Cyber Security Assessment Netherlands CSAN 2016

Cyber Security Assessment Netherlands CSAN 2016

Cyber Security Assessment Netherlands CSAN 2016 CSAN Netherlands Assessment Security Cyber Cyber Security Assessment Netherlands csan 2016 Publication National Cyber Security Centre PO Box 117, 2501 CC The Hague, the Netherlands Turfmarkt 147, 2511 DP The Hague, the Netherlands +31 70 751 55 55 More information www.ncsc.nl [email protected] October 2016 Cyber Security Assessment Netherlands csan 2016 National Cyber Security Centre The National Cyber Security Centre (NCSC), in collaboration with the business community, government bodies and academics, is working to increase the ability of Dutch society to defend itself in the digital domain. The NCSC supports the central government and organisations with a vital function in society by providing them with expertise and advice, threat response and with actions to strengthen crisis management. In addition, the NCSC provides information and advice to citizens, the government and the business community relating to awareness and prevention. The NCSC thus constitutes the central reporting and information point for IT threats and security incidents. The NCSC is part of the Cyber Security Department of the National Coordinator for Security and Counterterrorism. National Coordinator for Security and Counterterrorism The National Coordinator for Security and Counterterrorism (NCTV) protects the Netherlands against threats that may disrupt society. Together with its partners within the government, the science community and the business sector, the NCTV ensures that the Dutch critical infrastructure is safe and remains so. Collaboration and sources In drawing up this report, the NCSC gratefully used information provided by the following parties: - The various ministries - Military Intelligence and Security Service (MIVD) - Defence Computer Emergency Response Team (DefCERT) - General Intelligence and Security Service (AIVD) - Dutch National Police (National High Tech Crime Unit) - Public Prosecution Service - Representatives of critical infrastructure organisations, members of the Information Sharing and Analysis Centres (ISACs) and other NCSC partners - NCTV - National Management Organisation for Internet Providers (Nationale Beheersorganisatie Internet Providers) - Internet Standards Platform (Platform Internetstandaarden) - Bits of Freedom - Consumers' Association - ICT Netherlands (Nederland ICT) - Dutch Payments Association - Confederation of Netherlands Industry and Employers (VNO-NCW) - Scientific institutions - Universities - Experts in the field of cybersecurity The contributions of these parties have, together with substantive reviews, publicly accessible sources, a survey, information from the critical infrastructure and analyses from the NCSC, contributed to the substantive quality of this assessment. 5 6 Table of contents Summary 9 5 Resilience: Measures 57 Key findings 11 Human beings 57 Insight into threats and actors 11 Technology 58 Dutch developments 61 Introduction 15 International developments 63 Responsible or coordinated vulnerability disclosure 63 1 Manifestations 17 Conclusion and looking ahead 65 Activities aimed at monetary gain 17 Activities aimed at acquiring information 19 6 Interests 69 Activities aimed at disruption 21 Societal interests 69 Manifestations with unintentional damage 21 The development of interests 69 Conclusion and looking ahead 71 2 Threats: Actors 25 Professional criminals 25 Appendix 1 State actors 27 NCSC statistics 73 Terrorists 28 Responsible disclosure 73 Hacktivists 28 Security advisories 74 Cyber vandals and script kiddies 29 Cybersecurity incidents registered with the NCSC 76 Internal actors 30 Cyber researchers 30 Appendix 2 Private organisations 30 Sectoral assessment of cybersecurity 80 Conclusion and looking ahead 32 Appendix 3 3 Threats: Tools 37 Terms and abbreviations 86 Malware 37 Tools 40 Denial-of-Service attacks 42 Obfuscation: hiding criminal activity 43 Attack vectors 44 Conclusion and looking ahead 46 4 Resilience: Vulnerabilities 51 Organisational developments 51 Developments on the user's side 53 Technical developments 53 Conclusion and looking ahead 54 Professional criminals have evolved into sophisticated actors and carry out long-lasting and high-quality operations Digital economic espionage by foreign intelligence services puts the competitiveness of the Netherlands under pressure Ransomware is commonplace and has become even more advanced Advertising networks have not yet shown the ability to cope with malvertising 8 Summary | CSAN 2016 Summary The Cyber Security Assessment Netherlands (CSAN) 2016 offers insight into interests, threats and resilience, as well as related developments in the field of cybersecurity. This CSAN focuses primarily on the Netherlands, for the period from May 2015 to April 2016. The CSAN