Access to Innovation
Access to Capital
Access to Talent
Access to Market
Access to Knowledge
Date Trend snippet:
12 May 2021
Relevance date:
2020
Type of Treath or Oppertunity
Domain of application
Source of threat
Victim
Trends in Security
Trends in Security Information
The HSD Trendmonitor is designed to provide access to relevant content on various subjects in the safety and security domain, to identify relevant developments and to connect knowledge and organisations. The safety and security domain encompasses a vast number of subjects. Four relevant taxonomies (type of threat or opportunity, victim, source of threat and domain of application) have been constructed in order to visualize all of these subjects. The taxonomies and related category descriptions have been carefully composed according to other taxonomies, European and international standards and our own expertise.
In order to identify safety and security related trends, relevant reports and HSD news articles are continuously scanned, analysed and classified by hand according to the four taxonomies. This results in a wide array of observations, which we call ‘Trend Snippets’. Multiple Trend Snippets combined can provide insights into safety and security trends. The size of the circles shows the relative weight of the topic, the filters can be used to further select the most relevant content for you. If you have an addition, question or remark, drop us a line at info@securitydelta.nl.
visible on larger screens only
Please expand your browser window.
Or enjoy this interactive application on your desktop or laptop.
AI-enabled stock market manipulation
Many human traders, particularly in the area of high-frequency trading (HFT) have been replaced by AI-enabled algorithmic stock trading systems in the past years. The increased reliance on such systems has provided opportunities for AI-enabled stock market manipulation to occur. For example, there are cases where the algorithm of an electronic marketplace was cracked, and consequently enabled private investors to manipulate share prices in their favour.
More source info
AI-Enabled Stock Market Manipulation
AI-enabled, algorithmic stock trading systems have replaced many human traders in the past years,
particularly in the area of high-frequency trading (HFT). However, the increased reliance on such systems
has provided opportunities for AI-aided stock market manipulation as well. Indeed, there are already
cases where private investors have managed to crack the algorithms of a large electronic marketplace
and manipulate share prices in their favor.88 Experiments with adversarial bots also demonstrate that by
using automation, the stock market can be manipulated.89
HFT algorithms exaggerate and accelerate market activity. Similarly, stock market “flash crashes” and the
consumption of asset value through a series of small returns on larger trading fees can create a sudden
unpredicted change in the market with consequent change in investor confidence. This can lead to further
systemic risk to the investors if exploited by criminals.
Variations on these security “criminal ML detection” approaches could be used to detect SIM-jacking
(through the detection of statistically anomalous behavior), mass wiretap (by giving alerts on unexpected
telecommunication metadata such as erratic latency), and other optimized telecommunication abuses.
Traditional fraud types like credit card fraud can also be found in nontraditional methods such as SIM card
auto-pay and other money-laundering methods.
More trend snippets in Organised crime groups (OCG's)
Veilig Online toont het cybersecurity bewustzijn van de gemiddelde Nederlander
Alert Online is een gezamenlijk initiatief van overheid, bedrijfsleven en wetenschap, dat zich richt op het creëren van bewustwording rondom online veiligheid, op het vergroten van kennis over online veiligheid en op het stimuleren van en helpen bij cyber secure gedrag, bij diverse doelgroepen. Het Cybersecurity onderzoek Veilig Online monitort de cyber awareness en cyber skills van Nederlanders door de jaren heen. Tot 1 januari 2020 werd dit jaarlijkse bewustzijnsonderzoek in opdracht van de NCTV van het ministerie van Justitie en Veiligheid uitgevoerd. Per deze datum heeft het ministerie van Economische Zaken en Klimaat (EZK) dit overgenomen. Aanvullend beoogt dit onderzoek om inzichten te vergaren van kennis, houding en gedrag van Nederlanders met betrekking tot online veiligheid en het bieden van inzichten voor beleidsvorming met betrekking tot dit thema.
14 October 2021
|
Report
:
Cybersecurity Onderzoek Veilig Online 2021
Dutch citizens judge their Cybersecurity knowledge similarly to last year
The Dutch assess their own knowledge about online risks comparable to last year. Almost three quarters of the Dutch rate their knowledge of digital and online security as at least reasonable. Most Dutch people also correctly estimate the concepts of cybercrime presented (which they say they know themselves). The strongest deviation from this trend is seen in the elderly (65+). They estimate their own knowledge to be relatively low and are also less familiar with various forms of cybercrime. The two most experienced forms of cybercrime, malware and phishing, have also remained the same as last year. These are also the forms of which people most often expect to become a victim.
14 October 2021
|
Report
:
Cybersecurity Onderzoek Veilig Online 2021
Dutch citizens are more worried about Cybersecurity threats
Concerns about online safety at home have increased compared to 2020. Six out of ten Dutch people are somewhat concerned about their own online safety in their home situation. In 2020 this was 46%. Twelve percent also indicate that these concerns have increased since the corona crisis. People are particularly concerned about criminals who want to steal their data. A difference can be observed between different age groups. The degree of concern about one's own online safety increases with age. At the same time, Dutch people under the age of 40 are less likely to worry about cyber attacks than older people. Higher educated people also feel safer online than lower educated people. The lower educated are relatively often concerned because they think they know too little about digital security.
14 October 2021
|
Report
:
Cybersecurity Onderzoek Veilig Online 2021
This threat landscape paper provides valuable insights into emerging trends in terms of cybersecurity threats, threat actors’ activities as well as vulnerabilities and cybersecurity incidents.
The ENISA Threat Landscape 2023 report is a comprehensive overview of the cybersecurity landscape, drawing insights from open sources and ENISA's Cyber Threat Intelligence capabilities. It covers various cybersecurity threats, including threat actors, CVE landscape, ransomware, malware, and more. The report categorizes threat actors, providing insights into their motives, impact, and tactics. It emphasizes the challenges of attribution and highlights the misuse of legitimate tools by state-nexus groups. Additionally, the report addresses evolving tactics of cybercriminals, hackers-for-hire, and hacktivists. It provides recommendations for threat mitigation and offers valuable insights into the attributed threat actors during the reporting period. Overall, it serves as a crucial resource for understanding emerging threats and cybersecurity trends.
31 January 2024
|
Report
:
ENISA Threat Landscape 2023
A complete research peeling off the vulnerabilities, (future) risks, and societal challenges for drug-related corruption at Schiphol Airport and Rotterdam Harbour
This article provides an in-depth analysis of the corruption threats and vulnerabilities at the two largest ports in the Netherlands - Schiphol Airport and the Port of Rotterdam. It adopts different research methods to understand the working of both Schiphol Airport and Rotterdam Harbour
The key findings include:
- The main ports are vulnerable to corruption due to factors like large cargo flows, sophisticated logistics infrastructure, and connections to international drug trafficking networks.
- The corruption threats with the greatest potential impact are bribery in the law enforcement chain and corruption in the cargo handling and logistics processes.
- Experts assessed the resilience of existing policy instruments to mitigate these corruption threats, finding that more attention is needed on issues like blackmail and financial bribery in the logistics chain.
- The study used a National Risk Assessment methodology, relying heavily on expert consultation, to identify and prioritize the key corruption risks facing these critical transportation hubs.
In summary, the article provides a comprehensive overview of the corruption challenges at the heart of the Netherlands' major ports and the policy tools available to address them.
1 May 2024
|
Report
:
Drug-related corruption at Schiphol Airport and Rotterdam harbour
Increasingly dependence on foreign companies and products is undermining Dutch en European strategic sovereignty as well as introducing new vulnerabilities
The growing dependence of endusers on foreign products and services brings with it a wide array of issues. Foreign states and their companies are not always obliged to follow Dutch or European laws. They can even be under state control or pressured into undermining their users or customers. Loss of service during an issue at the supply side is also a new vulnerability that was introduced by foreign dependencies.
As other states and foreign actors are further in the development and implementation of new technologies, the Netherlands and European Union are at risk of becoming increasingly dependent on foreign actors.
30 March 2021
|
Report
:
Cyberweerbaar met nieuwe technologie
The due to COVID-19 increased use of collaboration ICT poses information security risks
Collaborative ICT had existed for some time, of course, but during COVID-19 it was suddenly being used on a large scale and for various new purposes. Civil servants sometimes use collaborative ICT in a way that poses risks to information security. The use of messaging apps on mobile phones is seen as the greatest risk. For example, some of them share confidential work-related information via WhatsApp, contrary to the agreements. Furthermore, not all civil servants are aware of the regulations or do not agree with them in practice. The policy for collaborative ICT also differs from organization to organization. This leads to a lack of clarity among officials about what is and what is not allowed and makes communication between different organizations more difficult.
27 May 2021
|
Report
:
Focus op Digitaal Thuiswerken
Confidential work-related information is sometimes shared via messaging apps and private email
Messaging apps are mainly used for informal communication. 7% of the respondents who use WhatsApp indicated that they used the app for confidential work-related communication. This happened while it is not allowed within government departments or high colleges of state. The users of MS-Teams and the message app Signal use these applications a lot for short messages with confidential and non-confidential work content information. It is noticeable that private e-mail is regularly used in practice for exchange
of (confidential) work-related information. This is not allowed according to the guidelines.
27 May 2021
|
Report
:
Focus op Digitaal Thuiswerken
not all civil servants are aware of the regulations or they do not find them feasible
On average 20% of the respondents say they are not aware of the working arrangements for the use of collaborative ICT. 22% is not satisfied with the communication of the work agreements. About 20% of the respondents indicate that the work agreements are not always feasible. It turns out that civil servants are on the one hand obliged to use the secure home work environment (Citrix), but on the other hand are advised to make video calls outside of it - in a private environment. This video calling in the private environment entails risks. Video calling applications sometimes save the instant messages from a video call to the device in use by default. Information from these messages can therefore end up in the private ICT of civil servants, where the employer has no influence on the security level.
27 May 2021
|
Report
:
Focus op Digitaal Thuiswerken
Senior civil servants and ministers often do not use the prescribed IT resources
senior civil servants and ministers often do not use the prescribed IT resources. This while their exemplary role is important for the use of secure IT applications in the rest of the organization. Popular messaging apps, tablets and smartphones are often preferred by senior civil servants and ministers to the highly secure means because they are easier, faster and more user-friendly. This is tricky because ministers head a department; they are not formally civil servants and are not the responsibility of the Secretary General or Chief Information (security) officer.
27 May 2021
|
Report
:
Focus op Digitaal Thuiswerken
Increased use of algorithms poses risk of automation bias and manipulation
Decisions historically made by humans are increasingly being made by sophisticated algorithms that apply machine learning to large data sets. Automating these decisions
deepens biases when they depend on black-box algorithms developed using skewed historical data sets. Individuals and non-state groups have access to algorithms that can spread dangerous content with unprecedented efficiency, speed and reach. Malicious
actors are also becoming more capable of launching misinformation campaigns on a national and global scale.
1 June 2021
|
External
:
The Global Risks Report 2021
States and non-state actors will engage in more dangerous and sophisticated cyberattacks
States and non-state actors alike will likely engage in more dangerous cyberattacks, and these attacks will become more sophisticated. These concerns will continue to create a difficult global trade and business environment, adding to the risk of anaemic global economic growth
1 June 2021
|
External
:
The Global Risks Report 2021
Lessons learned from Citrix software vulnerabilities
On December 17, 2019, US software manufacturer Citrix made a public announcement on its website that a number of their software products contained a vulnerability. This vulnerability allowed attackers to penetrate the digital systems of organizations using these products. Citrix indicated what measures organizations could take to temporarily solve the problems, but did not yet have a definitive solution. The Dutch Safety Board investigated what lessons can be learned from the way in which the parties involved dealt with the risks of vulnerabilities in Citrix software and other incidents in which vulnerabilities in software were abused by attackers. This involved looking at both the prevention and control of such incidents.
1 February 2022
|
Report
:
Kwetsbaar Door Software
How Facial Recognition Technology is used in practice by law enforcement agencies.
Law enforcement investigators use FRT for identification and authentication purposes. Identification activity (also referred to as “one to many”) consists of searching for the identity of a person, as opposed to authentication activity (also referred as “one to one”), which consists of verifying someone’s identity against an identity document (ID).19 Facial examiners are experts who run facial recognition analysis. In the case of the Netherlands
Police and INTERPOL, for example, the examiners operate autonomously from the investigation teams, and do not have knowledge of the prosecution that requires them to run facial recognition analysis.
18 February 2022
|
Report
:
A Policy Framework for Responsible Limits on Facial Recognition Use Case: Law Enforcement Investigations
Publicly shared principles for the responsible use of facial recognition technology for law enforcement investigations.
This proposition of principles focuses on law enforcement investigation activities. Law enforcement activities related to passport, residence permit and ID card issuance/ verification are not included in these principles. As such, facial recognition used to verify the identity of applicants – to make sure that the photo provided in the application matches the applicant and prevent fraud – is outside of the scope of this work.
18 February 2022
|
Report
:
A Policy Framework for Responsible Limits on Facial Recognition Use Case: Law Enforcement Investigations
Impact of organised crime on the rule of law in The Netherlands
The murder of Peter R. de Vries and threats to lawyers, journalists and others are putting increasing pressure on the rule of law. The line between the underworld and the upper world is blurring, in part because criminal networks - sometimes through corruption - are making use of the legal world. Companies and social organizations that fall into criminal hands do not function optimally and harm the economy. This threatens the security and well-being of society.
16 February 2022
|
Report
:
Strategisch Omgevingsbeeld 2021
Technological opportunities and weaknesses in The Netherlands
The role of advanced technologies, such as virtual reality, augmented reality and Artificial Intelligence, is growing. Risky applications, such as deepfakes, call for vigilance to safeguard privacy and fundamental rights. In addition to risks, advanced technologies also provide opportunities for an open, prosperous society and more efficient service delivery. For example, advanced technology is helping to combat the corona crisis. Technology is also being used and further developed for the benefit of detection. Applications that are
currently under development, such as metaverse and quantum computing, will also find their way into government, business and society.
