Download - Cybercrime Risks Eu
![Page 1: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/1.jpg)
1
Risks of Cybercrime in Europe
Prof. Manel MedinaHead of Unit CERT Operational
support at ENISA
![Page 2: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/2.jpg)
2
Content
Overall ENISA Activities
Cybersecurity Risk EnvironmentOrganisation/Attacker Risk pattern
What is your Favourite Threat?
Specific ENISA contributionFight against cybercrime:
• Cooperation barriers• Best practices
Workshops and training: Toolkits
New EU Directive
![Page 3: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/3.jpg)
3
Overall ENISA activities
![Page 4: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/4.jpg)
WS1: ENISA as Facilitator for improving Cooperation
• Breach notification guidelines for article 13.a:• development of min security requirements for ISPs & Telcos• First breach notification received by ENISA in September.
• Cyber Exercises:• planning and managing the EU–US exercise• planning Cyber Europe 2012
• Seminars on national CIIP exercises (9 done, 4 more)• Good practice guide on National contingency plans
(2012Q1)• The EU Institutional CERT support (CERT EU) – On Track• Workshops & meetings organized: 18 done + 8 planned• 27 deliverables
415/04/2023
![Page 5: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/5.jpg)
• Secure smartphone• Good Practices and Guidelines for ICS and SCADA:
smart-grids, maritime, eco systems.• Supply Chain Integrity (SCI)• Browser Security paper as input to W3C process• Cloud procurement security• Study on use of advanced cryptographic techniques
(12 MS, >50% EU citizens)• Contribution in the Expert Group on the Internet of Things• Early warning for NIS preliminary results• 6 WS and meetings organised• 19 Deliverables
5
WS2: ENISA as Competence Center for Securing Current &
Future Technologies
15/04/2023
![Page 6: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/6.jpg)
WS3: ENISA as Promoter of Privacy & Trust
• Economics of Security community established• Launched activities:
• Economic Efficiency of Security Breach Notification Schemes• Monetising privacy pilot• Trust and reputation models activity• Minimum disclosure activity
• Security Month:• Inventory on recent awareness security events across Europe & USA• Security awareness video clips supplied to DHS.
• EU-US Expert Sub-Group on Awareness raising• 5 expert groups meetings and WS organised• 10 Deliverables
615/04/2023
![Page 7: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/7.jpg)
Stakeholder Relations & Project Support Activities
Stakeholder Relations:• Increased information sharing with several EU bodies:
JRC, CEN, Europol, EDA, CEPOL, EMSA, …• Inventory of CERTs in EU (Nat./Governmental & others)• Country Reports validated by the NLOs and published• Formal requests management process activated
Project Management & Support Activities:• NIS in Education• Horizontal Risk management methodology: EMSA, life-log
…
715/04/2023
![Page 8: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/8.jpg)
Extra Activities
• Continue to support the CERT EU pre-configuration team as a support for the EU institutions CERT
• Present preliminary results at 8th EFMS (EC/A3 Request)• EP3R:
• engagement of public and private stakeholders in EP3R• engagement of national PPPs in EP3R• 5 deliverables & 3 WS
• EU-US Exercise:• defining public affairs strategy, evaluation, monitoring, training• 2 Deliverables & 4 WS
• EU-US sub group on PPPs (ICS/SCADA)• 4 Deliverables & 4 WS
• Supply Chain Integrity (SCI)815/04/2023
![Page 9: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/9.jpg)
9
Cybercrime Risk environment
![Page 10: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/10.jpg)
Risk Patterns
Categories of attacks: Organisation viewEconomic Espionage
Cybercrime
Military/Governmental Espionage
Cyber warfareDiverse players
Amateurs, petty criminalsOrganized crime National security services Others…
![Page 11: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/11.jpg)
11
Lulz Security
![Page 12: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/12.jpg)
12Anonymous
![Page 13: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/13.jpg)
Attacker Risk Analysis:Economic cost/benefit balance
Mb+ Pb > Ocp + OcmPaPc
Organisation/Institutional/Social Support:• jail risk
Return of InvestmentFull-fledged economy
Credit-card numbers, passwords, mules DIY virus-kits with money back guarantee
Cyber attacks: a real risk
13
![Page 14: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/14.jpg)
14Operation Shady RAT
![Page 15: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/15.jpg)
18
What’s your favourite Threat?
Attacker: few loss & high benefit
Defender: High loss & High costs
Defender Approach:Identify attacker pattern (motivation, many?)
Choose defense policy: People (Authentication), (Personal) Data, (malicious) SW, (consumerisation) HW
Get external support (LEA, n/g CERT, Cloud)
![Page 16: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/16.jpg)
Operation Aurora
![Page 18: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/18.jpg)
23
Night dragon
![Page 19: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/19.jpg)
24
Wikileaks
![Page 20: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/20.jpg)
25
Attacks on governments
![Page 21: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/21.jpg)
26
Nimkey trojan
![Page 22: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/22.jpg)
27
![Page 23: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/23.jpg)
28
![Page 24: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/24.jpg)
29
Specific ENISA contribution
![Page 25: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/25.jpg)
30
Cybercrime project 2011Cooperation between CERTs and Law Enforcement Agencies in the fight against cybercrime
A first collection of practices
Operational, legal and cooperation aspects
Informal expert group
Surveys
6th ENISA Workshop CERTs in Europe
The Fight against Cybercrime (1/7)
![Page 26: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/26.jpg)
31
Cybercrime project 2011 Conclusions:Collaboration between CERTs and LEAs needs to be bilateral
Integrating teams (internship, secondment, …)
Use of both formal and informal communications
Increase opportunities for CERTs and LEAs to meet
National legislation should be made clearer and exceptions should be made for CERTs.
