet was targeting. These Para a. All articles are truncated to avoid the companies were unwitting Trojan horses, security firm Kaspersky Lab says. Once appearance of copyright the malware hit their systems, it was just a matter of time before someone brought infringement compromised data into the Natanz plant (where there's no direct internet access) Publisher and sparked chaos. As you might suspect, there's also evidence that these first * SA Jeanette Greene Albuquerque FBI breaches didn't originate from USB drives.
  • Ransomware Is Here: What You Can Do About It?

    Ransomware Is Here: What You Can Do About It?

    WHITEPAPER Ransomware is Here: What you can do about it? Overview Over the last few years, ransomware has emerged as one of the most devastating and costly attacks in the hacker arsenal. Cyber thieves are increasingly using this form of attack to target individuals, corporate entities and public sector organizations alike by holding your system or files for ransom. Unlike other forms of cyber theft that often involve stolen financial or healthcare information, ransomware cuts out the middleman. In cases where an attacker steals health or financial documents, they must sell them on to third parties to make money. As far as ransomware is concerned, the money comes directly from the victim. Ransomware is a quickly growing threat vector. According to the FBI’s Internet Crime Complaint center (IC3), infected users made complaints about ransomware 2,453 times in 2015—nearly double the figure for 2014. What’s more, these figures most likely represent only the tip of the iceberg, as many users pay their ransom without making a report to the authorities. A recent survey conducted by a Cyber Security Research Center at the University of Kent found that over 40% of those infected with CryptoLocker actually agreed to pay the ransom demanded, which is a big incentive for hackers to target more systems. Lastly, hackers are rapidly iterating both malware and distribution techniques. In early Q2 of 2016, a new variant of ransomware, known as CryptXXX, emerged on the scene. This program is packed in such a way that users and antivirus software may initially confuse it for a Windows DLL file.
  • Databreaches in Healthcare the Attractiveness of Leaked Healthcare Data for Cybercriminals 2 Whitepaper: Databreaches in Healthcare

    Databreaches in Healthcare the Attractiveness of Leaked Healthcare Data for Cybercriminals 2 Whitepaper: Databreaches in Healthcare

    Databreaches in Healthcare The attractiveness of leaked healthcare data for cybercriminals 2 Whitepaper: Databreaches in healthcare Table of Contents Introduction.................................................................................................. 5 An international problem ............................................................................................................................ 6 The risk of digitization ................................................................................................................................ 6 The medical IoT ............................................................................................................................................ 7 Overview of the attack vector: What has Healthcare suffered in the past? ............................................ 8 What are the most common causes of health data compromise? ................................................................... 10 Hacking/IT incidents ................................................................................................................................. 10 Social Engineering......................................................................................................................................11 Examples ......................................................................................................................................................11 Why is the healthcare vertical such an attractive target?.......................................................................
  • Internet Security Threat Report VOLUME 21, APRIL 2016 TABLE of CONTENTS 2016 Internet Security Threat Report 2

    Internet Security Threat Report VOLUME 21, APRIL 2016 TABLE of CONTENTS 2016 Internet Security Threat Report 2

    Internet Security Threat Report VOLUME 21, APRIL 2016 TABLE OF CONTENTS 2016 Internet Security Threat Report 2 CONTENTS 4 Introduction 21 Tech Support Scams Go Nuclear, 39 Infographic: A New Zero-Day Vulnerability Spreading Ransomware Discovered Every Week in 2015 5 Executive Summary 22 Malvertising 39 Infographic: A New Zero-Day Vulnerability Discovered Every Week in 2015 8 BIG NUMBERS 23 Cybersecurity Challenges For Website Owners 40 Spear Phishing 10 MOBILE DEVICES & THE 23 Put Your Money Where Your Mouse Is 43 Active Attack Groups in 2015 INTERNET OF THINGS 23 Websites Are Still Vulnerable to Attacks 44 Infographic: Attackers Target Both Large and Small Businesses 10 Smartphones Leading to Malware and Data Breaches and Mobile Devices 23 Moving to Stronger Authentication 45 Profiting from High-Level Corporate Attacks and the Butterfly Effect 10 One Phone Per Person 24 Accelerating to Always-On Encryption 45 Cybersecurity, Cybersabotage, and Coping 11 Cross-Over Threats 24 Reinforced Reassurance with Black Swan Events 11 Android Attacks Become More Stealthy 25 Websites Need to Become Harder to 46 Cybersabotage and 12 How Malicious Video Messages Could Attack the Threat of “Hybrid Warfare” Lead to Stagefright and Stagefright 2.0 25 SSL/TLS and The 46 Small Business and the Dirty Linen Attack Industry’s Response 13 Android Users under Fire with Phishing 47 Industrial Control Systems and Ransomware 25 The Evolution of Encryption Vulnerable to Attacks 13 Apple iOS Users Now More at Risk than 25 Strength in Numbers 47 Obscurity is No Defense