16 February 2022
|
Report
:
Strategisch Omgevingsbeeld 2021
Strategic view on national security in The Netherlands
The security of the Netherlands is constantly threatened by foreign government agencies in order to promote their own economic and political-strategic interests. They use espionage (digital) sabotage and (covert) influence. This affects the prosperity, stability and openness of our society. Government agencies also outsource operations to criminal groups. Advanced digital means are used. Classic means, such as influencing companies through investments and theft of company secrets, remain part of the modus operandi. In the Netherlands, companies and knowledge institutions are the main targets. But vital infrastructure, such as energy supplies and water management, is also targeted,
and Dutch social cohesion are increasingly under threat.
16 February 2022
|
Report
:
Strategisch Omgevingsbeeld 2021
The roles and duties of CSIRTs and LEAs in Europe in 2021
The main objective of this report is to present a detailed analysis of the roles and duties of CSIRTs and LEAs and required competences, showing synergies and potential interferences in their activities related to their responses to incidents of a criminal nature and their fight against cybercrime. By facilitating the cooperation between the CSIRT and the LE communities and the interaction with the Judiciary, this work has the final aim to contribute to better respond to cybercrime, which, as reaffirmed at the Octopus Conference on Cybercrime organised by the Council of Europe in November 2021, affects significantly the individuals and ‘often represents a serious interference with the rights and lives of victims’ (Council of Europe, n.d.g).
6 May 2022
|
Report
:
2021 Report on CSIRT-Law Enforcement Cooperation
The State of AI in Cybersecurity
Security leaders must find strategies to level the playing field and evolve defenses in tandem with the sophistication of attacks.
12 June 2024
|
Report
:
The State of AI in Cybersecurity
The release and uses of the Operational Technology Cyber Attack Database (OTCAD)
OTCAD is a new cyber attack database that is unique in its size, as it is mapped to a single framework. This allows for structural analysis of the OT threat landscape. The database is publicly accessible and can be extended and adjusted through collaborative means. These factors combined form an exciting and useful new database that can open up many new areas of research in the coming years.
28 September 2021
|
Report
:
OTCAD: Operational Technology Cyber Attack Database
Cyber resilience for SME's
Cyber resilience is defined here as the ability to resist known and unknown forms of cyber
crime and recover quickly from a cyber crisis. The report investigated how SMEs in the metals sector organize their cyber-security and related security measures and how this process can be improved. It turns out that the companies surveyed are fully digitized and dependent on ICT for their primary process. The implementation and maintenance of this ICT is outsourced to external ICT suppliers. Many directors also (partially) outsource security to these ICT suppliers. As a result, these ICT suppliers implement generic technical measures without specifically looking at the organization in question and its risks. Crucial measures aimed at the organization of the company and the behavior of personnel are then often omitted.
30 November 2021
|
Report
:
Van Theorie naar Praktijk
Key Cyber Trends in The North America Region 2023
The region referred to as the North America region includes Northern American countries (United States of America, Canada, Bermuda, Greenland, Saint Pierre and Miquelon) and English-speaking Caribbean nations (Anguilla, Antigua and Barbuda, Aruba, Bahamas, Barbados, Belize, British Virgin Islands, Cayman Islands, Curaçao, Dominica, Greenland, Grenada, Jamaica, Montserrat, Saint Kitts and Nevis, Saint Lucia, Saint Vincent and the Grenadines, Sint Maarten, Trinidad and Tobago, and Turks and Caicos Islands).
3 April 2024
|
Report
:
Group-IB Report Hi-Tech Crime Trends 2023/2024
Supply Chain Risks
Perform the Cybercheck to identify and manage the risks in the supply chain of products and services that may threaten your cybersecurity.
15 May 2024
|
Report
:
Cybercheck: Ook Jij Hebt Supply Chain Risico’s!
Despite an increasing awareness of the risks of cyber criminality, there is still little alertness in the work environment.
Because of the increasing digitalization criminality also made a move in that direction. Cyber criminals have become increasingly professional and make use of advanced and refined techniques. Because there is relatively a lot of news coverage on cyber incidents and there is a significant threat of cyber criminality in the privates sphere the awareness of the threats has increased. Unfortunately this awareness does not translate into awareness on the work floor even though companies are also a target of cyber criminals.
20 April 2021
|
Report
:
Handvatten Cybersecurity in de Logistieke Keten
IoT faces two primary risks and several threats and vulnerabilities
The two primary risks facing IoT are:
1. Consumer privacy and safety are being undermined by the vulnerability of individual devices, connectivity, and back-ends; and
2. The wider economy and critical infrastructures face an increasing threat of large-scale cyber-attacks launched from massive numbers of insecure IoT devices. At this moment less than 4% of IoT devices are secure by design
Additionally, IoT faces several threats and vulnerabilities, namely: vulnerable device software, privacy threat, eavesdropping, DDoS, firmware-level attack, device cloning or substitution, data leakage, malware, and weak user/admin credentials and authentication.
4 June 2021
|
Report
:
The IoT Security Landscape
Lack of IoT security awareness
The current landscape is too complex for most end-users to really understand the risks to themselves and to others – for instance, few consumers would appreciate the very real risk of their refrigerators or smart TVs being used as part of a botnet in a DDoS attack.
4 June 2021
|
Report
:
The IoT Security Landscape
Cyber risks while working from home
Due to the coronavirus and the corona measures in 2020 and 2021, probably never before have so many Dutch people worked from home at the same time. In the media, several experts have pointed out the cyber risks of working from home. This is highly relevant for SMEs because SMEs are the backbone of the Dutch economy (61% of GDP, 70% of employment, total turnover of €888 billion), while we also know that this group of companies is relatively often the victim of cyber-attacks and has few resources at its disposal to guard against them. At the same time, SMEs are probably not well equipped to support (massive) home working and have therefore had to improvise in a hurry and with mostly limited resources to enable home working.
30 November 2021
|
Report
:
Van Theorie naar Praktijk
Quality of life and nuisance in residential areas in the Netherlands in 2021
There has been little change in social cohesion in the Netherlands since 2005. This snippet provides an overview of how residents rate the quality of life and nuisance in their neighborhoods.
6 May 2022
|
Report
:
Veiligheidsmonitor 2021
Safety perception in the Netherlands in 2021
Since 2005, feelings of unsafety in the Netherlands have decreased. Women and young people feel unsafe more often. Overall, one out of three Dutch citizens feel unsafe sometimes.
6 May 2022
|
Report
:
Veiligheidsmonitor 2021
Traditional crime in the Netherlands in 2021
In total, 17% of Dutch citizens was the victim of traditional crime in 2021. On the long term, traditional crime victimship decreased with 59% since 2005. In 2021, 38% of victims reported the crime against them.
6 May 2022
|
Report
:
Veiligheidsmonitor 2021
Online crime in the Netherlands in 2021
Online crime is steadily increasing, a majority of Dutch citizens has said that they have been confronted with (attempted) online crime in 2021.
6 May 2022
|
Report
:
Veiligheidsmonitor 2021
Citizens and police in the Netherlands in 2021
Dutch citizens are increasingly satisfied with their contact with the police. Almost half is satisfied with their contact with police in general. This snippet shows more information on citizens and police in the Netherlands in 2021.
6 May 2022
|
Report
:
Veiligheidsmonitor 2021
Prevention in the Netherlands in 2021
Dutch citizens are aware of the importance of prevention. This snippet shows more information on prevention in the Netherlands in 2021.
6 May 2022
|
Report
:
Veiligheidsmonitor 2021
Supply chain vulnerability and resilience
Supply chains contain cyber risks. Cooperation in the system is usually based on mutual trust and mitigating the cyber risks is mostly absent. Stepping stone attacks are used to infiltrated a vulnerable organization in the supply chain in order to attack a larger and better protected company. Investments in the resilience of the supply chain as well as the individual organization is necessary to contain threats.
30 March 2021
|
Report
:
Cyber-Ketenweerbaarheid
Those wanting to protect cyberspace have struggled to keep up with those who want to undermine it
Those concerned with the stability of cyberspace have struggled to keep up with those who seek to undermine it, as well as keep pace with technological developments and the evolution of geopolitical conflicts. This is partly due to the fact that cyberspace has transformed the way actors pursue political and military objectives and have new technology in their toolkits.
20 May 2021
|
Report
:
Advancing Cyberstability
Possible new forms of cooperation in top segment cyber criminals
The police see a possible new form of interaction between different groups within the top segment of cyber criminals. Previously, these groups operated fairly autonomously and carried out many process steps independently. Now there seems to be cooperation between specific groups. Both the police and a number of security companies find it plausible that some criminal actors in the top segment trade access to corporate networks among themselves, after they have compromised and judged them on the value.
13 January 2021
|
Report
:
Cybersecuritybeeld Nederland
Phishing and ransomeware campaigns are being launched to exploit the current crisis and are expected to continue to increase in scope and scale
In recent years, criminals have focused their attacks on organisations as there is a relatively high likelihood of receiving payment. The types of criminals exploiting the COVID-19 pandemic online were also active in the area of cybercrime before. However, some are believed to have intensified their activities.
- Slight increase of distributed denial-of-service (DDos) attacks following the outbreak of COVID-19.
- Initial spike in domains registered related to the words 'corona' and 'COVID', however, current figures indicate that this has stabilised. (Registered domain names form the backbone for many criminal operations).
Outlook for the future:
- The pandemic may multiply the damaging impact of a successful attack against certain institutions, which reinforces the necessity for effective cyber resilience.
- The number of phishing attempts exploiting the crisis is expected to continue to increase. However, we also expect a greater number of inexperienced cybercriminals to deploy ransomware-as-a-service.
15 May 2021
|
Report
:
Catching the Virus Cybercrime, Disinformation and the COVID-19 Pandemic
Activity around the distribution of child sexual exploitation material online appears to be on the increase
Based on a number of indicators the activity around the distribution of child sexual exploitation material (CSEM) appears to be on the increase. Indicators are:
- The number of referrals from NCMEC/NCECC: there appears to not be a significant increase in the number of referrals.
- Information from national law enforcement authorities on the number of searches being carried out online for CSEM: Countries have reported an increase in the number of attempts to access illegal websites featuring CSEM blocked in their filters.
- The number of reports from the public to law enforcement or other institutions (hotlines)
- The nature or volume of new posts on online forums dedicated to child sexual exploitation compared to established baselines
- Conversations between criminals on forums
- Number of detected connections from which CSEM has been downloaded over peer-to-peer file-sharing networks: Spain has reported an increase, other countries have also reported similar trends.
15 May 2021
|
Report
:
Catching the Virus Cybercrime, Disinformation and the COVID-19 Pandemic
Initial fluctuation and stabilisation in sales via the dark web at beginning of COVID-19 crisis
Initial fluctuation in sales via the dark web at beginning of COVID-19 crisis in Europe which stabilsed throughout March 2020.
- The COVID-19 crisis provided new business opportunities, for example test kits and masks. the intentions might be good, but this is an easy way to sell fake, or poor quality articles anonymously.
- Only a small number of sales of these items have been recorded so far on the dark web, probably due to availability of similar goods on the surface web and the wider customer base not being traditional dark web users.
- Child Sexual Exploitation Material (CSEM) also continues to be distributed via dark web platforms and there are signs of increasing activity around this criminal domain on the dark web during the duration of the COVID-19 pandemic.
- The users of dark web marketplaces, vendor shops and other platforms include both individual citizens and criminal groups seeking to obtain illicit products.
- The technical barriers to entry are minimal and the dark web is freely accessible to anyone with basic understanding of online technologies.
Outlook for the future:
- Changes in supply and demand can be expected
- For drug-related items, the outlook depends largely on supply chains and the ease with which certain drugs can be obtained.
- For COVID-19 related items, demand will likely continue to mirror products sought after on surface web platforms
16 May 2021
|
Report
:
Catching the Virus Cybercrime, Disinformation and the COVID-19 Pandemic
Increased problems with the spread of disinformation during the COVID-19 crisis
Many Member States have reported problems regarding the spread of disinformation during the current COVID-19 crisis. Hybrid threats are broad and complex attacks on governance. A wide range of measures applied in hybrid campaigns include cyberattacks and disinformation, disruption of critical services, undermining of public trust in governmental institutions and exploiting social vulnerabilities.
- Spread of fake news is a key fixture of the hybrid threat landscape
- Both seasoned cybercriminals and opportunistisc individuals spread disinformation in order to benefit.
Disinformation and misinformation around COVID-19 continue to proliferate around the world, with potentially harmful consequences for public health and effective crisis communication. Some state and state-backed actors seek to exploit the public health crisis to advance geopolitical interests, often by directly challenging the credibility of the EU and its partners.
Outlook for the future:
The spread of disinformation and misinformation around COVID-19 has potentially harmful consequences for public health and effective crisis communication. On a broader level, coordinated disinformation campaigns can feed distrust in the ability of democratic institutions to deliver effective responses to the current situation. Criminal organisations, state and state-backed actors seek to exploit the public health crisis to advance geopolitical interests.
16 May 2021
|
Report
:
Catching the Virus Cybercrime, Disinformation and the COVID-19 Pandemic
The threat of DDoS-attacks in the Dutch healthcare sector remains relatively low
Whilst an increase can be seen regarding the number and intensity of DDoS attacks across many domains, the threat of DDoS attacks in the Dutch healthcare sector remains relatively low. However, it is concerning that cybercrimegroups are actively using DDoS attacks as a tactic. DDoS attacks can for example be bought on the darkweb for relatively little money, but suppliers of DDoS attacks are also advertising more and more on regular social media platforms.
19 May 2021
|
Report
:
Cybersecurity Dreigingsbeeld Zorg 2020
An increase in phishingcampaigns in the Dutch healthcare sector
In 2020, an increase can be seen in the number of performed phishingcampaigns, specifically targeting the Dutch healthcare sector. Actors are for example utilising COVID-19 related subjects in their phishingmails in order to persuade receivers to click on malicious links. Subjects such as 'vaccins', 'medical research' and 'face masks' were frequently used.
19 May 2021
|
Report
:
Cybersecurity Dreigingsbeeld Zorg 2020
Three types of financial fraud targeting the Dutch healthcare sector
In 2020, three types of financial fraud, specifically targeting the Dutch healthcare sector, were detected. Often, the same type of fraud attempt would occur at multiple healthcare organisations.
1. CEO-fraud. The attacker sends a fraudulent email on behalf of the CEO of an organisation, often with the request to transfer money.
2. Fake (medical) invoices.
3. Fraudulent requests to change bankaccount numbers.
19 May 2021
|
Report
:
Cybersecurity Dreigingsbeeld Zorg 2020
Ransomware is seen as the largest threat to the Dutch healthcare sector
Specifically targeted ransomware attacks, conducted by cybercriminals, are seen as the largest threat to the Dutch healthcare sector. Ransomware has the ability to affect the availability of data, operational processes and patient security. Although no ransomware attacks, resulting in major impact, were conducted in the Dutch healthcare sector in 2020, the threat remains high and present. The threat is seen according to three factors:
1. Dutch healthcare institutions are frequently scanned by malicious actors.
2. Dutch healthcare institutions received malware that was configured to download ransomware.
3. Dutch healthcare institutions frequently received malware (Emotet) through email. Such malware is often an indication for ransomware.
19 May 2021
|
Report
:
Cybersecurity Dreigingsbeeld Zorg 2020
Data leaks are a regular occurrence in the Dutch healthcare sector
Data leaks that occur in the Dutch healthcare sector are mainly caused by malware, human mistakes, phishing and vulnerable web applications. (Personal) data that is released during such data leaks is known to be traded by cybercriminals on the dark web.
19 May 2021
|
Report
:
Cybersecurity Dreigingsbeeld Zorg 2020
Credential phishing attacks targeting the Dutch healthcare sector have decreased in 2020
In a credential phishing attack, usernames and passwords of individuals are stolen by letting them log-in on a fake website. In 2020, such incidents occurred less in the Dutch healthcare sector, compared to the year before. A possible explanation for the decrease is the implementation of multi-factor authentication in many healthcare institutions.
19 May 2021
|
Report
:
Cybersecurity Dreigingsbeeld Zorg 2020
Emotet malware has led to data leaks in the Dutch healthcare sector
In 2020, cybercriminals have caused a large scale spread of the malware Emotet. This type of malware has affected multiple health institutions in the Netherlands. The malware has the ability to steal an individuals' e-mail, which has directly led to multiple data leaks in the Dutch healthcare sector.
19 May 2021
|
Report
:
Cybersecurity Dreigingsbeeld Zorg 2020
Outlook for the distribution of child sexual exploitation material online
Outlook for the future:
Offenders are likely to attempt to take advantage of emotionally vulnerable, isolated children through grooming and sexual coercion and extortion, while children that are allowed greater unsupervised internet access will be increasingly vulnerable to exposure to offenders through online activities. Adults working remotely subsequently are not as able to supervise their children’s internet activity or actively engage with them offline to effectively monitor for signs of stress, isolation and loneliness. Furthermore, Children could be more exposed, through less secure online educational applications, to unwanted attention from adults or identification of their personal information. Also children may be more inclined towards self-production of CSEM for exchange with peers or to send to others including adults depending on various factors.
29 May 2021
|
Report
:
Catching the Virus Cybercrime, Disinformation and the COVID-19 Pandemic
There is a high risk of increased gang violence amid rising authoritarianism in Haiti
Amid a worsening political crisis, the security situation in Haiti has continued to deteriorate as levels of gang violence have increased. Throughout 2020, violence against civilians in the country rose by nearly 35% compared to 2019. Violence has been concentrated mostly in the impoverished neighborhoods of Port-au-Prince, which are divided and controlled by local gang lords.
The upsurge of violence in Haiti is largely tied to the operations of local gangs whose activities are often connected to political developments in the country. In 2020, the majority of violence against civilians was perpetrated by both known and unidentified criminal groups. The rise of gang violence is likely connected to the end of President Jovenel Moise’s constitutional mandate on 7 February 2021 and to the upcoming elections scheduled for September 2021.
15 February 2023
|
External
:
Ten Conflicts to Worry About in 2021
Cyber Resilience Act (CRA), European Commission
The Cyber Resilience Act (CRA) is a new proposal for regulation to define the legislative framework of essential cybersecurity requirements that manufacturers must meet when placing any product with digital elements on the internal market.
10 April 2024
|
Report
:
Cyber Resilience Act (CRA)
Virtual meeting platforms have become a popular medium for BEC-scams.
During the pandemic a lot more business was conducted in online work/meeting spaces. This is also abused by threat actors via a compromised business e-mail adress in combination with video/audio spoofing.
11 January 2023
|
Report
:
Internet Crime Report 2021
Increase in BEC, Covid-19 is still the lure in E-mail fraud campaigns
E-mail related threats have been consistently ranking high in the list of prime threats in the ETL for a number of years. Phishing aims at stealing important information like credit card numbers and passwords, through e-mails involving social engineering and deception. Business e-mail compromise (BEC) is a sophisticated scam targeting businesses and organisations, whereby criminals employ social engineering techniques to gain access to an employee’s or executive’s e-mail account to initiate bank transfers under fraudulent conditions. As expected, the COVID-19 pandemic has given rise to this category of threats, since people’s online presence and need for communication has greatly risen during this period. Moreover, the digitalisation of many traditional services grew at an unprecedented rate during the pandemic, and given e-mail’s lead role as a communications means, the increase in e-mail related threats was undeniable.
4 November 2021
|
Report
:
Enisa Threat Landscape 2021
Trends in threats against data
Threats against data form a collection of threats that target data sources with the aim of gaining unauthorised access, disclosure, misinformation, disinformation, etc. They are mainly referred to as data breaches or data leaks and refer to the release of sensitive, confidential or protected data to an untrusted environment. Threats against data consistently rank high among the leading threats of the ETL and this trend continues in the reporting period of the ETL 2021. Moreover, given the significance of data and in particular of private and sensitive data, adversaries are combining more sophisticated threats to target data, such as ransomware or supply chain attacks. We observed an increasing trend in the number of incidents reported during 2021. This observation relates primarily to the surge of data breaches in the health sector.
4 November 2021
|
Report
:
Enisa Threat Landscape 2021
2021 Trends in Ransomware and Malware
The occurrence of multiple ransomware extortion schemes increased strongly during 2021. After initially stealing and encrypting sensitive data from organisations and threatening to release it publicly unless a payment is made, attackers also target the organisations’ customers and/or partners for ransom to maximise their profits. However, malware attacks decreased heavily during the reporting period. Research has shown that attacks in North America decreased by 43% in 2020 compared to 2019. This drop was almost same in Europe, while a decrease of 53% was noticed in Asia. One of the key factors for this reduction could be linked to the COVID19 pandemic.
4 November 2021
|
Report
:
Enisa Threat Landscape 2021
2021 Trends in Cryptojacking
Cryptojacking or hidden cryptomining is a type of cybercrime where a criminal secretly uses a victim’s computing power to generate cryptocurrency. This usually occurs when the victim unwittingly installs a program with malicious scripts that allow the cybercriminal to access their computer or other Internet-connected devices, e.g. by clicking on an unknown link in an e-mail or visiting an infected website. Programs called ‘coin miners’ are then used by the criminal to create or ‘mine’ cryptocurrencies. During the reporting period there was a growing trend in cryptojacking, which could perhaps be associated with the increasing volatility in the cryptocurrency market that was observed during the same period. Moreover, given that cryptocurrencies offer (pseudo) anonymity, they become a very attractive and convenient means of exchange by cybercriminals. Accordingly, it should be noted that cryptocurrencies in general are requested when asking for ransom in ransomware attacks
4 November 2021
|
Report
:
Enisa Threat Landscape 2021
Trends in DDoS and web-used attacks against availability and integrity
Availability and integrity are the target of a plethora of threats and attacks, among which the families of Distributed Denial of Service (DDoS) and Web Attacks stand out. DDoS and web-based attacks are often coordinated activities. DDoS attacks can be built on a web-based attack, which are often distributed through web applications. For instance, web-based attacks can be adopted to build a botnet that is then used to carry out a denial of service attack aimed to make a system unavailable. Both web attacks and DDoS attacks have remained stable over the years, while some interesting points on their evolution may be noted. According to EUROPOL, “the threat potential of DDoS attacks is higher than its current impact in the EU.
4 November 2021
|
Report
:
Enisa Threat Landscape 2021
More vigilance is needed ahead of the 2024 European elections, increased cyber threats, ransomware remains the prime threat, new emerging techniques with AI
ENISA notes a significant increase in the variety and quantity of cyberattacks, especially on public administration. Therefore, more vigilance is needed ahead of the 2024 European elections. Cybercriminals are influenced by geopolitical events and the war in Ukraine influenced the threat landscape. Ransomware ranks the highest in prime threat. New emerging techniques with the use of AI in attacks.
23 October 2023
|
Report
:
ENISA Threat Landscape 2023
Increasing attention is given to the issue of attribution in cyberspace
Attribution can be broadly defined as the process of assigning responsibility for a (malicious) cyber activity to a specific actor on the basis of the available evidence, including all-source intelligence, forensic investigation, and taking into account the political context. Given the sensitive nature of such evidence and the implications that a decision about attribution might have on bilateral relations between the accuser and the accused, states maintain their exclusive right to attribute (or not) a cyber operation based on their own methods, procedures and political interests.
the relatively short history of attribution of cyber-attacks, states have used different paths . While many initiatives hardly ever see daylight and are hidden from the scrutiny of public opinion, some states have also opted for more public forms of attribution through indictments under criminal law and political attributions – albeit with a very limited reference to international law and norms that have been violated.
14 April 2021
|
Report
:
Three tales of attribution in cyberspace
NCSC Trend List 2021: Expectations of the NCSC in the field of cybersecurity
The NCSC Trend List helps organizations to look ahead in the field of cybersecurity based on trends and expectations. Trends are things that are already happening and expectations are things that may come into play in the coming years. Depending on developments, these expectations may shift in time and/ or relevance. That is why the NCSC will regularly update the Trend List.
16 February 2022
|
External
:
NCSC Trend list 2021
Supply chain cybersecurity: a sometimes overlooked essential to securing your business.
In today’s networked digital infrastructures, it is no longer enough to ensure the security of one’s own IT networks and systems. Incidents elsewhere in the chain can have an immense impact as they trickle down. Suppliers, vendors, contractors, and other third parties have become part of the security risk area. Meanwhile, hostile hackers no longer require to actually gain access to their main target to get to their end goal. Supply chains have essentially become supply networks. And while the challenges for protecting an organization continue to rise, the connectivity offers a learning opportunity and potential cost savings as well. For companies that have already been attacked, it is worth sharing their experiences and best practices. Those who haven’t would be wise to learn from others, because it’s improving their security posture as well as the supply network that they’re part of.
28 January 2022
|
Report
:
Als de Keten Zelf de Zwakste Schakel is
Drug dealers and organised crime are thriving due to a lack of detection and prosecution
The Netherlands is known as a transit country for drugs and drug related money. The drug trade has severe consequences for the Dutch society, the legal system and the rule of law. Such consequences are the existence of a parallel drug economy, climate pollution, extortion, assassinations and threats to the civilian population. Over the last couple of years, drug dealers are thriving and organised crime has developed itself into a professional system. These trends are caused by a lack of detection and prosecution activities by the police and the judicial powers.
21 April 2021
|
Report
:
Trendbeeld 2020
Threats from the criminal world towards individuals and groups are increasing
Threats from the criminal world are targeted towards a more diverse set of individuals and groups. Not only family members, but also mayors, journalists and lawyers receive more imminent threats from the criminal world. For example in 2019, a Dutch lawyer named Derk Wiersum got assassinated. The received threats lead to a growing sense of unrest amongst the judicial powers, public prosecutors, lawyers, municipalities and the police.
21 April 2021
|
Report
:
Trendbeeld 2020
Incidents in the municipality of Amsterdam, involving firearms, knives and explosives have led to an increase in concerns amongst the police
In 2019, multiple incidents have occurred involving firearms, knives and explosives in the regional area of Amsterdam. These incidents range from stabbings and shootings to violent encounters between youth groups. Both the amount of violence that is used during such incidents and gun - and knife possession seem to be increasing. Also, the utilisation of such weapons seems to be more normalised. Knives and guns are for example used by drug dealers to protect their 'stock' from being stolen.
21 April 2021
|
Report
:
Trendbeeld 2020
The illegal trade in firearms is thriving in the municipal area of Amsterdam
Currently there is a thriving illegal firearms trade in the municipal area of Amsterdam, due to a high supply and demand for firearms and munition. In particular, more gas- and alarmfirearms and deactivated firearms are being traded. The Netherlands functions as both a transit and destination country for the illegal firearms trade.
21 April 2021
|
Report
:
Trendbeeld 2020
Increased use of violence by criminals
The use of violence by criminals involved in serious and organised crime in the EU appears
to have been increasing in terms of the frequency of use and its severity. Criminals use violence indiscriminately and target victims without regard for their involvement or standing, often accepting harm to innocent bystanders. The threat from violent incidents
has been augmented by the frequent use of firearms or explosives in public. Perpetrating violence on behalf of a criminal client is increasingly being marketed as a service, often via dark web platforms and encrypted communication applications.
17 May 2021
|
Report
:
European Union Serious and Organised Crime Threat Assessment
Corruption is a feature of most criminal activities in the EU
Corruption is a feature of most, if not all, criminal activities in the EU. Corruption takes place at all levels of society and can range from petty bribery to complex multi-million-euro corruption schemes. Corruption erodes the rule of law, weakens institutions of states and hinders economic development. Corruption is a key threat to be addressed in the fight against serious and organised crime. Almost 60 % of the criminal groups reported for the SOCTA 2021 engage in corruption.
17 May 2021
|
Report
:
European Union Serious and Organised Crime Threat Assessment
Scale and complexity of money laundering activities in the EU have previously been underestimated
The scale and complexity of money laundering activities in the EU have previously been underestimated. Serious and organised crime in the EU fundamentally relies on the ability to launder vast amounts of criminal profits. For this purpose, professional money launderers have established a parallel underground financial system to process transactions and payments isolated from any oversight mechanisms governing the legal financial system. This parallel system ensures that the criminal proceeds cannot be traced as part of a sophisticated criminal economy.
17 May 2021
|
Report
:
European Union Serious and Organised Crime Threat Assessment
Legal business structures are used to facilitate criminal activity
Legal business structures such as companies or other entities are used to facilitate virtually
all types of criminal activity with an impact on the EU. Criminals directly control or infiltrate legal business structures in order to facilitate their criminal activities. All types of legal businesses are potentially vulnerable to exploitation by serious and organised crime.
More than 80 % of the criminal networks active in the EU use legal business structures
for their criminal activities. About half of all criminal networks set up their own legal
business structures or infiltrate businesses at a high level.
17 May 2021
|
Report
:
European Union Serious and Organised Crime Threat Assessment
The use of technology is a key feature of serious and organised crime in 2021
The use of technology is a key feature of serious and organised crime in 2021. Criminals exploit encrypted communications to network among each other, use social media and instant messaging services to reach a larger audience to advertise illegal goods or to spread disinformation. The online environment and online trade provide criminals access to expertise and sophisticated tools enabling criminal activities.
17 May 2021
|
Report
:
European Union Serious and Organised Crime Threat Assessment
COVID-19 has had a significant impact on the serious and organised crime landscape in the EU
The COVID-19 pandemic has had a significant impact on the serious and organised crime
landscape in the EU. Criminals were quick to adapt illegal products, modi operandi and
narratives in order to exploit the fear and anxieties of Europeans and to capitalise on the scarcity of some vital goods during the pandemic. While some criminal activities will or have returned to their pre-pandemic state, others will be fundamentally changed by the
COVID-19 pandemic. The immediate impact of the COVID-19 crisis has been most visible in the counterfeiting and distribution of substandard goods, cybercrime, organised property crime, and various types of fraud schemes.
The COVID-19 pandemic has presented unique opportunities for fraudsters seeking to profit from the insecurity, restrictions and booming demand for certain products as a result of this crisis. Examples include investment fraud, CEO fraud, non-delivery fraud, romance fraud, fake invoice fraud, social benefit fraud, bank fraud, and subsidy fraud.
The long-term consequences of the pandemic may manifest particularly severely in the area of financial crime. Businesses operating in sectors suffering particularly negative
economic pressures, such as the hospitality, catering and tourism sectors, are becoming
more vulnerable to criminal infiltration.
17 May 2021
|
Report
:
European Union Serious and Organised Crime Threat Assessment
Serious and organised crime deeply affects all layers of society
Serious and organised crime deeply affects all layers of society; in addition to the direct
impact on the daily lives of EU citizens, it also undermines the economy, state institutions
and the rule of law.
17 May 2021
|
Report
:
European Union Serious and Organised Crime Threat Assessment
A potential economic recession following the COVID-19 pandemic will shape serious and organised crime in the EU
A potential deep economic recession following the COVID-19 pandemic will fundamentally shape serious and organised crime in the EU for the near future. Previous periods of economic stress can provide some degree of insight into how these developments might affect crime in the EU and what responses need to be formulated to counter existing and emerging threats to the EU’s internal security during this time. A global economic crisis may bring ordinary EU citizens into closer proximity to organised crime. Communities may become more tolerant of certain types of crime such as the distribution of counterfeit goods or the cultivation of cannabis.
17 May 2021
|
Report
:
European Union Serious and Organised Crime Threat Assessment
The organised crime landscape is characterised by a networked environment with a high level of adaptivity
The organised crime landscape is characterised by a networked environment where cooperation between criminals is fluid, systematic and driven by a profit-oriented focus. Similar to a business environment, the core of a criminal network is composed of managerial layers and field operators. This core is surrounded by a range of actors linked to the crime infrastructure providing support services, such as brokers, document
fraudsters, technical experts, legal and financial advisors, money launderers and other service providers. A key characteristic of criminal networks, once more confirmed by the pandemic, is their agility in adapting to and capitalising on changes in the environment in which they operate. Obstacles become criminal opportunities and may be as simple as adapting the narrative of a known modus operandi.
17 May 2021
|
Report
:
European Union Serious and Organised Crime Threat Assessment
Illicit tobacco products are increasingly produced in the EU
As part of excise fraud, illicit tobacco products are increasingly produced in the EU, in modern and more professional production facilities, established closer to destination markets.
17 May 2021
|
Report
:
European Union Serious and Organised Crime Threat Assessment
The number of incidents of organised property crime remains high
The overall number of incidents of organised property crime remains high, especially for domestic burglaries, with more than one million cases a year, directly affecting millions of people. Mobile organised crime groups (MOCGs) continue to travel long distances from region to region and country to country committing organised property crime. The MOCGs easily shift from domestic burglaries to burglaries targeting business premises, physical ATM attacks, fraud schemes, cargo crime, pickpocketing, fencing, motor vehicle crime, illegal trade in cultural goods, shoplifting or metal theft, depending on the season or market circumstances.
17 May 2021
|
Report
:
European Union Serious and Organised Crime Threat Assessment
Steps in the human trafficking process have moved to the online domain
Several steps in the criminal process of trafficking in human beings, such as recruitment of
victims and advertisement of services, have moved almost entirely to the online domain.
The boundary between victim and accomplice has become blurred, with female victims also taking up organisational roles and with seemingly formal business agreements preventing victims from identifying as such.
17 May 2021
|
Report
:
European Union Serious and Organised Crime Threat Assessment
The market for migrant smuggling services has been sustained despite the consolidation in migration flows
The market for migrant smuggling services has been sustained despite the consolidation in migration flows reaching the EU since the height of the migratory crisis. Facilitation of entry in the EU fluctuates in line with the changing entry routes, whereas facilitation of secondary movements and legalisation of stay is less visible but equally profitable for criminal networks.The recklessness of criminal networks is clearly illustrated in this criminal activity.
Irregular migrants are exposed to high fees for services that increasingly violate their physical and psychological integrity during the journey. In addition, they are often vulnerable to further exploitation upon arrival. The COVID-19 pandemic has highlighted that global crises do not diminish the demand for smuggling services to enter, transit or reside in the EU.
17 May 2021
|
Report
:
European Union Serious and Organised Crime Threat Assessment
Increased sophistication and number of cyber-dependent attacks
The threat from cyber-dependent crime has been increasing over the last years, not only in
terms of the number of attacks reported but also in terms of the sophistication of attacks. Examples include malware, ransomware, and DDoS attacks. Cyber-dependent crime is likely significantly underreported. The rapidly progressing digitalisation of society and the economy constantly creates new opportunities for criminals involved in cyber-dependent crime. Businesses are increasingly the targets of cyberattacks. Public institutions, including critical infrastructures such as health services, continue to be targeted by cybercriminals.
Despite an increasing number of investigations into cyber-dependent crimes and other cybercrime activities, the number of criminal networks is low. One of the reasons could be that cybercrime involves many criminals operating individually and not in the framework of established networks.
17 May 2021
|
Report
:
European Union Serious and Organised Crime Threat Assessment
Increase in activities related to online child sexual abuse
There has been a continuous increase in activities related to online child sexual abuse
over recent years. This development has further intensified during the COVID-19 pandemic. Online child sexual abuse likely remains highly underreported. Many victims remain unidentified and their abusers undetected.
17 May 2021
|
Report
:
European Union Serious and Organised Crime Threat Assessment
The trade in illegal drugs continues to dominate serious and organised crime in the EU
The trade in illegal drugs continues to dominate serious and organised crime in the EU in terms of the number of criminals and criminal networks involved as well as the vast amounts of criminal profits generated as part of the production, trafficking and distribution of illegal drugs. Much of the violence associated with serious and organised crime is related to the trade in drugs. The nature of the violence appears to have changed, a growing number of criminal networks use violence in a more offensive way.
-Unprecedented quantities of cocaine are trafficked to the EU from Latin America
-The trade in cannabis is ubiquitous in the EU
-Criminal networks have been increasing their capacities for the production and distribution of synthetic drugs.
17 May 2021
|
Report
:
European Union Serious and Organised Crime Threat Assessment
The move toward cashless economies creates powerful incentives for payment fraudsters
Non-cash payment fraud and cyber-scams are well established criminal activities that have been targeting the EU for decades now. The ongoing digitalisation of almost all aspects of life creates additional opportunities for cybercriminals. The move toward cashless economies creates powerful incentives for payment fraudsters. Cybercriminals seek to compromise online payments, internet and mobile banking, online payment requests, contactless payments (both card-present and not) and mobile applications.
18 May 2021
|
Report
:
European Union Serious and Organised Crime Threat Assessment
Waste management is a lucrative and fast‑developing industry, which increasingly attracts criminals
Illicit waste trafficking entails the ‘illegal transportation, processing, disposal, recycling or recovery of various waste materials’. Trafficked waste materials include both non-hazardous and hazardous waste. The majority of the reported waste trafficking cases involved individuals working in or operating waste management companies as managers or staff, who violate national and international legislation and standards regulating the collection, treatment and disposal of waste to maximise profits.
18 May 2021
|
Report
:
European Union Serious and Organised Crime Threat Assessment
Wildlife traffickers increasingly target endemic and non-CITES listed European species, as well as exotic reptiles
Traffickers increasingly target endemic and non-CITES-listed European species, in particular birds and big cats. There has also been an increase in demand for exotic reptiles. Traffickers may further concentrate their activities on endemic and non-CITES-listed specimens to circumvent current international legislative frameworks, which mostly cover endangered wildlife. The majority of trafficked animals are sold and bought
online. Criminal groups composed of EU and non-EU nationals are involved in wildlife trafficking across several continents.
18 May 2021
|
Report
:
European Union Serious and Organised Crime Threat Assessment
Trade in illegal firearms and explosives
The trade in illegal firearms is a key enabler for other criminal activities such as drug trafficking and amplifies the threat they pose to the internal security of the EU. The smuggling of large weapons caches to the EU is rare. Illegal firearms available in the EU are
typically either diverted from legal supply chains, converted, reactivated or modified within the EU or originate from weapon stocks outside the EU.
18 May 2021
|
Report
:
European Union Serious and Organised Crime Threat Assessment
Customs import fraud resulted in financial losses of at least EUR 5.5 billion to the EU budget between 2016 and 2019
Customs import fraud resulted in financial losses of at least EUR 5.5 billion to the EU budget between 2016 and 2019. The evasion of duties on goods imported into the EU negatively affects the financial interests of the EU and threaten legitimate companies operating in the Member States. Dumping practices create unfair competition to legitimate businesses and their products and market distortion.
18 May 2021
|
Report
:
European Union Serious and Organised Crime Threat Assessment
Fuel fraud causes revenue losses of billions of euros to EU Member States
Criminal networks abuse price differences as part of different oil fraud schemes. Fuel fraud causes revenue losses of billions of euros to Member States. The negative impact of fuel fraud on the environment is a significant concern in some Member States. An increasing shift to non-fossil fuels will create additional opportunities for fuel fraudsters. Criminals will exploit emerging opportunities in this area by abusing biofuels in fraudulent biodiesel trades. The production and use of so-called designer fuels as diesel is still a significant threat.
18 May 2021
|
Report
:
European Union Serious and Organised Crime Threat Assessment
VAT fraudsters continue to generate multi-billion-euro profits in the EU
Value-added tax (VAT) fraud consists of avoiding the payment of VAT or fraudulently claiming repayments of VAT from national authorities following an illicit chain of transactions. VAT fraudsters continue to generate multi-billion-euro profits in the EU. Up to EUR 50 billion are lost due to the activities of VAT fraudsters every year. By creating economic imbalances and market distortion, these criminal activities weaken the integrity of the
national and international markets and financial systems and support the growth of underground economies.
18 May 2021
|
Report
:
European Union Serious and Organised Crime Threat Assessment
Human trafficking is a core activity of crime in the EU, and it is believed to remain significantly underreported
THB is a core activity of serious and organized crime in the EU and is set to remain a threat to the EU for the foreseeable future. Trafficking in human beings is believed to remain significantly underreported. THB for labour exploitation in particular is increasing in the EU. Prevalent forms of human trafficking include sexual exploitation, labour exploitation, forced criminality, and child trafficking.
18 May 2021
|
Report
:
European Union Serious and Organised Crime Threat Assessment
Prevalence of document fraud
Document fraud is an enabler for most criminal activities. Its prevalence is partly due to the fact that it does not necessarily require sophisticated tools or excessive monetary investment. Indeed, even though advanced technologies are occasionally used, most of the production can be done with standard equipment such as computers, scanners and printers.
18 May 2021
|
Report
:
European Union Serious and Organised Crime Threat Assessment
The levels of counterfeit goods production and distribution have remained stable in the EU for the last four years
The levels of counterfeit goods production and distribution have remained stable in the EU for the last four years. The sale of counterfeit goods via online platforms has become even more prevalent and mirrors the increasing role of the internet as the premier retail
avenue for legal products and services. For example: Food and drink fraud, pharma crime, and digital content piracy.
18 May 2021
|
Report
:
European Union Serious and Organised Crime Threat Assessment
The availability and distribution of counterfeit banknotes via dark web platforms has increased
The availability and distribution of counterfeit banknotes via dark web platforms has increased: various currencies and denominations are advertised and traded online,
including material and equipment for illicit production, tutorials on how to produce counterfeit banknotes and information on protective elements.
18 May 2021
|
Report
:
European Union Serious and Organised Crime Threat Assessment
EU Member States are progressing at different speeds in building up digital infrastructures, leading to potential vulnerabilities
- There is a risk that the exponential increase in data will overwhelm governments who are unable to manage, safeguard and effectively use this information.
- States risk ceding control over many areas of finance and the economy to the private companies that dominate the digital space
- The monopoly on data held by third parties will continue to pose increasing risks of manipulation and criminal use of personal information.
- Widespread adoption of cryptocurrencies by legitimate businesses and individuals could have a significant impact.
- As digitalisation increases, so do the challenges from the increasing spread of misinformation, fake news and conspiracy theories. The use of deepfakes will probably become a serious challenge for the digital environment.
18 May 2021
|
Report
:
European Union Serious and Organised Crime Threat Assessment
Criminals will seek to profit from the Green Transition
Criminals will seek to profit from this development by orchestrating increasingly complex and far-reaching fraud schemes involving investments, energy and green certifications. Illicit waste management will be a significant growth sector as prices for legal waste management services will continue to increase. Food security and food safety will become increasing concerns. Environmental crimes with significant impact on biodiversity (such as illegal fishing, illegal logging, and wildlife poaching) are very difficult to detect. Fraud related to food and the distribution of counterfeit products and beverages will increase, leading to a decline in consumer trust.
18 May 2021
|
Report
:
European Union Serious and Organised Crime Threat Assessment
The COVID-19 crisis provides opportunities for crime
Criminals have utilised the COVID-19 crisis to conduct various crimes. For example, in 2019 the spread of child pornography has increased. Now, during the COVID-19 crisis, there are indications that the spread of child pornography has increased even further. Also, due to the economic consequences of the pandemic, individuals become vulnerable to organised crime groups.
20 May 2021
|
Report
:
Strategisch Omgevingsbeeld 2020
The number of cybercrime related reports and criminal cases are increasing
In the Netherlands (2020), the number of cybercrime related reports and criminal cases are increasing, as well as the amount of cybercriminals. Private citizens are targeted more often than companies (8-15% of Dutch citizens are victim), however companies face greater financial loss. During the COVID-19 crisis, cybercriminals have developed new ways of utilising phishing and fraud techniques.
31 May 2021
|
Report
:
Strategisch Omgevingsbeeld 2020
The chance of the occurrence of a terrorist attack remains considerable
Jihadism remains to pose the most important terrorist threat to the Netherlands. Most of the jihadist related terrorist threats come from lone-wolfs.
In 2020, right-wing extremists and left-wing extremists have not conducted any terrorist related attacks. However, a small group with anti-government sentiments have caused some violent activities.
31 May 2021
|
Report
:
Strategisch Omgevingsbeeld 2020
Increase in the number and complexity of cyber incidents
The number of incidents increased again in 2020. The number of phishing attacks in particular has risen sharply. With regard to phishing incidents, it is striking that cyber criminals are becoming increasingly aware of the organizations they want to attack. Specific officers within the organization are approached in a targeted manner. Ransomware attacks have not shown a strong increase in the Netherlands, but the requested ransom has increased. Working methods continue to become more sophisticated, with cyber criminals working together to achieve their goals.
3 June 2021
|
Report
:
Cyberdreigingsbeeld onderwijs en onderzoek 2020-2021
The number of DDoS attacks has remained stable, but their intensity and length have increased
The number of Denial-of-Service (DoS) attacks has not changed much in 2020 compared to 2019. Attacks do last longer and that there have been some very powerful attacks, possibly related to the Covid-19 pandemic.
4 June 2021
|
Report
:
Cyberdreigingsbeeld onderwijs en onderzoek 2020-2021
Delloite's 2021 Future of Cyber Survey showcases the current cybersecurity landscape from the perspective of executives.
As organizations navigate an evolving threat landscape and an increase in cybersecurity incidents, it’s important to have plans in place to mitigate such attacks, while also contending with both talent shortages and technology challenges. But how do the cybersecurity views of executives in the US stack-up against those of executives in the rest of the world? Deloitte Touche Tohmatsu Limited’s 2021 Future of Cyber report surveyed over 577 C-suite executives globally –159 in the US and 418 outside of the US in the ROW – across several industries regarding their organizations’ cybersecurity programs.
3 November 2021
|
Report
:
Deloitte Future of Cyber Survey
Software supply chain attacks remain a major problem in 2021 cybersecurity
Throughout 2021, software supply chain attacks grew in both frequency and scale. Researchers concluded that software supply-chain attacks increased by no less than 650% throughout the year. A study issued by the European Union Agency for Cybersecurity (ENISA) reviewed two dozen incidents and found that 66% of supply chain attacks were committed by exploiting an unknown vulnerability, while only 16% leveraged known software flaws. Most attacks actually targeted software code. This year, it seems that organizations were once again caught largely unprepared, as a survey concluded that 82% of companies designate the third party vendors that make up their software supply chain with highly privileged roles. 76% provide roles that could allow account takeover, and, worst of all, over 90% of designated security teams were not aware that such permissions were even granted.
21 March 2022
|
Report
:
Cloud services increasingly under attack in 2021
In 2020, the global pandemic brought significant changes to the corporate work environment as well as corporate network architecture. Within those changes, both the shift to cloud-based architecture – meant to address the need for hybrid, remotely- managed networks – and the preference for as-a-service providers over traditional suppliers, have really stood out in terms of the scale of their adoption. Subsequently, in 2021, it became clear that cloud environments were also growing in popularity among end users. By mid-year, Gartner had released its forecast stating that end-user spending on public cloud services was estimated to grow by 23% in 2021 to over US$ 332 billion, compared to US$ 270 billion in 2020 and US$ 242.7 billion in 2019. Enterprises are now allocating large-scale funds to multi-cloud architectures, with Microsoft Azure and AWS leading in popularity, and Google Cloud Platform, IBM, VMWare and others dominating a respectable share of the market.
21 March 2022
|
Report
:
Ransomware changed in 2021
Gone are the days when ransomware operators negotiated a ransom of US$ 200 for your family photos. Today’s ransomware economy is a complex operation extorting millions
of dollars per ransom, holding entire organizations captive under the threat of total
system shutdown. The evolution of the ransomware business model is at the core of this phenomenon. Ransomware-as-a-Service (RaaS) introduces affiliate programs at low onboarding costs, enabling any attacker to easily join the trend. The attacker selects one of the leading ransomware “projects” and follows the detailed, easy to follow complimentary operations manual, which contains complete instructions for every stage of the attack. If the intrusion was successful, the ransomware operators and affiliates share a percentage of the victim’s ransom payment. This extremely profitable scheme allows attackers to reach a wider range of victims and offers higher returns to all involved.
21 March 2022
|
Report
:
Check Point Cloud Security Report 2022
The return of Emotet malware in 2021
Emotet, one of the most dangerous and infamous botnets in history, is back, despite the long and synchronized efforts of the international community and law enforcement agencies worldwide that resulted in its take down in January 2021. Emotet, the banking Trojan turned modular botnet, is known for its massive reach of over 1.5 million infected computers worldwide, across thousands of compromised corporate networks. Emotet was used as a distribution platform to deliver other notorious malware families such as TrickBot, Qbot and Dridex, often resulting in network-wide ransomware attacks that crippled entire organizations. Inflicted damages were estimated at around US$ 2.5 billion, before it was forcibly shut down.
21 March 2022
|
Report
:
The Sustainable Rescue Foundation is a foundation committed to helping organisations disrupt the human trafficking exploitation model by integrating existing business best practices, digital technology, academic concepts and legislation to facilitate coll
The Sustainable Rescue Foundation is building an ecosystem to fight human trafficking using multi party computation (MPC). This ecosystem allows participants from both the law enforcement side as well as participants from the victim care side to exchange sensitive information about the type and size of trafficking in the Netherlands. This data is examined to gain a deeper understanding of the Modus Operandi (MO) of the traffickers, which enables us to enrich available information with new data driven insights thus allowing for earlier prevention and intervention
27 November 2023
|
News
:
Use Case Insights: Improved Monitoring of Human Trafficking by Sharing Insights
Criminals are taking steps in utilising AI-supported cyberattack techniques
Academic research on the utilisation of AI to improve the effectiveness of malware is still in its infancy state. However, the AI-support cyberattack techniques that have been studied, provide proof that criminals are currently taking steps to expand the use of AI.
On the other end of the spectrum, antivirus vendors look at ML as a tool to improve malware detection systems. ML has the ability to generalise new types of malware that have never been before.
11 May 2021
|
Report
:
Malicious Uses and Abuses of Artificial Intelligence
AI and ML algorithms are being integrated in various (malicious) applications
AI and ML algorithms are being integrated in various (malicious) applications. For example, AI algorithms can be utilised in combination with types of malware to attack cloud services and smart assistants. Furthermore, ML can be employed to improve password-guessing algorithms or breaking CAPTCHA security systems.
11 May 2021
|
Report
:
Malicious Uses and Abuses of Artificial Intelligence
AI-enabled tools to improve social engineering tasks
In 2020, social engineering serves as a top threat that is utilised for facilitating other forms of cybercrime. Various AI-enabled tools that improve social engineering tasks have surfaced. For example, AI-based reconnaissance tools are capable of finding social media accounts that are associated with a specific profile through the use of facial recognition algorithms. Other tools focus for example on real-time voice cloning.
11 May 2021
|
Report
:
Malicious Uses and Abuses of Artificial Intelligence
AI-based content generation
AI-based content generation refers to the ability of an AI algorithm to generate arbitrary content that would look human-made. For example, deep learning is currently utilised to produce human-like texts. Such AI-based content generation algorithms could be employed by criminals to generate and distribute new content and high-quality (spear-)phishing - and spam emails.
11 May 2021
|
Report
:
Malicious Uses and Abuses of Artificial Intelligence
AI-supported ransomware attacks
Cybercriminals are increasingly using ransomware to target city-wide services and municipalities. Consequently, the combination of AI and ransomware could potentially have even more damaging effects to such targets. Other targets, such as critical infrastructure and essential services are also highly vulnerable for AI-supported ransomware attacks. Damage to before mentioned targets can have serious consequences for a large geographical area.
12 May 2021
|
Report
:
Malicious Uses and Abuses of Artificial Intelligence
Attacks on healthcare are causing direct harm to people and are a threat to health, globally
When healthcare providers are attacked, clearly it is people who suffer the consequences. The direct victims of attacks are healthcare professionals and patients. The disruption of medical services and IT systems have an immediate impact on patient care.
Attacking healthcare in a connected world is having a societal impact on a global scale. The multiplication of attacks on healthcare, especially during the COVID-19 pandemic, is creating a global threat to health and human life.
28 May 2021
|
Report
:
Playing with Lives: Cyberattacks on Healthcare are Attacks on People
Cyber attacks are increasing and evolving as they continue to exploit vulnerabilities in the healthcare sector's fragile digital infrastructure and weaknesses in its cybersecurity regime
- Attacks are increasing as the arsenal of weapons used to target healthcare is evolving. The COVID-19 pandemic is giving rise to an alarming convergence of malicious and irresponsible behaviors. National statistics have shown that data breaches against healthcare in 2020 have increased significantly
- Ransomware creates both an immediate risk to patient care and long-last impact on healthcare organizations. The escalation of ransomware attacks are particularly dangerous as they put both patient care and healthcare sector capability in jeopardy.
- Healthcare has a fragile digital infrastructure. Threat actors are exploiting the complex, vulnerable, and sometimes outdated healthcare digital environments including medical devices and IT infrastructure. Security-by-design does not apply to legacy systems and is difficult to achieve with the multiplication of connected endpoints.
- Healthcare cybersecurity is under-financed.
- Technical and human resource limitations are preventing a healthy information-sharing environment within the healthcare sector.
Healthcare provides experienced a total of 348 ''hacking/IT incident'' related data breaches in 2020. This is a 39% increase from 2019.
28 May 2021
|
Report
:
Playing with Lives: Cyberattacks on Healthcare are Attacks on People
Creating a resilient IT-infrastucture with 3 principles
Because of the digitization of our society, many organizations' IT infrastructures are becoming more complicated, and thus also more vulnerable. The Dutch National Bureau for Connection Security (NBV) has developed a simplified approach to counteract cyberthreats. In this approach, the key is an organization-wide plan which looks more broadly than just the technical side of things. This approach is based on 3 main principles with 4 supporting pillars.
15 October 2021
|
Report
:
Verdedigbaar Netwerk: Hoe Doe Je Dat?
Protect domains against email spoofing and phishing by implementing email authentication with SPF, DKIM and DMARC.
The NCSC advises organisations to protect their domains against email spoofing and phishing by implementing email authentication using SPF, DKIM and DMARC. SPF allows domain owners to specify which mail servers are authorised to send email on their behalf, DKIM allows them to digitally sign emails, and DMARC enables them to publish a policy on how receiving mail servers should handle emails that fail SPF or DKIM checks. For government organizstions, the use of these email authentication techniques is mandatory, while for other organisations it is strongly recommended as an effective way to combat email-based attacks. The implementation of email authentication is considered a best practice that has already been widely adopted.
3 April 2024
|
Report
:
Handreiking 'Bescherm domeinen tegen phishing'
Computer vision and biometrics enhanced by AI for law enforcement agencies
In this rapidly evolving landscape, computer vision and biometrics have emerged as game-changers for law enforcement, utilising applications such as real-time processing and anomaly detection, AI enhanced video analysis and auto-reporting of incidents. Thereby amplifying and enhacing law enforcemement agencies' capabilities.
19 September 2024
|
Report
:
AI and policing - The benefits and challenges of artificial intelligence for law enforcement
Quantum computers: a major breach of confidentiality
The quantum computer is a new type of computer that is going to change the world. Its unparalleled computing power offers all kinds of new possibilities. Quantum computers can perform certain types of calculations much faster than the computers we know today.
• This computing power can be used to crack certain types of encryption.
• Measures must already be taken now for data that must be protected for a long time.
• Conduct an impact analysis to determine which measures your organization should take.
20 January 2021
|
Report
:
Trends in Veiligheid 2020
Use of the public cloud in the security domain
• Public cloud can be used safely.
• Cheaper than your own environment.
• Take adequate measures to keep data safe.
• Safety requires change in behavior.
20 January 2021
|
Report
:
Trends in Veiligheid 2020
Armament against advanced cybercrime
• Fighting cybercrime requires an offensive security strategy.
• Detection of cyber criminals' communications is the key to cybercrime prevention and detection.
• Resilience to cybercrime requires concrete observation
and attack simulations.
20 January 2021
|
Report
:
Trends in Veiligheid 2020
The illegal use of grenades and explosives has increased in 2018 and 2019
Over the course of 2018 and 2019, the illegal use of grenades and explosives has increased. For example, grenades and explosives are dropped off in front of various buildings and objects, such as company buildings, residential houses and ATMs. Many of these incidents occur in and around the city of Amsterdam.
21 April 2021
|
Report
:
Trendbeeld 2020
Trends in Cyber Attacks: 2021 Mid Year report
In the first half of 2021, cybercriminals continued to exploit the Covid-19 pandemic and the amount of ransomware attacks increased drastically (93%). Globally, the amount of weekly cyber-attacks per organization grew as well. For a majority of organizations internationally, a return to pre-pandemic ‘norms’ is still some way off. The enforced shift to remote working in March 2020 undoubtedly fast-forwarded ‘digital transformation’ and brought with it many benefits to our working lives. As such, the first half of 2021 has seen organizations commit to a continuous hybrid model. However, cyber criminals have continued to adapt their working practices in order to exploit this shift, targeting organizations’ supply chains and network links to partners in order to achieve maximum disruption.
