SlideShare a Scribd company logo

Day 1 Large Scale Attacks

V
vngundi

This document discusses lessons learned from large scale cyber attacks in Hungary and Estonia and proposes policy recommendations. It summarizes a large phishing attack against Hungarian banks coordinated from abroad and distributed denial of service attacks against Estonia from compromised international machines. It describes the national and international responses to these incidents, highlighting coordination between CERT teams. Key lessons identified include the need for improved preparedness, early warning systems, resources for incident response, and international cooperation. The document proposes establishing national cybersecurity strategies, coordination bodies, and regular exercises in countries. It also discusses the value of information sharing organizations in critical infrastructure sectors.

TechnologyNews & Politics
1 of 9
Downloaded 11 times
1
2
3
4
5
6
7
8
9
LARGE SCALE ATTACKS Lessons learnt Proposals for National and EU Policy Ferenc Suba J.D., MA Chairman of the Board PTA CERT-Hungary Vice-chair of the MB ENISA
Large scale attacks 1. Large phishing attack against Hungarian banks: 7 banks in HU, for 2 weeks, „foreign” attacks from international botnet administered by 4 virtual domain name servers (all abroad, from Asia, Europe, Americas) 2. Attacks on Estonia (international aspects): attacks from 4000 compromised machines (cca. 50% from the Americas, 12 from HU)
Day 1 Large Scale Attacks
The response Phishing in HU (national+ international response): - PTA-CERT Hungary as coordinator - With the help of CERT community+ HU Banking ISAC - Localisation +shutting down of VDNS (all abroad) - Within 4-12 hours - Notification of ISPs via national CERTs - Notification of clients from the banks - Filing a case against unknown persons at the police Estonian crisis (international response): - Finnish national CERT + US CERT as coordinators - With the help of CERT community - Localisation + cleaning of compromised machines - Within 2 weeks (after FIRST and TF-CSIRT involvement) - Notification of ISPs, system administrators via national CERTs
Lessons learnt Proposals for National Policy Not enough or lacking: - Preparedness - Early warning - Manpower - Coordination - Communication with international partners - Media work National policy: - Goverment support (national strategy, responsible HLO, money) - Crisis management plan - Early warning system - National CERT - National coordination body (private sector, policy makers, law enforcement, CERTs) - Involvement of international CERT community - Communication plan - Regular exercises
Financial ISAC in Hungary - History: joint comexes with banks since early 2006 - Great leap forward: large phising attacks in Dec 2006 - Constituents: CERT-HU, Law Enforcement, Banking Assoc. of HU, Financial Supervisory Authority - Activity: information sharing, exercises, recommendations, coordination - Results: TLP, Advisory, complex exercises (simulated DDos attack, insider attack) - Future: FSA recomm. on the security of internet banking, coop. with similar ISACs (GOVCERT.NL, AUSCERT, DHS)
CIIP in Energy Sector Reason: proprietary systems are vulnerable, too! Keywords: CO-OPERATION, COMMUNICATION, EXERCISE USA: ISAC Model (branch specific co-op. under DHS) Europe: EU-SCSIE (Shell, Electrabell, Swissgrid, EDF, CERN, SEEMA, Melanie, CERT-Hungary) Global: Meridian Process Control WG Hungary: CIIP WG (MOL, Paks, MAVIR, Telco, CERT-Hungary)
Legal instruments of International Collaboration, future - No legally binding international agreements - Basic instrument: Memorandum of Understanding for co- operation - reasons: legally binding procedures too slow + flexibility - FIRST: two faces: association incorporated according to Californian law + conference = annual general meeting - ICAAN: association incorporated according to Californian law - Future at international level: Governments enter into this area of international co-operation (national cybersecurity strategies, NATO Cyberdefence Policy) - Future at national level: Act on Information Security, Government Network Security Centres
Thank you! ferenc.suba@cert-hungary.hu PTA CERT-Hungary www.cert-hungary.hu Puskás Tivadar Közalapítvány www.neti.hu ENISA www.enisa.europa.eu

More Related Content

PDF
European Cyber Crime Centre EC3
- Mark - Fullbright
 
PDF
002-MAVIS - International agreements to combat electronic crimes
Michalis Mavis, MSc, MSc
 
PPTX
Sher bahadur budha
Rising Sher
 
PDF
EU policies and legal instruments on counter terrorism
Dr. Fotios Fitsilis
 
PDF
Microsoft contribution to combating sexual abuse of children on the Internet
Microsoft Eesti
 
PPT
CTO-Cybersecurity-Forum-2010-Peter Burnett
segughana
 
PDF
Marie-Ange Kalenga (2) - PWYP Montreal Conference 2009
Publish What You Pay
 
PDF
Peter Fatelnig - EU Delegation to USA - Content Matters & EU Leadership - Sta...
Burton Lee
 
European Cyber Crime Centre EC3
- Mark - Fullbright
 
002-MAVIS - International agreements to combat electronic crimes
Michalis Mavis, MSc, MSc
 
Sher bahadur budha
Rising Sher
 
EU policies and legal instruments on counter terrorism
Dr. Fotios Fitsilis
 
Microsoft contribution to combating sexual abuse of children on the Internet
Microsoft Eesti
 
CTO-Cybersecurity-Forum-2010-Peter Burnett
segughana
 
Marie-Ange Kalenga (2) - PWYP Montreal Conference 2009
Publish What You Pay
 
Peter Fatelnig - EU Delegation to USA - Content Matters & EU Leadership - Sta...
Burton Lee
 

What's hot (19)

PPTX
CTO-CyberSecurityForum-2010-Philip Victor
segughana
 
PPTX
Anti Trafficking - The Rules
John Weeks
 
PDF
Africa Security commission Meeting
Edgar Melo Costa
 
PDF
CSCSS ISC (INTERNATIONAL STRATEGY FOR CYBERSPACE)
Centre for Strategic Cyberspace + Security Science
 
PPT
Mr. Yannis Sirros
Assespro Nacional
 
PDF
C3i Group Cyber Law
Centre for Strategic Cyberspace + Security Science
 
PPTX
CIP eu 2016 114(-8)
Jan Biets [jan_biets@hotmail.com]
 
PPTX
Muraszkiewicz
TRACE Project
 
PDF
National cyber security strategies
jcp88600
 
ODP
Monitoring European Police
guestf52d3a
 
PPT
Why Europe should accept asylum seekers and refugees? Is this only a moral du...
European Economic and Social Committee - SOC Section
 
PDF
Keeping Pace: Whistleblowing and the Response of Government, Mark Worth, Inte...
OECD Governance
 
PPT
cyber policy in Latvia
ashraf karaimeh
 
PDF
Cybersecurity Event 2010
segughana
 
PPT
CTO-CybersecurityForum-2010-Trilok-Debeesing
segughana
 
PPT
Cyber
Ionel Nitu
 
PDF
Summary-ECSM_4edition
Ralf Braga
 
DOCX
Border security of the southern parts of both the us and the european union
Wanjang'i Gituku
 
PDF
Corruption and Economic Crime - News letter issue 1 fed 2012
KROTOASA FOUNDATION
 
CTO-CyberSecurityForum-2010-Philip Victor
segughana
 
Anti Trafficking - The Rules
John Weeks
 
Africa Security commission Meeting
Edgar Melo Costa
 
CSCSS ISC (INTERNATIONAL STRATEGY FOR CYBERSPACE)
Centre for Strategic Cyberspace + Security Science
 
Mr. Yannis Sirros
Assespro Nacional
 
C3i Group Cyber Law
Centre for Strategic Cyberspace + Security Science
 
CIP eu 2016 114(-8)
Jan Biets [jan_biets@hotmail.com]
 
Muraszkiewicz
TRACE Project
 
National cyber security strategies
jcp88600
 
Monitoring European Police
guestf52d3a
 
Why Europe should accept asylum seekers and refugees? Is this only a moral du...
European Economic and Social Committee - SOC Section
 
Keeping Pace: Whistleblowing and the Response of Government, Mark Worth, Inte...
OECD Governance
 
cyber policy in Latvia
ashraf karaimeh
 
Cybersecurity Event 2010
segughana
 
CTO-CybersecurityForum-2010-Trilok-Debeesing
segughana
 
Cyber
Ionel Nitu
 
Summary-ECSM_4edition
Ralf Braga
 
Border security of the southern parts of both the us and the european union
Wanjang'i Gituku
 
