christian van heurck cert.be coordinator cert.be...
TRANSCRIPT
Mechelen - 06/02/2014
Telenet Security Day
CYBER scrapingsputting our 2 cents in ..
Christian Van HeurckCERT.be coordinator
CERT.be team
2Mechelen - 06/02/2014CERT.be
Telenet Security Day
goals
• the cyber threat is real
• also in .be
• everybody is a target
• we all are losing the battle
• this costs €
• lack of awareness at all levels
• be prepared
• act now!
2
3Mechelen - 06/02/2014CERT.be
Telenet Security Day3
the cyber threat is real
4Mechelen - 06/02/2014CERT.be
Telenet Security Day
types of cyber threats - historical
4
cyber security cyber crime
others
5Mechelen - 06/02/2014CERT.be
Telenet Security Day
types of cyber threats – anno 2014
5
6Mechelen - 06/02/2014CERT.be
Telenet Security Day6
almost all cyber security
issues lead to cyber crime
espionage included
reality 2013
7Mechelen - 06/02/2014CERT.be
Telenet Security Day7
the cyber threat is
also real in .be
8Mechelen - 06/02/2014CERT.be
Telenet Security Day
CERT.be anthology
• Belgacom
• DDoS on the rise
• open DNS resolvers abused for amplification attacks
• ntp servers abused
• phishing & spearphishing
• identity theft
• mobile targeted
• every (with an) OS targeted
8
9Mechelen - 06/02/2014CERT.be
Telenet Security Day
CERT.be anthology
• hacktivism
• blackmail (Rex Mundi)
• botnet drones
• botnet C&C
• hacked servers abused for attacks and malware distribution
• waterhole attacks
• top level DNS compromise
• ransomware
9
10Mechelen - 06/02/2014CERT.be
Telenet Security Day
CERT.be anthology
• mass compromise of vulnerable websites
• Diginotar
• abuse of forged and/or stolen certificates
• Bit9, RSA, Microsoft, Twitter, Facebook, Apple, Google, Adobe, ..
• IXP targeted
• hosters under daily attacks
10
11Mechelen - 06/02/2014CERT.be
Telenet Security Day
CERT.be anthology
• citizens targeted
• big companies targeted
• intermediate companies targeted
• SME’s targeted
• Port of Antwerp
• Critical Infrastructure
• GOV targeted
• Banks targeted
• NMBS
11
12Mechelen - 06/02/2014CERT.be
Telenet Security Day12
EU legislation
Privacycommission
BIPT-IBPT
and there’s more happening ..
13Mechelen - 06/02/2014CERT.be
Telenet Security Day13
all the old school stuff is
still out there too
and one more thing ..
14Mechelen - 06/02/2014CERT.be
Telenet Security Day14
everybody is a target
15Mechelen - 06/02/2014CERT.be
Telenet Security Day15
time for some numbers
16Mechelen - 06/02/2014CERT.be
Telenet Security Day16
# Reports & Incidents / Year
0
1000
2000
3000
4000
5000
6000
7000
8000
2010 2011 2012 2013
Reports/Year
Incidents/Year
17Mechelen - 06/02/2014CERT.be
Telenet Security Day17
# Reports & Incidents / Month
00
100
200
300
400
500
600
2010 2011 2012 Q1-Q3 2013
Reports/Month
Incidents/Month
18Mechelen - 06/02/2014CERT.be
Telenet Security Day
types of incidents in 2013
18
19Mechelen - 06/02/2014CERT.be
Telenet Security Day19
# Zombies
500.000 in 2013
20Mechelen - 06/02/2014CERT.be
Telenet Security Day20
21Mechelen - 06/02/2014CERT.be
Telenet Security Day21
we are losing this battle
22Mechelen - 06/02/2014CERT.be
Telenet Security Day22
this costs €
23Mechelen - 06/02/2014CERT.be
Telenet Security Day23
WT .. ????
24Mechelen - 06/02/2014CERT.be
Telenet Security Day24
lack of awareness at all
levels
25Mechelen - 06/02/2014CERT.be
Telenet Security Day25
this is how we perceive it
Image courtesy of tropical.pete – Flickr.com
26Mechelen - 06/02/2014CERT.be
Telenet Security Day26
this is how we perceive it
Image courtesy of tropical.pete – Flickr.com
27Mechelen - 06/02/2014CERT.be
Telenet Security Day27
acknowledge
the cyber threat
28Mechelen - 06/02/2014CERT.be
Telenet Security Day28
= create awareness
29Mechelen - 06/02/2014CERT.be
Telenet Security Day29
then act efficiently
30Mechelen - 06/02/2014CERT.be
Telenet Security Day30
NOW!
31Mechelen - 06/02/2014CERT.be
Telenet Security Day31
please …
Mechelen - 06/02/2014 34
35Mechelen - 06/02/2014CERT.be
Telenet Security Day
brochure & 1-pager
35
36Mechelen - 06/02/2014CERT.be
Telenet Security Day
download links
brochure:
https://www.cert.be/pro/files/Brochure_FRA.pdf
https://www.cert.be/pro/files/Brochure_NDL.pdf
https://www.cert.be/pro/files/Brochure_ENG.pdf
1-pager:
https://www.cert.be/pro/files/Onepager_FRA.pdf
https://www.cert.be/pro/files/Onepager_NDL.pdf
https://www.cert.be/pro/files/Onepager_ENG.pdf
36