28 September 2021
|
Report
:
Cyber Attack Trends
Ransomware negotiation economics; an increasingly relevant topic
Paying a ransom or negotiating with criminals is problematic to say the least. Still, a significant percentage of ransomware-affected businesses see no other option than to negotiate and in the end pay the ransom. But not much is known about the economic backgrounds of digital extortion and about the negotiation strategies in the case of digital extortion. That gap prompted the researchers to investigate negotiations that take place after the decision has been made to pay a ransom after a successful ransomware attack.
20 December 2021
|
Report
:
“We Wait, Because We Know You” Inside the Ransomware Negotiation Economics
Intellectual property crime during the COVID-19 pandemic
The following chapters will focus on the most recent developments and changes in online and offline intellectual property crime in the EU. They will focus on specific product sectors, such as clothes, accessories and luxury goods, electronic/electrical devices, mobile phones and components, food and drinks, perfumes and cosmetic products, pesticides, pharmaceutical products, piracy, tobacco products, toys and other commodities. Transversal issues will also be analysed, including physical and
online market places, routes, financial dimension and money flows, new criminal opportunities and modus operandi in the context of the COVID-19 pandemic, crime enablers, links with other criminal activities and the impact of IP crime. Specific examples will be included to better illustrate the different types of crimes.
18 March 2022
|
Report
:
Intellectual Property Crime Threat Assessment 2022
Are Dutch cities and municipalities prepared for cyber disruptions?
The following research questions have been formulated in order to identify what knowledge and expertise security regions need for consequence management of cyber incidents and what possibilities exist for mobilizing this knowledge and expertise for regional crisis management:
1. What knowledge and expertise are available in safety regions for the (preparation for the) combating of cyber incidents?
2. What knowledge and expertise is still lacking within safety regions for the (preparation for the) combating of cyber incidents?
3. What lessons on knowledge and skills emerge from evaluated incidents and exercises within safety regions?
4. How can safety regions mobilize needed cyber knowledge and expertise for cyber incident response?
17 March 2022
|
Report
:
Kennis en Kunde voor Regionale Cybergevolgbestrijding
Twee derde bedrijven wereldwijd slachtoffer Ransomware
Een lucratieve business met veel slachtoffers. Volgens
beveiligingsbedrijf Sophos werd in 2021 twee derde van de
bedrijven wereldwijd aangevallen met ransomware. De geëiste
losgeldbedragen variëren van een paar duizend euro tot
vele miljoenen. Maar het losgeld is slechts een fractie van de
totale kosten. Vaak gaat er werk verloren. Ook kan het weken
duren voordat een bedrijf weer volledig operationeel is. Dat
leidt tot productiviteitsverlies, misgelopen inkomsten en
reputatieschade.
24 March 2023
|
Report
:
Ransomware-ready?
Annual visual Ransomware 2023
This report gives a brief overview of all the ransomware-incidents reported to the National Cyber Security Centrum and the National Police. The focus is put on how ransomware incidents are reported, who the victims are, how organisations initially respond to them, who the victims are, and the broad variety of ransomware threats.
27 March 2024
|
Report
:
Jaarbeeld Ransomware 2023
Dynamic important for Ministry of Justice: increasing dependency on the digital domain and shift towards cybercrime
Analyses over the past years have made clear that many societal developments are being influenced by technology. This impacts the tasks and challenges for the Ministry of Justice. These technological developments include: increasing dependence on the digital domain and shifts in crime to the digital domain. Furthermore, extremist content is spread more easily and is more often on the forefront.
13 January 2023
|
Report
:
TechnologieAgenda JenV
Cyberthreats in the Dutch healthcare sector throughout 2023
This report titled "Cybersecurity Dreigingsbeeld voor de zorg 2023" by Stichting Z-CERT provides an overview of cybersecurity threats in the Dutch healthcare sector for 2023. It highlights the following key dangers: Ransomware, dataleaks (hacking), espionage, ransomware at distributor, DDoS at distributor, financial fraud, DDoS, and dataleaks (phishing). The report emphasizes the importance of cybersecurity measures like multifactor authentication and vigilance against evolving cyber threats. It also discusses the impact of generative AI in cyberattacks and the need for enhanced security protocols. Additionally, the document addresses the significance of collaboration between healthcare institutions and their suppliers to strengthen information security. Overall, the report underscores the critical need for robust cybersecurity practices to safeguard sensitive healthcare data and systems from malicious cyber activities.
21 March 2024
|
Report
:
Cybersecurity Dreigingsbeeld voor de Zorg 2023
Developments in cyber-dependent crimes
During the last 12 months, a number of developments pertaining to the dominant threats within the cyber-dependent crime threat landscape have emerged. Malware operators, especially those associated with ransomware affiliate programs, have improved their attack modi operandi and their malware functionalities. Mobile banking trojans have made a break-through thanks to the increasing number of users preferring to conduct their financial activities via mobile devices. Criminals also seem to have realised the increased impact that DDoS attacks have on their targets’ systems if there is a lack of physical alternatives, which has brought about a re- emergence of financially motivated DDoS attacks.
15 December 2021
|
Report
:
Internet Organised Crime Threat Assessment (IOCTA) 2021
Few Major Changes in the Dark Web threat landscape
With regard to the Dark Web, EU law enforcement agencies have reported few major changes in the threat landscape. While the infrastructure of Dark Web marketplaces has not changed drastically, several smaller developments that had already been taking place for some years have now become more commonplace
21 December 2021
|
Report
:
Internet Organised Crime Threat Assessment (IOCTA) 2021
Ransomware attacks still prove profitable
Despite technology enabling threat actors to become even more sophisticated, there are still active and evolving risks from tried and tested ransomware techniques. And there is consistency of ranking for the top targeted industries throughout Q3 of calendar year 2021,
with ransomware threat actors proving most successful against the manufacturing industry, followed by financial services, healthcare, technology and construction.
30 March 2022
|
Report
:
Cyber Threat Intelligence Report
Infostealers boost the malware market
Based on intrusion data Accenture collected from incident response engagements, the combined infostealer and credential stealer category made up approximately 10% of malware observed during intrusions in 2021
30 March 2022
|
Report
:
Cyber Threat Intelligence Report
Vulnerability exploits see high volume buying and selling
Accenture has observed a huge growth in the underground market for vulnerability exploits, especially for those that enable adversaries to gain unauthorized access to a corporate network. The ransomware and unauthorized network access markets almost certainly significantly affect exploit markets, as unauthorized network access is fundamental
to successful ransomware operations
30 March 2022
|
Report
:
Cyber Threat Intelligence Report
Cyber attacks by criminal actors: Use of ransomware as a means of extortion
It is increasingly observed that criminal actors use ransomware in such a way that they can put the victim under pressure to pay a ransom. The actors are mainly organizations that have the ability to pay larger amounts of money and / or for which business continuity and valuable unique data play an important role. Characteristic of the method is the extensive exploration of the company network. This allows the actor to estimate the value of the data and the damage to the victim and to place the ransomware in the most effective way. Based on that insight, the ransom demanded varies from a few tens of thousands to millions of euros. There seems to be an increase in ransomware attacks in which data is not only encrypted, but also copied. When an organization refused to pay the ransom, criminals in some cases published the data.
In early February 2020, cybersecurity experts published about new ransomware, called EKANS, which focuses on industrial control systems (ICS) and allegedly developed by criminals. These systems are used for, for example, drinking water and energy supply. The attack method is relatively simple, but the ransomware appears to be specially designed to attack ICS. EKANS's victims are likely to include Bahrain's state oil company and manufacturing companies. EKANS may be the first ICS-targeted ransomware to be the work of a criminal actor.
13 January 2021
|
Report
:
Cybersecuritybeeld Nederland
State actors and criminal actors respond to current events
Actors respond to current events, by:
- Responding to the Covid-19 pandemic. Soon after the outbreak of the Covid-19 pandemic, there were indications that actors were (opportunistically) abusing the situation to carry out "thematic" cyber attacks.
- Active abuse of various vulnerabilities: In 2019 and early 2020, active abuse of various vulnerabilities by state and criminal actors was observed. The AIVD and MIVD confirm that state actors have exploited vulnerabilities in Fortigate and Pulse secure VPN software. Therefore, the AIVD and MIVD have also advised companies and other organizations about measures. The vulnerabilities in Citrix ADC and Citrix Gateway servers were actively exploited by actors soon after the available exploit - which was published on January 9, 2020.
13 January 2021
|
Report
:
Cybersecuritybeeld Nederland
Increase in phishing via messaging apps such as SMS and Whatsapp
Phishing has for years been a common way for cyber criminals (among others) to attack targets, and it is again the most used - first step of an - attack method this year. Incidents show that criminals also use a new form of phishing, namely phishing via SMS (smishing) or via WhatsApp. They are also responding to an increasing use of apps for payment requests between private individuals via a messaging app. It cannot be ruled out that this technique is used more widely than just for fraud, for example for taking over accounts as a stepping stone for a larger attack. Other actors could also use this technique.
13 January 2021
|
Report
:
Cybersecuritybeeld Nederland
Digital application have been introduced in the Netherlands at a large scale, but privacy and security is not aways sufficiently ensured
The report states that, following the COVID-19 crisis, Dutch society has quickly embraced a wide suite of digital applications. One example given here is the usage of videoconferencing platforms, but also data leaks in government Corona-related mobile applications.
29 March 2021
|
Report
:
Advies ‘Naar structurele inzet van innovatieve toepassingen van nieuwe technologieën voor de cyberweerbaarheid van Nederland’
New technologies, whilst threatening on the short term, can enhance cyberresilience on the long term.
Quantum computing, Artificial intelligence and other upcoming technologies stand to change the world. In the short term quantum computing will undermine pre-quantum encryption drastically. AI can be applied to offensively detect and weaponize 0-days and attack systems. On the longer term, quantum encryption and automated 0-day patching can enhance resilience. These are just two concrete examples where these technologies will be in a position to enhance cyber security and resilience on the longer term.
29 March 2021
|
Report
:
Advies ‘Naar structurele inzet van innovatieve toepassingen van nieuwe technologieën voor de cyberweerbaarheid van Nederland’
Four cybersecurity risks to national security according to Cyber Security Assessment Netherlands 2021
A cyber incident affects digital processes and the functioning of technology. Moreover it affects the functioning of organisations and leads to social disruption. Cyber threats keep evolving as actors continue to develop and adapt. Government and riskmanagement are the instruments to resolve the cyber threat and resilience question.
8 September 2021
|
Report
:
Cyber Security Assessment Netherlands
The cybercriminal ecosystem
A description of the current cybercriminal mature economy. Specified trough cybercriminal service providers; dependent perpetrators and autonomous groups.
9 September 2021
|
Report
:
Cyber Security Assessment Netherlands
Ransomware as a solid revenue model and how to break the chain
Ransomware offers cybercriminals of all categories a solid and attractive revenue model. Cryptocurrencies offer ransomware attackers the opportunity to have the victim transfer money in a fast, irreversible and relatively anonymous way. Moreover, there is no monitoring of transactions and payouts, which makes it extremely attractive for criminal use. This revenue model was further strengthened by the Revenue-as-a-Service (RaaS) Phenomenon.
9 September 2021
|
Report
:
Cyber Security Assessment Netherlands
Risk management as instrument in boosting resilience
Experts point to major differences in resilience between and within sectors and chains. Organisations that seem to be in a better position have, in addition to taking basic measures, also focused on a risk-based way of working. There are a number of widely applicable basic principles that can also be applied by smaller organisations. It is ultimately up to public administrators and leaders of organisations, whether in the private sector, central government or politics, to manage risks. The concept of risk management is described in three processes. From the requirement of constant attention for risk, to the wide application of risk management and the commitment of directors to buy-in on risk management.
14 September 2021
|
Report
:
Cyber Security Assessment Netherlands
Criminals and criminal networks organising the importation and distribution of counterfeit goods in the EU
The following chapters will focus on the most recent developments and changes in online and offline intellectual property crime in the EU. They will focus on specific product sectors, such as clothes, accessories and luxury goods, electronic/electrical devices, mobile phones and components, food and drinks, perfumes and cosmetic products, pesticides, pharmaceutical products, piracy, tobacco products, toys and other commodities. Transversal issues will also be analysed, including physical and online market places, routes, financial dimension and money flows, new criminal opportunities and modus operandi in the context of the COVID-19 pandemic, crime enablers, links with other criminal activities and the impact of IP crime. Specific examples will be included to better illustrate the different types of crimes.
18 March 2022
|
Report
:
Intellectual Property Crime Threat Assessment 2022
Money laundering and money flows
The following chapters will focus on the most recent developments and changes in online and offline intellectual property crime in the EU. They will focus on specific product sectors, such as clothes, accessories and luxury goods, electronic/electrical devices, mobile phones and components, food and drinks, perfumes and cosmetic products, pesticides, pharmaceutical products, piracy, tobacco products, toys and other commodities. Transversal issues will also be analysed, including physical and online market places, routes, financial dimension and money flows, new criminal opportunities and modus operandi in the context of the COVID-19 pandemic, crime enablers, links with other criminal activities and the impact of IP crime. Specific examples will be included to better illustrate the different types of crimes.
18 March 2022
|
Report
:
Intellectual Property Crime Threat Assessment 2022
Vital infrastructure, including French hospitals, is key target of cybercriminals
According to the ANSSI (the French counterpart of the NCSC), one of the main challenges to cybersecurity in France is that there has been an increase in attacks on vital infrastructure, including on hospitals. This could have to do with the implementation of mandatory reporting, but should still be kept in mind. Furthermore, it is important to increase awareness about the existing threat level and to increase cyber resilience.
2 January 2023
|
Report
:
Cybersecurity can only be tackled in a holistic way
According to ANSSI, the French counterpart to the NCSC, there are various actions needed to make a country more cyber resilient. First, strengthen prevent and respons capacities. Second, one needs to be able to rely on private partners. Third, the EU Competence Centre for industry, technology and research should work together with national coordination centers to increase knowledge on key technologies. Lastly, we need to facilitate response incident support across EU borders.