Corruption and Economic Crime - News letter issue 1 fed 2012
KROTOASA FOUNDATION
 
Ad

Viewers also liked (8)

PDF
Day 2 Dns Cert 4c Malicious Use
vngundi
 
PDF
Day 1 From CERT To NCSC
vngundi
 
PDF
Day 2 Dns Cert 4 Scenarios
vngundi
 
PDF
Day 1 Coop Banks
vngundi
 
PDF
Dealing With Security Threats
vngundi
 
PDF
Cyber Security Strategies and Approaches
vngundi
 
PDF
Day 1 Enisa Setting Up A Csirt
vngundi
 
PDF
Anatomy of a CERT - Gordon Love, Symantec
vngundi
 
Day 2 Dns Cert 4c Malicious Use
vngundi
 
Day 1 From CERT To NCSC
vngundi
 
Day 2 Dns Cert 4 Scenarios
vngundi
 
Day 1 Coop Banks
vngundi
 
Dealing With Security Threats
vngundi
 
Cyber Security Strategies and Approaches
vngundi
 
Day 1 Enisa Setting Up A Csirt
vngundi
 
Anatomy of a CERT - Gordon Love, Symantec
vngundi
 
Ad

Similar to Day 1 Large Scale Attacks (20)

PPTX
Cybercrime Risks Eu
manelmedina
 
PPTX
National cyber security policy final
Indian Air Force
 
PPT
Hackers in the national cyber security
Csaba Krasznay
 
PDF
North European Cybersecurity Cluster - an example of the regional trust platf...
DATA SECURITY SOLUTIONS
 
PDF
How Estonia is helping to shape cyber resilience
rmdesilva
 
PDF
Protecting Europe's Network Infrastructure
European Union Agency for Network and Information Security (ENISA)
 
PDF
CTO Cybersecurity Forum 2013 Mario Maniewicz
Commonwealth Telecommunications Organisation
 
PPTX
Cybersecurity response in the Pacific
APNIC
 
PPTX
CNCERT Conference 2017: Capacity development in the Asia Pacific
APNIC
 
PDF
Noah Maina: Computer Emergency Response Team (CERT)
Hamisi Kibonde
 
PPT
Capabilities of Cyber-Trerrorists - POTENTIAL ATTACKS - Possibility, Likelyho...
Cristian Driga
 
PDF
Internet safety and security strategies for building an internet safety wall
Commonwealth Telecommunications Organisation
 
PDF
Global Partnership Key to Cyber Security
Dominic Karunesudas
 
PDF
APNIC Outreach Activities in Cyber Security
APNIC
 
PPT
Cyber(in)security: systemic risks and responses
blogzilla
 
PPT
Systemic cybersecurity risk
blogzilla
 
DOCX
Estonia After the 2007 Cyber Attacks Legal, Strategic and O
BetseyCalderon89
 
PDF
CTO Cybersecurity Forum 2013 Jean Jacques Massima-landji
Commonwealth Telecommunications Organisation
 
ODP
Dr. Uwe Jendricke. Kibernetinis saugumas Vokietijos Federacinėje Respublikoje...
TEO LT, AB
 
PDF
International CERTs/CSIRTs Collaboration
APNIC
 
Cybercrime Risks Eu
manelmedina
 
National cyber security policy final
Indian Air Force
 
Hackers in the national cyber security
Csaba Krasznay
 
North European Cybersecurity Cluster - an example of the regional trust platf...
DATA SECURITY SOLUTIONS
 
How Estonia is helping to shape cyber resilience
rmdesilva
 
Protecting Europe's Network Infrastructure
European Union Agency for Network and Information Security (ENISA)
 
CTO Cybersecurity Forum 2013 Mario Maniewicz
Commonwealth Telecommunications Organisation
 
Cybersecurity response in the Pacific
APNIC
 
CNCERT Conference 2017: Capacity development in the Asia Pacific
APNIC
 
Noah Maina: Computer Emergency Response Team (CERT)
Hamisi Kibonde
 
Capabilities of Cyber-Trerrorists - POTENTIAL ATTACKS - Possibility, Likelyho...
Cristian Driga
 
Internet safety and security strategies for building an internet safety wall
Commonwealth Telecommunications Organisation
 