is published annually by the National Cyber Security Centre and is drawn up in cooperation with public and private partners. In the past year, state actors and professional criminals formed competitive position of the Netherlands. In addition to the largest threat for the Netherlands in the field of economic espionage, foreign intelligence services actively collect cybersecurity. Over the reporting period, they have caused many political information via digital pathways. The Dutch government incidents, or have attempted to do so. Also, the threat that suffers regular digital attacks. Political espionage undermines emanates from these groups is huge, and has grown in the past politics and government and is therefore a threat to the year. democratic legal order. Abroad, manifestations by state actors have been observed that deploy sabotage and other (military) cyber Criminals have, over the past year, focused massively on capabilities. The threat has increased for the Netherlands. State ransomware and the degree of organisation of criminal actors have deployed digital attacks abroad more frequently to campaigns is continually increasing. achieve their strategic objectives, to influence conflicts and, in On a regular basis, organisations in society must deal with some cases, to support an armed struggle. Cybersecurity measures computers and data that have been made inaccessible by taken can also protect against a digital component of hybrid ransomware. For criminals, campaigns with ransomware are easy attacks. to carry out. Criminals take into account the purchasing power of victims: sometimes more ransom is demanded if (large) Encryption has received much attention over the past year. The organisations are infected. Thus, ransomware, in recent years, has interests of the parties are sometimes at odds with each other. In developed into the tool of choice for professional criminals to the discussion on the relevance of encryption, the interests of make money. The classic measures of regular backups and network detection and national security must be balanced against the segmentation can limit the impact of ransomware attacks. In security of the internet and the privacy of its users. In the addition to short actions aimed at making money quickly, Netherlands, the government has published its official position on professional criminals are expanding their methods: professional encryption. The government endorses the importance of strong criminals have evolved into sophisticated actors and carry out encryption for internet safety, in support of the protection of the long-lasting and high-quality operations. In the past year, privacy of citizens, for confidential communications of several long-running campaigns were observed, using government and businesses and for the Dutch economy. The advanced forms of spear phishing. With this, both the government has sent its position on encryption to the House of investments and the proceeds of the campaigns have increased. Representatives. The government is of the opinion that it is not In the past, this way of working was the domain of state actors. currently appropriate to take legal measures to restrict the development, availability or the use of encryption. State actors have, over the past year, carried out a great deal of digital espionage on the leading Dutch sectors. Digital economic Hacktivists and terrorists in the field of cybersecurity pose less espionage by foreign intelligence services puts pressure on the of a threat than state actors and professional criminals, but 9 ncsc | Cyber Security Assessment Netherlands these actors have developed over the past year. There have been Advertising networks do not seem to be able to cope with no terrorist attacks recently using digital resources. However, they malvertising yet. This method of malware distribution remains do generate a lot of media attention with small-scale digital attacks popular and is a growing problem that is not easy to solve: the which require little knowledge or skill. Hacktivists have, over the manner in which ads are bought in real time and presented to the past year, focused on the online publishing of sensitive corporate user happens out of sight of website owners. Currently, advertising information and personal information. networks do not thoroughly check the content of their ads. Combined with the fact that many systems do not have the latest Cyber vandals and script kiddies are a growing threat. They can updates, this provides a large attack surface. Effective protection carry out digital attacks with accessible tools and at low cost. Think against malvertising without affecting the revenue model of of booter services to perform DDoS attacks; these are forms of websites requires fundamental

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    92 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us