2020 REPORT ON CYBER SECURITY IN THE CZECH REPUBLIC National C yber and Inform2020ati Reporton 1 Security Agency FOREWORD BY THE DIRECTOR OF THE NÚKIB Dear reader, You are now presented with the 2020 Report on Cyber considerably stricter security requirements. At the same Security. It is needless to point out the many twists and time, they have the opportunity to use broader services turns the Czech Republic and the whole world went ranging from vulnerability scanning to penetration through that year. Yet I would still like to mention what testing and other activities we offer regulated entities the global pandemic has meant for cyber security. free of charge. Last year showed us all that the limits of what can Furthermore, we have introduced several training be moved to cyberspace are far beyond what we courses for both the public and employees of essen­ previously imagined. Moreover, the transition has tial institutions. People are the weakest link in cyber revealed how much we depend on information and security, and they need to be aware of the risks looming communication technologies. in cyberspace. IT and cyber security experts have been drawing atten­ Other unequivocal successes include the approval of tion to this dependency for many years. It was not until two documents critical for developing the cyber security last year, though, as the Internet became the only place of the Czech Republic and the NÚKIB itself. Had it not where many people could work, close deals, hold talks, been for them and the related collaboration, this 2020 and keep in touch with loved ones, that we realised how Report on Cyber Security would not have seen the light overwhelming this reliance truly was. of day. Nor, most importantly, could cyber security in the Czech Republic have been assured. Let us see this situation as an opportunity. The virus has helped us do what we had not been able to do The first document is the National Cyber Security Strat­ ourselves: it persuaded the majority of society that egy, which establishes the direction of activities for the cyber security, and the principles of proper conduct in agency and all subjects involved in cyber security assur­ cyberspace per se, are of concern to all of us. ance in the Czech Republic for the following five years. The other crucial document is the NÚKIB Development The following texts and statistics indicate that cyberspace Concept, which sets out how the institution will de­ is not a safe place. No one can be unaware of the ran­ velop going forward, the capacities we would like to somware attacks that paralysed, among others, the Uni­ have in the future and, last but not least, how much versity Hospital Brno during the onset of the pandemic, it will all cost. I am very pleased that the work on this causing hundreds of millions of crowns of damage. Our document has been completed. The NÚKIB is still a statistics also show that the number of attacks has been new institution, and so a clear definition of its future growing, and more and more institutions – take local development is vital. authorities as an example – have been falling victim to such attacks. Regarding the international scene, I would like to em­ phasise the 2nd Prague 5G Security Conference held The National Cyber and Information Security Agency under the auspices of the Czech Prime Minister and (hereinafter the ‘NÚKIB’) worked to give all possible attended by many important foreign guests. assistance to the affected entities and protect others the attacks could also impact. Let me mention, inter alia, The developments last year showed us how dangerous a reactive measure for selected healthcare entities ­fol cyberspace can be yet how important it is to all of us. lowed by a warning issued for the same group of recipi­ I would like to thank all the 222 entities in various fields ents. We also prepared many supporting materials that that filled in our questionnaires and thereby partici­ anyone may use free of charge to secure their systems. pated in preparing this 2020 Report on Cyber Security. I firmly believe that the Report will raise cyber security We drafted changes in legislation, effective since Jan­ awareness and improve safety for everybody. uary this year, especially for the healthcare sector. As a consequence, significantly more hospitals must meet Ing. Karel Řehka Foreword by the Director of the NÚKIB 2 SUMMARY OF THE 2020 REPORT ON CYBER SECURITY IN THE CZECH REPUBLIC The year 2020 was marked by an increase in cyber- intended for sharing legislative, strategic, and other attacks against Czech institutions, organisations, and 5G network security tools the countries adopted over companies across all sectors. Compared to 217 inci­ the past year. dents in 2019, a total of 468 incidents were reported to the NÚKIB in 2020. Nearly one­third of the incidents In 2020, the NÚKIB continued the training of public handled were reported by non­regulated entities. This administration staff and trained more than 18‚209 increase was very likely caused by both a higher number civil servants, 214 employees of the Armed Forces of of cyberattacks and greater awareness of the existence the Czech Republic, and 2‚000 employees of Bulovka and activities of the NÚKIB. The severity of the incidents Hospital in the ‘Dávej kyber!’ [Get Cyber Skilled!] has also increased, which is evident from the attacks e­learning course. Another 1,690 prevention officers against the University Hospital Brno and the Psychiatric were trained in the professional ‘Bezpečně v kyber’ [Stay Hospital in Kosmonosy. The most frequent types of at­ Safe in Cyberspace] course, which presents school envi­ tack in 2020 included spam, phishing, and scanning. ronment situations to staff. The most serious cyber threats in the Czech Republic Many organisations questioned through the survey have long included cybercrime. In 2020, this was most said they faced a lack of experts and insufficient visible with ransomware attacks affecting the Czech cyber security budgets in 2020. The situation was healthcare sector. The increase in attacks against hos­ more pronounced in the public sector than in private pitals can largely be attributed to the ongoing pandemic undertakings. Almost none of the respondents had as well as cybercrime groups concentrating on specific all cyber security posts occupied. More than half the institutions where they see a higher chance that the organisations considered insufficient salaries to be the ransom will be paid. Yet three­quarters of healthcare main factor. facilities consider the funds allocated to ensuring cyber security insufficient. In response to events during the pandemic, the NÚKIB issued several recommendations, warnings, and re- In 2020, the NÚKIB, in cooperation with the Office of active measures. These included, for example, warn­ the Government and the Ministry of Foreign Affairs, ings about the risks associated with online conference organised the second two-day Prague 5G Security services, Safe Remote Working recommendations, the Conference, the world’s premier forum for discussion Secure Videoconferencing manual, and the Minimum of the risks associated with the building of 5G infra­ Safety Standard document for securing smaller organ­ structure. As last year, the conference was held under isations prepared in cooperation with NAKIT. the auspices of Andrej Babiš, the Prime Minister of the Czech Republic. Despite the fact that the conference Despite the pandemic measures, Cyber Coalition – the was virtual for the first time due to the COVID­19 situ­ international cyber defence exercise organised by ation, more than 50 speakers from Europe, the USA, the North Atlantic Treaty Organisation – took place South Korea, Israel, Australia, India, and other countries in 2020, for the first time in virtual form. The Czech spoke at it. The main outcome of this second confer­ Republic thus again contributed as much as possible to ence was the presentation and launching of the so­ one of the largest international cyber defence exercises. called Prague 5G Security Repository, a virtual library Summary of the 2020 Report on Cyber Security 3 TABLE OF CONTENTS FOREWORD BY THE DIRECTOR CYBER THREATS 2 OF THE NÚKIB 16 �� ransomware: a continuing increasing trend in sophisticated extortion attacks SUMMARY OF THE 2020 REPORT �� ransomware, ddos attacks and 3 ON CYBER SECURITY IN THE spear-phishing: the three most serious CZECH REPUBLIC threats of ���� �� supply chain attacks: a threat with global impacts but next to zero 6 LIST OF ABBREVIATIONS occurence in the czech republic 20 TARGETS OF CYBERATTACKS 2020: CYBER SECURITY IN THE CZECH 7 REPUBLIC IN FIGURES �� critical infrastructure: improved security and no serious incident �� public sector: target of ddos attacks and personalized phishing ABOUT THE DOCUMENT 8 �� financial sector: the highest budgets and the absence of serious attacks �� industry & energy: more attacks CYBER SECURITY IN 2020 FROM THE but low impacts 9 PERSPECTIVE OF CZECH INSTITUTIONS, ORGANISATIONS, AND COMPANIES �� healthcare: a tempting ransomware attack target �� education: increasing cyberattacks CYBER INCIDENTS FROM THE 13 PERSPECTIVE OF THE NÚKIB �� digital services: sufficient funding and legal expertise 15 THREAT ACTORS IN CYBERSPACE 26 MEASURES �� timeline of the núkib’s activities in combating the covid-�� pandemic �� national cyber security strategy: an important milestone in ���� �� legislative framework: setting basic rules for important entities �� the núkib’s supervisory activities in ���� �� cyber security exercises: