The number of cyber attacks related to public administration increased, and the attacks are more dangerous – according to a report on the state of Polish security of cyberspace in 2014. Published by the Government Incident Response Team Computer.
The data published on the website cert.gov.pl. The government’s Incident Response Team Computer – operating under the Internal Security Agency and is responsible for developing the capacity of the public administration to protect against cyber threats. One of its tasks is to monitor threats to the network; publishes an annual report on the subject.
– In addition to the quantitative growth also observed a significant improvement in quality led attacks. Simply put: not only that the attack is over, they may actually be too much more dangerous – highlighted in the report. Added that “the important factor is the share of targeted groups and sponsored by foreign countries.”
The report shows that as in the previous years, the highest ranked security incidents took actions related to botnets: 2014 registered. 4681 of these cases; in 2013. was 4270 cases. A botnet is a network of compromised computers (also called zombie PCs, or bots), whose aim is to carry out orders cybercriminals. Botnets most often are used to so. DDoS attacks, or block access to services on the Internet, eg. bank, auction site or online store, distribute unsolicited email, ie. spam, steal confidential data, to withdraw funds from banking accounts.
The report showed that the system ARAKIS-GOV (an early warning about the dangers of the Internet, which was created in support of the conservation of government ICT) recorded in 2014. 28 322 alarms, nearly 10 thousand. more than in 2013., when the number of alarms was 18 317.
Extortion sensitive data
According to the report, nearly doubled compared to 2013 r. increased the number of high-priority incidents – from 644 in 2013. to 1140 last year. Tripled the number of medium-priority incidents of 4773 in 2013. To 13 896 in 2014. Not much for this increase in the number of incidents of low priority from 12 900 in 2013. To 13 286 in 2014.
Data collected by the system ARAKIS-GOV also allow the geographical location of IP addresses from which the attacks were carried out on the Polish network of public administration. Note, however, that the specificity of the Internet protocol does not allow direct linking geographical location of IP addresses with the principal of these attacks.
The most active in terms of the number of calls are IP addresses assigned to China – 28 percent. and the Netherlands – 14 percent. In third place was taken by the United States – 13 percent. In turn, the Russian Federation came 2 percent. movement.
The team cert.gov.pl recorded in 2014. 119 incidents referred to as “social engineering”, which compared to 2013. An increase of 350 percent. (In 2013. Recorded 34 such incidents). Experts pointed cert.gov.pl 24 incidents, which they considered to be phishing attacks carried out on a large scale and targeted, among others, public administration systems. Phishing is a method of deception, in which the offender is impersonating another person or institution to defraud specific information.
As noted in the report, the attacks were carried out using techniques aimed at stealing sensitive data via e-mail or fake websites, as well as the installation of malicious software.
were used the image of well-known companies
The activities aimed at public institutions was used the image of well-known companies, institutions selling on the Internet or intermediary, such as. couriers, auction websites or booking, banks, operators Telecommunication. The report shows that, especially in June and July 2014. Rise in the number of phishing campaigns.
“It is worth noting that in the first half of the year prevailed in this type of campaign messages trying to trick users into disclosing sensitive information via e-mail or a specially crafted web pages. However, in the second half of 2014, sent messages Attachments contained in most malignant “- noted in the report. The most common malware was hidden in the documents office software package Microsoft Office or PDF.
After the DDoS attacks (attacks that block access to a website – ed. Ed.), Conducted in August 2014. On the websites of the Presidential Office and the Warsaw Stock Exchange, as well as some of the sites of state administration bodies, experts analyzed the security of the state of the server hosting the website belonging to dozens of major institutions of state administration.
“It should be noted that many institutions the task of keeping their websites commissioned by external entities. It was therefore in the event of a DDoS attack on the website of the institutions, it is not important its internal security state, but the state of security provided by the service provider under the contract. (…) However, it is still visible when selecting management offer the lowest price mainly at the expense of security (…), or no input hosting company responsibility for ensuring continuity of service entrusted “- wrote the report .
In 2014. cert.gov.pl team experts have identified 446 errors within the surveyed 34 sites belonging to 12 institutions. 18 percent. of these errors contained at least one vulnerability, which was considered to be critical to the security of the server and published on the web site’s content. 14 out of 34 tested were effectively protected pages and were not found to any respected vulnerability.
No comments:
Post a Comment