The most significant attacks addressed by security teams in the Danube region

On March 15, 2016, the concluding conference of the project “Cyber ​​security in the Danube region” (CS Danube) took place. The main objective of the project joined by representatives of security teams and organizations from Croatia, Austria, Slovakia, Serbia and Moldova, as well as our team CSIRT.CZ, was to strengthen the capacity of individual teams and cooperation in cyber security.

The first part of the conference offered presentations on major security incidents over the past year by Ján Laštinec from the Slovak CSIRT, Zuzana Duračinská for the Czech CSIRT (CZ.NIC Association) and Miloš Kukoleča from the AMRES academic network. The representatives of these teams have agreed that the most numerous incidents in this period were infections of unprotected computers with botnets, which are also used to spread DoS and DDoS attacks. All the teams have been struggling with a large number of these attacks, while the Slovak CSIRT in the past year dealt with 12.5% ​​more attacks than in 2014. As far as botnets go, thanks to cooperation of security teams, including the CSIRT, three million computers infected with the Ramnit botnet were revealed.

LastinecJán Laštinec, CSIRT.SK

Miloš Kukoleča highlighted a number of useful recommendations in relation to DoS and DDoS attacks. One of such recommendations is a mechanism in the network monitoring system, which in the case of a DoS or DDoS attack launches alert, automatically generates a report about the DoS or DDoS attack and sends it to the responsible contact. According to the representative from Serbia, the most important prerequisites for such a system (on which we are working in the Czech Republic within the PROKI project) are maintaining good relationships with Internet service providers and creation of a good communication channel with customers.

Another common problem is posed by malicious code, which the attackers use to alter or attack the content of webpages. CZ.NIC actively approached this problem with its own tool, the Malicious Domain Manager (MDM), which we wrote about earlier, and which was introduced within this context by Zuzana Duračinská. The issues also worth mentioning here are the ever spreading and increasingly sophisticated phishing e-mails or brute force attacks.

The second part of the conference was dedicated to legislative tools and raising awareness about cyber security. Director of the Legislative Department of the National Security Office Jiří Malý presented the legislative framework on the basis of which cyber security in the Czech Republic is assured. The presentation included the basic principles of the Cyber Security Law, among which is, for example, minimization of interference with the privacy rights of individuals, individual responsibility for the network security or the obligation to report security incidents. The key points of the European Directive on Network and Information Security (NIS) were also presented.

This presentation, which described why it is important to have a good legal basis for cyber security, was followed by the second contribution by Zuzana Duračinská, who introduced the possibilities for training and projects focusing on raising awareness about cyber security offered to the public by CZ.NIC. These activities include training on IPv6 or the project How to use the Internet.

The representative of the Slovak CSIRT.SK, Martin Jurčík then presented a case study to show how to effectively detect a phishing page and demonstrated to the participants in the live conference how easily such a page can be created. Martin Jurčík also presented the results of phishing detection tests, which involved more than 3,000 users, of whom only 18 managed to correctly identify all the phishing sites.

Afterwards, the early afternoon was dedicated mainly to DDoS attacks and analytical tools, a highly professional presentations about which were made by Ondřej Caletka from the CESNET Association and Alexandr Golubev from the Moldovan academic network RENAM.

The penultimate presentation given by representatives of the European Network and Information Security Agency (ENISA) Lauri Palkmets and Yonas Leguesse draw attention to the expansion of European CSIRT teams, informed about the ​​cyber security drills, available methodological materials, and also briefly introduced the course of training, the description of which can be seen as a best practice.

ENISALauri Palkmets and Yonas Leguesse, ENISA

The demanding and highly beneficial day was concluded by a practical demonstration of a hacker’s attack performed by Robert Petrunic from a Croatian company Eduron IS that enabled the conference participants to become live witnesses of how one can hack into a secure server and obtain administrator rights in just thirty minutes.

PetrunicRobert Petrunic, Eduron IS

The concluding conference of the CS Danube project was a big success in terms of attendance, which we see as a proof that international cooperation in the form of exchange of information and experience, like in the project CS Danube, is beneficial not only for the partners of such projects, but also for the general public. Expanding the effective cooperation in cyber security by sharing tools that are built within individual teams can also be effectively implemented across the region, all thanks to the well-functioning cooperation.

Author:

Leave a comment