Category: Agency News
North Korean Malicious Cyber Activity
NSA Secures 5G Through Partnerships
OSCE and UN partners train practitioners from Central Asia on effective investigations of cybercrimes and terrorist use of Internet
ENISA Threat Landscape 2020 highlights top cyber threats for January 2019-April 2020
New Dates for Critical Infrastructure Protection & Resilience North America
Critical Infrastructure Protection and Resilience North America (CIPRNA) has announced its rescheduled dates of 19th-21st October 2021 in New Orleans, USA, with the support of Infragard Louisiana.
Postponed due to the Covid-19 pandemic CIPRNA will reconvene in New Orleans in October 2021 to continue the important discussions for governments, agencies, operator/owners and stakeholders for collaboration in securing and protecting America's critical infrastructure, and are currently inviting abstracts for consideration for presentation in the programme.
CIPRNA is the premier conference discussion for securing North America's critical infrastructure.
Further details at www.ciprna-expo.com
The Call to Work Towards Better Governance
Study for the creation of a national capabilities assessment framework
ENISA, the EU Agency for cybersecurity, held a workshop to validate the results of the study for the creation of a national capabilities assessment framework together with the EU Member States and related stakeholders. By assessing their National Cybersecurity Strategy objectives both at strategic and at operational level, Member States will be able to possibly enhance existing and build new cybersecurity capabilities. The purpose of the framework is to help Member States perform a self-assessment of their level of maturity. Other benefits include:
- Identification of elements missing within the strategy;
- Establish a history of lessons learned;
- Referencing best practices;
- Generate credibility and showing transparency for the public, National and international stakeholders and partners.
Sixty participants coming from academia, EU institutions, National Authorities, Ministries, and CSIRTs attended the online workshop. They were all actively engaged in the assessment and validation of the proposed report, which will be published later.
Members of the Hellenic Ministry of Digital Governance and of the Ministry of Justice and Security in the Netherlands also intervened. Each of them gave a short presentation on the recent NCSS efforts conducted in Greece and in the Netherlands respectively. They also shared the main challenges they face as well as good practices and lessons learned.
The representatives identified the following challenges and lessons learned:
- Most resources tend to be dedicated to the planning and implementation phase. While obviously important, this may lead to a lack of coordination and organisation in the monitoring and evaluation phase of the strategy.
- The strategy should provide explicit ownership and accountability for the measures identified to reach the objectives. This is not currently the case.
- Clarifying relations between objectives, measures, resources and expected outputs of the next national strategy will be essential in order to re-structure the policy theory.
- Cybersecurity is a domain where information is highly confidential and not easily distributed. This is why it is crucial for EU Member States to have common tools and processes based on the shared experience.
Background on National Cybersecurity Strategies
In line with its strategic objectives, the European Agency for Cybersecurity, (ENISA) supports the efforts of Member States in the area of NCSS by:
- Supporting cybersecurity as an integral part of national policies through the development of guidelines on the NCSS lifecycle and through analysis of existing strategies to outline good practices. The Good Practice Guide on NCSS published in 2016 is one of them.
- Supports cutting-edge competencies and capabilities through performing deep dives on specific national strategic objectives, such as the publication on the Good practices in Innovation. This can also be done by developing online tools to support the uptake of lessons learned and good practices. Examples of such tools are the NCSS evaluation tool and the NCSS Interactive Map.
- Empowering and engaging Member States through community building by maintaining an experts group on NCSS and by fostering cooperation and exchange of good practices between MS. Publications on effective collaborative models for PPPs and ISACs are good examples of such effort.
Covid-19 Sparks Upward Trend in Cybercrime
Europol’s 2020 cybercrime report updates on the latest trends and the current impact of cybercrime within the EU and beyond.
So much has changed since Europol published last year’s Internet Organised Crime Threat Assessment (IOCTA). The global COVID-19 pandemic that hit every corner of the world forced us to reimagine our societies and reinvent the way we work and live. During the lockdown, we turned to the internet for a sense of normality: shopping, working and learning online at a scale never seen before. It is in this new normal that Europol publishes its 7th annual IOCTA. The IOCTA seeks to map the cybercrime threat landscape and understand how law enforcement responds to it. Although the COVID-19 crisis showed us how criminals actively take advantage of society at its most vulnerable, this opportunistic behaviour of criminals should not overshadow the overall threat landscape. In many cases, COVID-19 has enhanced existing problems.
CROSS-CUTTING CRIME
Social engineering and phishing remain an effective threat to enable other types of cybercrime. Criminals use innovative methods to increase the volume and sophistication of their attacks, and inexperienced cybercriminals can carry out phishing campaigns more easily through crime as-a-service. Criminals quickly exploited the pandemic to attack vulnerable people; phishing, online scams and the spread of fake news became an ideal strategy for cybercriminals seeking to sell items they claim will prevent or cure COVID-19.
Encryption continues to be a clear feature of an increasing number of services and tools. One of the principal challenges for law enforcement is how to access and gather relevant data for criminal investigations. The value of being able to access data of criminal communication on an encrypted network is perhaps the most effective illustration of how encrypted data can provide law enforcement with crucial leads beyond the area of cybercrime.