Global Partnership Key to Cyber Security
Dominic Karunesudas
 
APNIC Outreach Activities in Cyber Security
APNIC
 
Cyber(in)security: systemic risks and responses
blogzilla
 
Systemic cybersecurity risk
blogzilla
 
Estonia After the 2007 Cyber Attacks Legal, Strategic and O
BetseyCalderon89
 
CTO Cybersecurity Forum 2013 Jean Jacques Massima-landji
Commonwealth Telecommunications Organisation
 
Dr. Uwe Jendricke. Kibernetinis saugumas Vokietijos Federacinėje Respublikoje...
TEO LT, AB
 
International CERTs/CSIRTs Collaboration
APNIC
 

Recently uploaded (20)

PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PDF
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
PDF
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PPTX
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
PDF
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Encapsulation theory and applications.pdf
gurumoop
 
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 

Day 1 Large Scale Attacks

  • 1. LARGE SCALE ATTACKS Lessons learnt Proposals for National and EU Policy Ferenc Suba J.D., MA Chairman of the Board PTA CERT-Hungary Vice-chair of the MB ENISA
  • 2. Large scale attacks 1. Large phishing attack against Hungarian banks: 7 banks in HU, for 2 weeks, „foreign” attacks from international botnet administered by 4 virtual domain name servers (all abroad, from Asia, Europe, Americas) 2. Attacks on Estonia (international aspects): attacks from 4000 compromised machines (cca. 50% from the Americas, 12 from HU)
  • 4. The response Phishing in HU (national+ international response): - PTA-CERT Hungary as coordinator - With the help of CERT community+ HU Banking ISAC - Localisation +shutting down of VDNS (all abroad) - Within 4-12 hours - Notification of ISPs via national CERTs - Notification of clients from the banks - Filing a case against unknown persons at the police Estonian crisis (international response): - Finnish national CERT + US CERT as coordinators - With the help of CERT community - Localisation + cleaning of compromised machines - Within 2 weeks (after FIRST and TF-CSIRT involvement) - Notification of ISPs, system administrators via national CERTs
  • 5. Lessons learnt Proposals for National Policy Not enough or lacking: - Preparedness - Early warning - Manpower - Coordination - Communication with international partners - Media work National policy: - Goverment support (national strategy, responsible HLO, money) - Crisis management plan - Early warning system - National CERT - National coordination body (private sector, policy makers, law enforcement, CERTs) - Involvement of international CERT community - Communication plan - Regular exercises
  • 6. Financial ISAC in Hungary - History: joint comexes with banks since early 2006 - Great leap forward: large phising attacks in Dec 2006 - Constituents: CERT-HU, Law Enforcement, Banking Assoc. of HU, Financial Supervisory Authority - Activity: information sharing, exercises, recommendations, coordination - Results: TLP, Advisory, complex exercises (simulated DDos attack, insider attack) - Future: FSA recomm. on the security of internet banking, coop. with similar ISACs (GOVCERT.NL, AUSCERT, DHS)
  • 7. CIIP in Energy Sector Reason: proprietary systems are vulnerable, too! Keywords: CO-OPERATION, COMMUNICATION, EXERCISE USA: ISAC Model (branch specific co-op. under DHS) Europe: EU-SCSIE (Shell, Electrabell, Swissgrid, EDF, CERN, SEEMA, Melanie, CERT-Hungary) Global: Meridian Process Control WG Hungary: CIIP WG (MOL, Paks, MAVIR, Telco, CERT-Hungary)
  • 8. Legal instruments of International Collaboration, future - No legally binding international agreements - Basic instrument: Memorandum of Understanding for co- operation - reasons: legally binding procedures too slow + flexibility - FIRST: two faces: association incorporated according to Californian law + conference = annual general meeting - ICAAN: association incorporated according to Californian law - Future at international level: Governments enter into this area of international co-operation (national cybersecurity strategies, NATO Cyberdefence Policy) - Future at national level: Act on Information Security, Government Network Security Centres
  • 9. Thank you! ferenc.suba@cert-hungary.hu PTA CERT-Hungary www.cert-hungary.hu Puskás Tivadar Közalapítvány www.neti.hu ENISA www.enisa.europa.eu