2 January 2023
|
Report
:
Cybersecurity threats are increasing and attacks are becoming more sophisticated and complex
Every day we experience the consequences of malfunctioning, unsafe technology or its unsafe use. The consequences can be economic, social, societal, technical, legal and political. The threat from professional criminals and state actors in the cyber domain is increasing, while the attacks are also increasingly sophisticated and complex. In 2012, the damage to Dutch society from cybercrime was already estimated to be at least 10 billion euros annually. At the time, it concerned industrial espionage, fraud, extortion and phishing, among other things. However, the situation in 2020 is much more complex and urgent. The corona pandemic, and the accompanying massive teleworking, shows once again how great the dependence is on a secure and privacy-guaranteeing digital infrastructure for all citizens.
24 May 2021
|
Report
:
Dcypher: Nationale Cyber Security Educatie Agenda
QR codes are gaining popularity in the Netherlands, but users are still insufficiently aware of the security risks
63% of the Dutch indicate that QR codes make life easier in a "contactless" world. At the same time, 55% of the Dutch say they cannot tell the difference between a legitimate and malicious QR code. Moreover, the security of the mobile device is insufficient for a large part of the respondents, 43% have no security software installed, or do not know whether this is the case.
21 May 2021
|
External
:
Ik verwacht dat we binnenkort ook aanvallen zullen zien via QR-codes
Money laundering and criminal finances are the engines of organised crime
Economic and financial crimes are a highly complex and a significant threat affecting millions of individual EU citizens and thousands of companies in the EU every year. In addition: money laundering and criminal finances are the engines of organised crime, without them criminals would not be able to make use of the illicit profits they generate with the various serious and organised crime activities carried out in the EU. According to previous reports by Europol, 98.9% of estimated criminal profits are not confiscated and remain at the disposal of criminals.
Furthermore, the COVID-19 pandemic in Europe has provided ample evidence that criminals are quick to adapt their criminal schemes to changing conditions to exploit fears and vulnerabilities. Economic stimuli such as those proposed in the wake of the COVID-19 pandemic will be targeted by criminals seeking to defraud public funding. To effectively disrupt and deter criminals involved in serious and organised crime, law enforcement authorities need to follow the money trail as a regular part of their criminal investigations with the objective of seizing criminal profits.
22 June 2021
|
News
:
Europol Launches European Financial and Economic Crime Centre
Threats driven by Artificial Intelligence
The use of Artificial Intelligence poses threats to physical systems and in the future to the same extent to digital systems.
-The year 2021 should be a year in which AI is adopted on a large scale by companies
- By 2025, the market of AI software will be worth 37 billion dollers
13 May 2021
|
External
:
What are the cybersecurity trends for 2021?
Cybersecurity challenge: the attractiveness of the cloud infrastructure as a target will grow.
The increasing reliance on public cloud infrastructure will surge the risk of outages. Misconfiguration of cloud resources is still the number one cause for cloud attacks, but attacks aiming directly at the cloud services providers gaining popularity among hackers.
22 January 2021
|
Report
:
Emerging Trends
Criminals develop a more targeted style of phishing in The Netherlands
Researchers of Group-IB's CERT-team have recently discovered a new and technologically advanced phishing-campaign which has been employed widely throughout the Netherlands. The campaign was explicitly designed to avoid recognition and attention from cyber security experts. It is thus far more effective at reaching potential victims than traditional phishing campaigns. The fact that cybercriminals have begun adopting this method is a clear indication that the threat actors and their phishing campaigns are continuously evolving. Hence, it's really important to constantly study cybercriminals' TTPs.
17 September 2021
|
Report
:
RUNLIR - phishing campaign targeting Netherlands
AI creates new security responsibilities for protecting digital business initiatives
AI, and especially machine learning (ML), continues to automate and augment human decision making across a broad set of use cases in security and digital business. However, these technologies require security expertise to address three key challenges: Protect AI-powered digital business systems, leverage AI with packaged security products to enhance security defense and anticipate nefarious use of AI by attackers.
21 January 2021
|
Report
:
Gartner Top 9 Security and Risk Trends for 2020
Cybercrime risks are increasing, especially on the dark web
In this time of global lockdowns, and with an increasing part of our lives taking place via the internet, cybercrime risks are increasing. This is especially true for the dark web, with cryptocurrencies as the financial driver behind those crimes. With the invention of smart technologies, such as the Dark Web Monitor, world wide collaboration in research and innovation into the dark web and financial cybercrime is established.
With smart technology, such as the Dark Web Monitor, worldwide collaboration in research and innovation into the dark web and financial cybercrime, TNO and CFLW take the fight against cybercrime to the next level.
21 June 2021
|
News
:
TNO and CFLW: Together we Take the Fight Against Cybercrime to the Next Level
Evolutie van ransomware
De ontwikkeling van ransomware het laatste decennium wordt beschreven in deze tekst, evenals een verandering in doelwitten.
17 September 2021
|
Report
:
Whitepaper Ransomware
A sharp increase in cybercrime offences related to the COVID-19 pandemic
During the first weeks of the COVID-19 pandemic, a sharp increase in various cybercrime offences was noted. These offences include phishing and malware attacks, ransomware and an increase in the online distribution of child abuse material.
22 March 2021
|
Report
:
Beyond the Pandemic - Europol
A change in the nature of cybercrime and the modus operandi of cyber-attacks during the COVID-19 pandemic
The nature of cybercrime as well as the modus operandi of cyber-attacks evolved and changed during the COVID-19 pandemic. Phishing and malware attacks have become more sophisticated and complex. Also, the period between the infection of an electronic device with ransomware and the activation of the ransomware attack has shortened in order to maximise profits.
23 March 2021
|
Report
:
Beyond the Pandemic - Europol
An increase in the online distribution of child abuse material during the COVID-19 pandemic
An increase in the online distribution of child abuse material during the COVID-19 pandemic has been detected. Also there is an increase of conversations by potential offenders, talking about the increased accessibility and vulnerability of children due to isolation, less supervision and greater online exposure.
23 March 2021
|
Report
:
Beyond the Pandemic - Europol
An increase in COVID-19 related scams
During the COVID-19 pandemic, an increase is seen in the offering of counterfeit medical equipment by organised crime groups. Such counterfeit medical equipment ranges from face masks, disinfectants and sanitisers to fake Corona test kits and pharmaceuticals. These products have also led to an increase in the output of medical and sanitary waste.
23 March 2021
|
Report
:
Beyond the Pandemic - Europol
Trafficking of drugs during the COVID-19 pandemic has slowed down
The trafficking of cannabis, cocaine, and heroin has continued throughout the pandemic, albeit at lower levels than before. After the withdrawal of lockdown and quarantine measures across the EU, it is expected that regular supply will resume at pre-pandemic levels with little or no mid- or long-term impact.
23 March 2021
|
Report
:
Beyond the Pandemic - Europol
Migratory flows have slowed down during the COVID-19 pandemic
The influx of migrants towards Europe has slowed down due to the COVID-19 pandemic. Travel restrictions and lockdown measures have made it difficult for migrants to travel. A loosening of travel and movement restrictions is likely to result in an increase in the movements of irregular migrants as they have been largely unable to make further movements during the lockdown
23 March 2021
|
Report
:
Beyond the Pandemic - Europol
Cashless and online payment options are becoming more prevalent during the COVID-19 pandemic
Cashless payment options are becoming increasingly prevalent and online payment options, including cryptocurrencies, are increasingly accessible to all users in the wake of the COVID-19 pandemic. Cash is normally the preferred medium for criminal transactions. However, the importance of cash-intensive businesses are diminishing.
23 March 2021
|
Report
:
Beyond the Pandemic - Europol
Human trafficking is becoming more prevalent in the construction, tourism, catering, nursing and domestic services sectors
Sectors such as construction, tourism, catering, nursing and domestic services are increasingly affected by human trafficking. The traditional sectors where human trafficking is prevalent are prostitution, begging and theft, textile and agricultural sectors.
23 March 2021
|
Report
:
Beyond the Pandemic - Europol
AI for cyberseurity
Despite increasing investment in cybersecurity, most organisations are scarcely able to keep pace with the speed of developments and digital threats. A medium-sized company gets hundreds of thousands of alarms per day. Automating cybersecurity work is therefore a key solution for becoming and remaining resistant while only using limited human and financial resources. That is why the emphasis in this focal theme is on designing secure, automated and privacy-friendly systems and products, as well as on developing techniques for making systems and products more resilient and keeping them that way.
24 March 2022
|
Report
:
AI Toepassingen voor Veiligheid, Vrede en Recht
Data leaks within the healthcare sector
Security experts within the healthcare sector state that data breaches are the second biggest concern (after ransomware). Data breaches can have a variety of causes. In order to get a better understanding of this threat, Z-CERT asked health care institutions in which categories they had data breaches in 2021. Based on that, the following top 9 of data breaches was made: human mistakes, unauthorized access by employees, loss of hardware or paper, theft of hardware or paper, unauthorized external access, malware on user computers, use of stolen passwords and usernames, hacking of web applications and hacking of servers.
29 March 2022
|
Report
:
Cybersecurity Dreigingsbeeld Zorg 2021
Ten tips to prevent a ransomware attack
The ten most important measures to prevent ransomware attacks from happening or to limit the impact.
29 March 2022
|
Report
:
Cybersecurity Dreigingsbeeld Zorg 2021
Phishing and healthcare institutions
Experts consider phishing to have been a major problem for healthcare facilities in 2021. These institutions regularly received phishing emails that were not always stopped by spam filters. One third of the questioned healthcare institutions admitted successful attempts to steal user names and passwords. All in all, seventy sets of login data were stolen. This did not always lead to data leaks. One healthcare institution, for example, reported ten
phishing incidents within the year 2021, but none of these resulted into a data breach, thanks to the required multi-factor authentication.
29 March 2022
|
Report
:
Cybersecurity Dreigingsbeeld Zorg 2021
Cyber profiling
The FBI refer to profiling as ‘reverse engineering a crime’ - the process of analyzing a crime scene to build a picture of the criminal, ultimately leading to an arrest. Criminal profiling is used to describe an overarching approach to criminal investigation.
We can say criminal profiling consists of an analysis of behavior patterns that can
help predict several things about a person who has committed a crime:
1. Their personality traits
2. Their modus operandi
3. The motivation to commit the crime
4. Potential future steps
Why do criminologists employ profiling? The main goal is to not only understand the enemy, but also to reach an understanding that will allow preventative measures to be put into place.
30 June 2022
|
Report
:
Inside the Mind of the Enemy
How to use the cyber profile?
A profile provides answers to the four key questions:
1. What has the adversary been able to do?
2. What are their objectives?
3. Who are they?
4. What are they going to do next?
30 June 2022
|
Report
:
Tool Up your Threat Hunting Team
Distribution of counterfeit and substandard goods
The (online and offline) distribution of counterfeit and substandard personal protective equipment, pharmaceutical and sanitary products, including fake ‘corona home test kits’ and alleged vaccines preventing COVID-19 infection, remains a consistent pandemic-related criminal activity.
22 January 2021
|
Report
:
How Covid-19-related Crime Infected Europe During 2020
Deception in organised property crime
Various types of schemes involving deception have been adapted by criminals linked to organised property crime during the pandemic, including the well-known ‘grandchild’ or ‘nephew trick’.
22 January 2021
|
Report
:
How Covid-19-related Crime Infected Europe During 2020
Economic and financial crime are becoming less visible to law enforcement authorities
Economic and financial crime entail a relatively low risk of discovery and prosecution with the potential for high profits. Such activities are therefore attractive to organised crime groups (OCGs). However, the complexity of economic and financial crimes makes it difficult to law enforcement agencies to detect and investigate. Technological innovation and digitalisation have provided even more challenges for detection and investigation activities.
25 March 2021
|
Report
:
Enterprising Criminals
The number of fraud schemes is increasing
The number of fraud schemes targeting individuals, companies and the public sector is increasing. During the COVID-19 pandemic, criminals have shown that they can adapt fraud schemes to changing societal conditions, in order to exploit fears and vulnerabilities.
25 March 2021
|
Report
:
Enterprising Criminals
Financial technology (fintech) solutions are emerging as a new standard for customers to interact with financial services
Financial technology (fintech) has provided digital online solutions for customers to interact with financial service providers. This has resulted in a leap of usability and accessibility of financial services. However, fintech solutions also pose risks. Customers lack the technical knowledge and experience to use these services proficiently, which makes them vulnerable to cybercriminals. Cybercriminals deploy phishing techniques and malware to gain access to customer's accounts. Fintech has also weakened the know-your-customer (KYC) procedures for financial institutions, due to increased digitalisation and less direct customer interaction. The KYC procedures were put in place to prevent money laundering, tax fraud and illicit use of the financial system.
25 March 2021
|
Report
:
Enterprising Criminals
The dark web has provided a new platform for cybercriminals
The dark web has provided a platform for cybercriminals to exchange tools, expertise and contact details to orchestrate attacks and scams. This level of coordination is new and has resulted in more sophisticated attacks against targets in the EU.
25 March 2021
|
Report
:
Enterprising Criminals
Economic downturns create opportunities for crime
During economic downturns or recessions, individuals and companies make more use of unregulated financial services, investment fraud schemes flourish and criminals seek to obtain (governmental) economic stimuli. For example in the wake of the COVID-19 pandemic, criminals try to obtain public funding through the use of various methods, such as corruption.
25 March 2021
|
Report
:
Enterprising Criminals
The value and usage of intellectual property rights is expanding, providing new incentives for criminals
The value and usage of intellectual property rights continues to expand, providing growing incentives for criminals to exploit and infringe these rights. Therefore, organised crime groups (OCGs) are increasingly involved in criminal activities, such as the counterfeiting and piracy of goods. OCGs have adopted more sophisticated and complex modi operandi, facilitated by technological development and global distribution channels.
25 March 2021
|
Report
:
Enterprising Criminals
Intellectual property rights infringement causes considerable economic, environmental and health consequences
Criminal activities as counterfeiting and piracy, which are forms of intellectual property rights infringement, cause revenue loss for legitimate businesses. It also leads to job losses, hampering of innovation, consumer health and safety issues and environmental consequences. Common consumer items that are counterfeited or pirated include cosmetics, electronics, food and drinks, pharmaceuticals, spare vehicle parts and toys.