MALWARE REIGNS SUPREME
Ransomware attacks have become more sophisticated, targeting specific organisations in the public and private sector through victim reconnaissance. While the COVID-19 pandemic has triggered an increase in cybercrime, ransomware attacks were targeting the healthcare industry long before the crisis. Moreover, criminals have included another layer to their ransomware attacks by threatening to auction off the comprised data, increasing the pressure on the victims to pay the ransom. Advanced forms of malware are a top threat in the EU: criminals have transformed some traditional banking Trojans into modular malware to cover more PC digital fingerprints, which are later sold for different needs.
CHILD SEXUAL ABUSE MATERIAL CONTINUES TO INCREASE
The main threats related to online child abuse exploitation have remained stable in recent years, however detection of online child sexual abuse material saw a sharp spike at the peak of the COVID-19 crisis. Offenders keep using a number of ways to hide this horrifying crime, such as P2P networks, social networking platforms and using encrypted communications applications. Dark web communities and forums are meeting places where participation is structured with affiliation rules to promote individuals based on their contribution to the community, which they do by recording and posting their abuse of children, encouraging others to do the same. Livestream of child abuse continues to increase, becoming even more popular than usual during the COVID-19 crisis when travel restrictions prevented offenders from physically abusing children. In some cases, video chat applications in payment systems are used which becomes one of the key challenges for law enforcement as this material is not recorded.
PAYMENT FRAUD: SIM SWAPPING A NEW TREND
SIM swapping, which allows perpetrators to take over accounts, is one of the new trends in this year’s IOCTA. As a type of account takeover, SIM swapping provides criminals access to sensitive user accounts. Criminals fraudulently swap or port victims’ SIMs to one in the criminals’ possession in order to intercept the one-time password step of the authentication process.
CRIMINAL ABUSE OF THE DARK WEB
In 2019 and early 2020 there was a high level of volatility on the dark web. The lifecycle of dark web market places has shortened and there is no clear dominant market that has risen over the past year. Tor remains the preferred infrastructure, however criminals have started to use other privacy-focused, decentralised marketplace platforms to sell their illegal goods. Although this is not a new phenomenon, these sorts of platforms have started to increase over the last year. OpenBazaar is noteworthy, as certain threats have emerged on the platform over the past year such as COVID-19-related items during the pandemic.
CISA and MS-ISAC Release Joint Ransomware Guide
The Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing a joint Ransomware Guide meant to be a one-stop resource for stakeholders on how to be proactive and prevent these attacks from happening and also a detailed approach on how to respond to an attack and best resolve the cyber incident. CISA and MS-ISAC observed there are vast products and resources available, but very few that have them all in one place.
This one-stop guide is divided into two parts:
First, the guide focuses on best practices for ransomware prevention, detailing practices that organizations should continuously do to help manage the risk posed by ransomware and other cyber threats. It is intended to enable forward-leaning actions to successfully thwart and confront malicious cyber activity associated with ransomware. Some of the several CISA and MS-ISAC preventive services that are listed are Malicious Domain Blocking and Reporting, regional CISA Cybersecurity Advisors, Phishing Campaign Assessment, and MS-ISAC Security Primers on ransomware variants such as Ryuk.
The second part of this guide, response best practices and services, is divided up into three sections: (1) Detection and Analysis, (2) Containment and Eradication, and (3) Recovery and Post-Incident Activity. One of the unique aspects that will significantly help an organization’s leadership as well as IT professional with response is a comprehensive, step-by-step checklist. With many technical details on response actions and lists of CISA and MS-ISAC services available to the incident response team, this part of the guide can enable a methodical, measured and properly managed approach.
“It is a CISA priority to help our partners defend against ransomware, advise them on appropriate risk-management actions and provide best practices for a resilient, responsible incident response plan in the event of an cyberattack,” said Bryan Ware, Assistant Director for Cybersecurity, CISA. “The collaborative and consistent engagement with our industry and government partners support our concerted efforts to offer trusted, proactive and timely resources and services. This guide is based on operational insight from CISA and MS-ISAC and our engagements with varied sector partners.”
Recent events stress the important reminder that ransomware can happen at any time to any organizations, so we encourage all organizations with sensitive or important data stored on their network to take steps now to protect it, including backing up data, training employees, and patching systems to blunt the potential impact of ransomware. Malicious actors have adjusted their ransomware tactics over time to include pressuring victims for payment by threatening to release stolen data if they refuse to pay and publicly naming and shaming victims as secondary forms of extortion.
One of the ways this guide can help is with identifying their critical data. It’s hard to have an organization determine after-the-fact what critical data was impacted by a ransomware incident if they did not have that understanding of what critical data they had ahead of time. And, it is hard to revert to backups if an organization does not have or has not properly maintained and tested their backups.
This joint ransomware guide is written primarily for the IT professional, but every level of an organization can benefit from reviewing it. CISA and MS-ISAC are proud to provide this guide that can help them plan for a ransomware incident and understand the risk management, analytical, and response services available to them.