large scale attacks lessons learnt proposals for national and eu policy
DESCRIPTION
Ferenc Suba J.D., MA Chairman of the Board PTA CERT-Hungary Vice-chair of the MB ENISA. LARGE SCALE ATTACKS Lessons learnt Proposals for National and EU Policy. 1. Large phishing attack against Hungarian banks: - PowerPoint PPT PresentationTRANSCRIPT
LARGE SCALE ATTACKSLessons learnt
Proposals for National and EU Policy
Ferenc Suba J.D., MAChairman of the BoardPTA CERT-HungaryVice-chair of the MBENISA
Large scale attacks
1. Large phishing attack against Hungarian banks:
7 banks in HU, for 2 weeks, „foreign” attacks from international botnet administered by 4 virtual domain name servers (all abroad, from Asia, Europe, Americas)
2. Attacks on Estonia (international aspects):
attacks from 4000 compromised machines (cca. 50% from the Americas, 12 from HU)
The response
Phishing in HU (national+ international response):- PTA-CERT Hungary as coordinator- With the help of CERT community+ HU Banking ISAC- Localisation +shutting down of VDNS (all abroad)- Within 4-12 hours- Notification of ISPs via national CERTs - Notification of clients from the banks- Filing a case against unknown persons at the police
Estonian crisis (international response):- Finnish national CERT + US CERT as coordinators- With the help of CERT community- Localisation + cleaning of compromised machines- Within 2 weeks (after FIRST and TF-CSIRT involvement)- Notification of ISPs, system administrators via national CERTs
Lessons learntProposals for National Policy
Not enough or lacking:- Preparedness- Early warning- Manpower- Coordination - Communication with international partners- Media work
National policy:- Goverment support (national strategy, responsible HLO, money)- Crisis management plan- Early warning system- National CERT- National coordination body (private sector, policy makers, law enforcement, CERTs)- Involvement of international CERT community- Communication plan- Regular exercises
Financial ISAC in Hungary
- History: joint comexes with banks since early 2006
- Great leap forward: large phising attacks in Dec 2006
- Constituents: CERT-HU, Law Enforcement, Banking Assoc. of HU, Financial Supervisory Authority
- Activity: information sharing, exercises, recommendations, coordination- Results: TLP, Advisory, complex exercises (simulated DDos attack, insider attack)
- Future: FSA recomm. on the security of internet banking, coop. with similar ISACs (GOVCERT.NL, AUSCERT, DHS)
CIIP in Energy Sector
Reason: proprietary systems are vulnerable, too!
Keywords: CO-OPERATION, COMMUNICATION, EXERCISE
USA: ISAC Model (branch specific co-op. under DHS)
Europe: EU-SCSIE (Shell, Electrabell, Swissgrid, EDF, CERN, SEEMA, Melanie, CERT-Hungary)
Global: Meridian Process Control WG
Hungary: CIIP WG (MOL, Paks, MAVIR, Telco, CERT-Hungary)
Legal instruments of International Collaboration,
future
- No legally binding international agreements- Basic instrument: Memorandum of Understanding for co-operation- reasons: legally binding procedures too slow + flexibility- FIRST: two faces: association incorporated according to Californian law + conference = annual general meeting- ICAAN: association incorporated according to Californian law- Future at international level: Governments enter into this area of international co-operation (e.g. NATO Cyberdefence Policy)- Future at national level: Act on Information Security, Government Decision
Thank you!
PTA CERT-Hungarywww.cert-hungary.hu
Puskás Tivadar Közalapítvány www.neti.huENISAwww.enisa.europa.eu