Analysis of Cyber Security Incidents First Quarter of 2013
Author(s): CERT, RO
Issue: Volume 2, Issue 1, Year 2013
In the CERT-RO was implemented a procedure for cyber security incident management and the System for early warning and real-time information on cyber security incidents – SAT is under development.
In the present the contact point for collecting complaints / alerts and information about cyber security incidents is opera¬tional both automated and through direct communication, depending on the nature of the incident.
On the basis of reported alerts from different entities or partners that work with CERT-RO, the situation of the victims affected by cyber incidents in the first quarter of 2013 is following:
Classification of risk-based cyber incident:
- High risk – APT, Botnet CC, DDOS;
- Medium risk – Botnet, Data Loss, Malware Distribution;
- Low risk – Phishing, Resource Scanning, SCAM, SPAM, System Compromising, Unlawful Activities.
APT – Advanced Persistent Threat – targeted cyber-attacks with a high degree of complexity and potential of major risk;
Botnet (victims) – network of infected computer systems controlled by other people / organizations than their owners;
Botnet (CC) – computer systems used for controlling victims inside a botnet;
Data Loss/Leakage – affecting the availability of confidential / classified data or accessing them by persons / organizations without rights;
Distributed Denial of Service (DDOS) – affecting the availability of computer systems/ services or electronic communications;
Malware Distribution – computer systems / services with role of vector of infection for other systems;
Phishing – a form of cheating in online environment what consists of using techniques for handling identity of persons / organizations to obtain material benefits or confidential information;
Resource Scanning – using of techniques for identifying services / vulnerabilities used / associated to computer systems;
Scam – a fraudulent business scheme in the online environment;
Spam – unsolicited electronic communications with commercial character;
System Compromising – compromise/infection of computer services/systems;
Unlawful Activities – illegal activities conducted in the online environment (child pornography, illegal e-commerce etc.).
On the basis of reported alerts, from different entities or partners that work with CERT-RO, the situation of the victims affected by cyber incidents in the first quarter of 2013 is the following:
Report of Cyber Incidents in Q1 (2013) | |
BOTNET | 2240 |
Data Loss/Leakage | 0 |
DDoS attack | 17 |
Malware Distribution | 108 |
Phishing | 33 |
Spam | 2 |
System compromising | 8 |
Unlawful Activities | 0 |
Total | 2416 cyber-incidents |
In the first quarter of 2013, there were 2416 reported incidents that affected:
Type of Computer Systems Affected | |
Webservers | 68 |
Networks | 4 |
Total | 72 |
Type of Entity Affected | |
Public Institution | 9 |
Banking Institution (online banking system) | 45 |
Private Organizations | 6 |
Individuals | 7 |
Total | 67 |
Conclusions
On the basis of information held by CERT-RO, it highlights a number of conclusions regarding cyber security incidents that occur / may occur in computer systems / networks located in Romania, under the responsibility of CERT-RO, as follows:
- Most cyber security incidents managed by CERT-RO are results from circumscribed cybercrime activities (targeted against integrity and confidentiality services and information processed / transmitted / stored by computer systems target) being generated from the national territory of Romania and from external spaces.
- From the point of view of effects/impact of incidents mentioned, they are placed between the indicators used to evaluate the phenomenon of cybercrime, the main objectives of the actors involved in generating those attacks are getting material benefits (phishing attacks, spam, botnet networks used for online advertising, unauthorized access to electronic mail servers, online identity theft, infections with trojan for banking applications – used for unauthorized access of data to allow illegal financial transactions, etc.).
- From the analysis of data held by CERT-RO, it is estimated that targeted cyber-attacks from “APT – Advanced Persistent Threat” category, with high degree of complexity and potential high risk, will occur with an upward trend, by identifying and exploiting new security vulnerabilities from software and hardware used by target public / private institutions;
- Generally, public institutions are affected by the lack of specialized personal on systems security line. This vulnerability often leads to improper configuration of computer systems and their inadequate security comparing with risks identified in cyberspace;
- In these public institutions where human resources are required, the lack of adequate technical facilities and poor condition of existing equipment prevents implementation of modern security solutions.
Title: Analysis of Cyber Security Incidents First Quarter of 2013
Author(s): CERT, RO
Publication: International Journal of Information Security and Cybercrime
ISSN: 2285-9225, e-ISSN: 2286-0096
Issue: Volume 2, Issue 1, Year 2013
Section: Cyber-Attacks Evolution and Cybercrime Trends
Page Range: 67-70
Copyright ©2012-2025
The International Journal of Information Security and Cybercrime (IJISC)
All rights reserved
The International Journal of Information Security and Cybercrime is a trademark of the Romanian Association for Information Security Assurance (RAISA).
No part of this publication may be reproduced, stored in a retrieval system, photocopied, recorded or archived, without the written permission from RAISA. When authors submit their papers for publication, they agree that the copyright for their article be transferred to the Romanian Association for Information Security Assurance, if the articles are accepted for publication. The copyright covers the exclusive rights to reproduce and distribute the article, including reprints and translations.