…
The Fight against Cybercrime (2/7)
![Page 27: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/27.jpg)
32
Legal aspects project 2011A flair for sharing – encouraging information exchange between CERTs
A study into the legal and regulatory aspects of information sharing and cross-border collaboration of n/g CERTs in Europe
Informal expert group to support the review of the study
The Fight against Cybercrime (3/7)
![Page 28: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/28.jpg)
33
National/Governmental CERTs
A national CERT:Is Concerned with incidents at the national level, mostly those affecting the CII
Can act as international contact point for incident management
A governmental CERT:Is responsible of NIS of governmental institutions, usually linked to intelligence units
Most EU MS have them, sometimes delegated to Academic CERT.
![Page 29: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/29.jpg)
34
n/g CERTs in Europe
![Page 30: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/30.jpg)
35
Legal aspects project 2011 Conclusions:A number of relevant legal framework identified
Definitions of computer and network misuse
Privacy and data protection legislation
Criminal procedure
Intellectual property rights
Determining applicable law
Some recommendations to policy makers & CERTsGreater info. on differences and clarity between relevant laws
Putting n/gCERTs on a specific legal footing
Providing tools and guidance for CERTs to share information whilst respecting legal obligations
Gather specific advice (e.g. on interpretation of Data Protect)
The Fight against Cybercrime (4/7)
![Page 31: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/31.jpg)
36http://www.enisa.europa.eu/activities/cert/support
The Fight against Cybercrime (5/7)
![Page 32: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/32.jpg)
37
Cybercrime projects 2012
Good practice guide on operational NIS aspects of the fight against cybercrime; and
Good practice guide on legal/regulatory aspects of cybercrime.
7th Cybercrime workshop at EUROPOL
The Fight against Cybercrime (6/7)
![Page 33: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/33.jpg)
38
Cybercrime projects 2012 Main goals:Define key concepts
Describe the technical and legal/regulatory aspects of the fight against cybercrime
Compile an inventory of operational, legal/regulatory and procedural barriers and challenges and possible ways to overcome these challenges
Collect existing good and best practices (technologies to use, information to interchange, etc.)
Develop recommendations
The Fight against Cybercrime (7/7)
![Page 34: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/34.jpg)
39
Zeus trojan
![Page 35: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/35.jpg)
40
CERT toolkitsENISA clearinghouse for incident handling tools (CHIHT):
Types of tools available on our website, that can be used
for cybercrime investigation:
For more tools see link below:
https://www.enisa.europa.eu/activities/cert/support/chiht
![Page 36: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/36.jpg)
41
Annual CERT Workshops (1/2)
6th annual ENISA Workshop CERTs in EuropePrague, Czech Republic, 3-4 October 2011
Supported by the Czech Republic national CERT (CSIRT.CZ)
Jointly organised with EUROPOL
Closed meeting – by invitation only - speakers from MS national CERTs, Police/cybercrime PoCs, Europol, …
Cybercrime topic
![Page 37: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/37.jpg)
42
Annual CERT Workshops (1/2)
7th annual ENISA Workshop CERTs in Europe
This year split in two parts
Hands-on technical training workshopMid-June 2012
Support from Team Cymru
Hosted by University of Malta
Co-located with FIRST event
Workshop focusing on cybercrimeAutumn 2012
Jointly organised with Europol
Closed meeting - by invitation only
![Page 38: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/38.jpg)
Proposal Directive on attacks against information system (1/2)
Aim: To deal more efficiently with growing number of large-scale and highly sophisticated cyber attacks
Will replace current Framework Decision (2005) on attacks against information systems
Novelty: criminalisation of use, production and sale of tools (known as "botnets") to commit large scale attacks
![Page 39: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/39.jpg)
Proposal Directive on attacks against information system (2/2)
Proposal put forward by the European Commission in 2010
Negotiations in the Council (common approach agreed at the 2011 Council)
Deliberations in the European Parliament started (LIBE is the Committee responsible) and indicative plenary sitting date 02/07/2012
European Parliament asked ENISA to share its objective expertise in the field
This Directive might be adopted already this year
http://www.europarl.europa.eu/oeil/popups/ficheprocedure.do?reference=2010/0273(COD)&lg=en#technicalInformation
![Page 40: Cybercrime Risks Eu](https://reader036.vdocuments.site/reader036/viewer/2022062406/55c52547bb61ebba488b4801/html5/thumbnails/40.jpg)
47
Conclusions
Hard to evaluate risk
Hard to detect attacks
Many zero day threats still unknown
Need to follow “normal” crime approaches:All criminals use computers to store/transfer data
Need for collaboration: LEA/CERT
PPP (EP3R)
CIIP/CERT