25 March 2021
|
Report
:
Enterprising Criminals
A growing number of online platforms and -applications makes it increasingly difficult for law enforcement agencies to detect money laundering schemes
The expanding number of online platforms and -applications offer new ways of transferring money online. These platforms are not always regulated in the same way as traditional financial service providers. Consequently, these platforms make it increasingly difficult for law enforcement agencies to conduct money laundering investigations. Lastly, money laundering services are provided by organised crime groups themselves or are outsourced as a 'crime as a service'.
30 March 2021
|
Report
:
Enterprising Criminals
Ransomware threat actors increasingly innovate their technology and criminal modus operandi
Ransomware attacks launched throughout 2020 magnified the suffering of an already wary population. As the pandemic ravaged lives and livelihoods, so did a host of ransomware families, whose efforts did not stop targeting the health and education sectors, even as hospitals became COVID-19 battlegrounds and schools struggled to invent an entirely new way to teach children through March and beyond. Ransomware operators pioneered new ways to evade endpoint security products, spread rapidly, and even came up with a solution to the problem (from their perspective) of targeted individuals or companies having good backups, securely stored where the ransomware couldn’t harm them.
13 May 2021
|
Report
:
Sophos 2021 Threat Report
Data theft creates a secondary extortion market
More ransomware groups now engage in data theft so they may threaten targets with extortion over the release of sensitive private data. As a countermeasure to their victims’ preparedness, several ransomware families picked up on a side hustle designed to increase pressure on their victims to pay the ransom – even if every backup with
essential data was safe. Not only would they hold the machines hostage, but they would steal the data on those machines and threaten to release it to the world if the targets fail to pay a bounty.
13 May 2021
|
Report
:
Sophos 2021 Threat Report
Ransoms rise as attacks increase
As ransom groups put more effort into active attacks against larger organizations, the ransoms they demand have risen precipitously. In just the past quarter, the average ransom payout has risen by 21%. Ransomware comes in weight classes, now: heavyweights that attack large enterprise networks, welterweights that target civil society (public safety and local government) and small-to-medium businesses, and featherweights that target individual computers and home users. While earning the dubious distinction of being the heaviest heavyweight sounds impressive, it isn’t fair to compare high ransom demands to those that originate from the lower end of the ransomware spectrum. Ransomware heavyweights are the primary driving factor in the demand for sky-high ransoms.
13 May 2021
|
Report
:
Sophos 2021 Threat Report
Increased collaboration between ransomware threat actors
Distinct threat actor groups that engage in ransomware attacks appear to be collaborating
more closely with their peers in the criminal underground, behaving more like cybercrime cartels than independent groups. What appeared to be a wide variety of ransomware may not be as wide as it seems. As time went on, and we investigated an increasing number of attacks, Sophos analysts discovered that some ransomware code appeared to have been shared across families, and some of the ransomware groups appeared to work in collaboration more than in competition with one another.
13 May 2021
|
Report
:
Sophos 2021 Threat Report
Increase in attacks targeting Windows & Linux servers
Server platforms running both Windows and Linux have been heavily targeted for attack, and leveraged to attack organizations from within. The majority of attacks targeting servers fit one of three profiles – ransomware, cryptominers and data exfiltration – each of which has a corresponding, distinct set of tactics and techniques the attackers employ. These characteristics won’t change in 2021 and Sophos anticipates the volume of attacks targeting servers will continue to increase.
13 May 2021
|
Report
:
Sophos 2021 Threat Report
Do not underestimate commodity malware
Even low-end "commodity" malware can lead to major breaches, as more malware families branch out into becoming "content distribution networks" for other malware. Don’t let the fact that malware families are merely ordinary lull you into a false sense of security.
These malicious workhorses can cause huge problems if allowed to persist.
- One of the most common malware types is the loader.
- Remote Access Trojans, or RATs, and infostealers are among the oldest forms of malware.
- Trickbot has been a persistent nuisance malware for at least four years.
13 May 2021
|
Report
:
Sophos 2021 Threat Report
RDP is the #1 attack vector for ransomware
The Windows Remote Desktop Protocol, or RDP, is a standard service available in all current versions of Windows. With very little effort, RDP allows IT admins or computer users the ability to log in to a computer when not physically in the presence of that computer, which can be great in the case of a pandemic where everyone is suddenly forced to work from home. Unfortunately, for the past three years, ransomware threat
actors have been abusing (at an accelerating rate) that same remote access platform as a way to gain a foothold and cause large-scale damage to enterprises, earning them an increasingly large payday from targeted organizations. The impact of the COVID-19 lockdown era has only exacerbated the problem, as increasing numbers of organizations and workers are forced by circumstances to rely upon RDP in order to remain operational.
13 May 2021
|
Report
:
Sophos 2021 Threat Report
BEC scammers are on the prowl in the distributed work ennvironment
BEC scams existed prior to the COVID-19 era, but as more people are working remotely, BEC scammers are on the prowl. Back when most of us were working in offices, physical proximity between the target and subject would have made the scam immediately apparent. But our current distributed work environment, where both the executive and employee are unlikely to be in the same physical proximity, reduces the opportunities for people to just walk over to someone’s desk and ask them to confirm the request. As an attack against the better nature of people who just want to be helpful and supportive, it is a particularly offensive type of scam.
13 May 2021
|
Report
:
Sophos 2021 Threat Report
Increased use of old bug 'VelvetSweatshop'
When it comes to malicious office documents (maldocs) and the exploits they attempt to deploy, what’s old is often used again and again, goes away after Microsoft produces an update, and then (sometimes) resurfaces. Newly-disclosed vulnerabilities often find favor among the criminals who use maldocs as a stepping stone to deliver a malware payload, because not everyone installs patches right away, and it sometimes takes a bit of time for security companies to craft an effective “safety net” defense, based on behavior or other characteristics of a novel vector. Most of the maldocs we’ve seen throughout the past year have been constructed using tools called builders that give attackers a literal point-and-click menu system that lets them decide exactly what exploit(s) to craft into the malicious document. As endpoint protection tools get better at identifying these more modern exploits, which usually involve a script that has been embedded into the document, maldoc creators seem to have dug deep to find a very, very old bug that helps conceal the macros or other malicious content in the documents. The bug is colloquially known as the VelvetSweatshop.
13 May 2021
|
Report
:
Sophos 2021 Threat Report
Home is the new network perimeter
Working from home presents new challenges, expanding an organization's security perimeter to thousands of home networks protected by widely varying levels of security.
As workplace perimeters stretch and expand to encompass big portions of the workforce in their remote locations, circumstances have enhanced the seriousness with which we view home networks’ role as the last line of defense. The modem in the hall closet is now the network perimeter. We need a complete rethink of how to provide that structure with defense in depth.
13 May 2021
|
Report
:
Sophos 2021 Threat Report
Crimeware as a service
The term “crimeware” is intentionally broad; some creators of malware, or of the tools that enable malware to be delivered with ease or to enhance it with new features, don’t sell their product outright, but license it as you might buy a one-year license for the Adobe Creative Suite. We’ve called this class of business model “crimeware-as-a-service,” (CaaS) and it seems poised to be the new normal. One of the more notorious examples of a CaaS malware is Emotet. Dharma ransomware is another CaaS malware of note. As attackers branch out into specialties and sub-specialties, it seems the business model in which
criminals work with independent contractors, freelancers and affiliates is one that doesn’t seem to be going away anytime soon.
13 May 2021
|
Report
:
Sophos 2021 Threat Report
Increase in scams abetted by spam email during COVID-19
The lockdowns across the world were accompanied by a flood of scams abetted by spam email. In the best of times, the most effective spam campaigns introduce a sense of urgency to demands that the recipient act on the message. This is a well-known psychological trick, because if you take a couple of moments to think about the contents of the spam message, you’ll probably realize it’s a fake. If the spammer triggers a
fear reaction, you act before you think, and you get snared in the trap. COVID-19 already had everyone on a hair trigger, so spammers didn’t even have to try particularly hard.
13 May 2021
|
Report
:
Sophos 2021 Threat Report
Remote work raises the importance of secure cloud computing
The overprovisioning of access permissions, limited visibility of assets and resources in the cloud and a lack of auditing, can all make cloud environments more vulnerable to cyberthreats and malware is about as bad in the cloud as it is everywhere else. For instance, cryptojacking is a growing problem in the cloud. Further, many dispersed, remote workforces have been hit by ransomware attacks, where criminals locked down the cloud infrastructure the same way they targeted physical machines.
the majority of security incidents involving cloud computing came down to two primary root causes: stolen or phished credentials, or misconfigurations that led to breaches. Seven out of ten of the more than 3,700 IT professionals surveyed for the report claimed that the cloud infrastructure they support had experienced a breach in the 12 months
prior.
13 May 2021
|
Report
:
Sophos 2021 Threat Report
Android Joker malware growing in volume
Android users find themselves in the middle of an arms race between Google (which owns the Android platform and its primary Google Play Store) and malware creators who want their malware listed for download on the Google Play Store. Google has spent years on a system designed to inspect source code of Android apps submitted for inclusion in the Google Play Store, in search of chunks of code that indicate a malicious intent or an undesirable outcome for an Android user. Malware app developers have had to work
hard to evade the Google Play Store code checks. Joker, aka Bread, is a premium SMS and billing fraud app, one of the more successful examples of a malware family that has evolved to evade these code checks. Google has removed thousands of these
Joker-modified malicious apps from the Google Play Store since last year, when researchers first discovered it. Despite the amount of effort put in to getting rid of the malware, Joker keeps bouncing back.
13 May 2021
|
Report
:
Sophos 2021 Threat Report
Ads & PUAs increasingly indistinguishable from malware
Malicious advertisements (malvertising) remain a major source of threats to a range of devices. Two current trends in malvertising threats that fall outside the realm of malware attacks include technical support scams using “browser locking” web pages, and ads targeting mobile devices that are linked to fraudulent or “fleeceware” apps. Sophos classifies these as “fake alert” attacks—malvertisements that attempt to scare their targets into taking an action that will enrich the scammers behind them.
13 May 2021
|
Report
:
Sophos 2021 Threat Report
Criminal abuse of security tools
The information security community has defined the style of attacks that involve very little or no malware, but instead harness the existing components of the operating system or popular software packages, as living-off-the-land (LOL). While the use of LOLscripts and reverse shells wasn’t new the past year, in 2020 they became a ubiquitous
element of complex, manually operated ransomware break-in attacks. In fact, both the quantity and variety of the attack tools we observed during attacks seemed to increase.
Software originally designed for the “red team” segment of the industry comprises the bring your own attack method. Attackers, in this case, deploy and use off-the-shelf security tools that are commonly used by network administrators and penetration testers. These include tools such as Cobalt Strike and elements of the Metasploit framework, designed for use in security assessments and technical tests.
13 May 2021
|
Report
:
Sophos 2021 Threat Report
It is predicted that ransomware attacks will intensify in 2021
Through collaborative partnerships among hackers, ransomware attacks will increase in scale and scope. Hackers are not just threatening your data, they are threatening to disclose or sell it. During the COVID-19 pandemic the attacks on businesses are expected to intensify.
11 June 2021
|
External
:
Top 9 Cybersecurity Trends To Watch Out For In 2021
5 must-have protections for a secure remote workforce
Now global work goes remote digital threats appear, for instance trough unintentional errors or increase of cyberattacks. Below five must-have protections are pointed out by Check Point to secure your remote workplace. The importance of securing remote users cannot be understated. The business is only truly protected when its users are, as most attacks start at the weakest link – the user.
17 September 2021
|
Report
:
The Ultimate Guide to Remote Workforce Security
Zero Trust policy as a solution for Cybersecurity within organizations
Due to Covid-19, many people were forced to start working from home in early 2020. This growing mobile workforce coupled with companies’ increasing reliance on cloud storage and third-party software has put data security at its greatest risk to date. These factors have also made it more and more difficult to define the network perimeter and apply appropriate protections. Yet regardless of the amount of money and resources a company puts into implementing cybersecurity measures, the human factor always has the potential to unravel everything. This is why the Zero Trust model and cybersecurity consulting can bring people and companies into the new era of security.
17 September 2021
|
Report
:
The Easy First Step to Starting Your Zero Trust Journey
An increase and shift in ransomware attacks
Going into 2019, many ransomware operators shifted their focus from ordinary users to companies, government agencies, and other victims that would help them pocket more money. This shift and parties currently most attacked by ransomware are discussed in the snippet. Furthermore is a description of the ransomware market both criminal to criminal and criminal to corporations.
20 September 2021
|
Report
:
Hi-Tech Crime Trends 2020/2021
The increasing importance of cloud security for enterprises
In this coming decade, digital transformation is set to increase across all industries. This necessitates a secure cloud-based IT system. To establish such a system, it is imperative to set up a robust cloud security strategy which is woven throughout the enterprise. Three key elements are necessary to build such a system; in-built security, a data-centric and automation-first framework, and a holistic approach.
22 September 2021
|
Report
:
Envisioning Security for a Cloud-First Approach
Increase in cyber crimes in society requires municipalities to make cybersecurity a key topic
Vulnerabilities and threats in the digital domain are increasing, with far-reaching consequences in society. Given the current developments, an administrative focus on only the information security of the municipality is no longer. Data leaks, digital disruptions, incidents and digital crimes are a daily reality. Such incidents show that (digital) disruptions also have disruptive effects elsewhere. Digital disruption; everyone gets it on his or her plate. Directors therefore are not only confronted with one's own business operations, but also with digital crime and digital incidents in society. It makes the theme of "digital security" one theme that periodically belongs on the management table and is no longer just a business management issue.
19 May 2021
|
Report
:
Agenda Digitale Veiligheid 2020 – 2024
Increase in administrative awareness of cybersecurity
The administrative awareness of cybersecurity has increased. However, increasing the level of knowledge about digital security is not only necessary for directors but also for the entire municipality and its citizens.
19 May 2021
|
Report
:
Agenda Digitale Veiligheid 2020 – 2024
The development of a resilient organization
Identifying and dealing with incidents is of the utmost importance to act appropriately and expeditiously when the municipality is confronted with internal or external threats. This requires a shift in the emphasis of the security measures from making the 'protective walls' higher and higher towards the capacity to act resiliently.
19 May 2021
|
Report
:
Agenda Digitale Veiligheid 2020 – 2024
There is a need to practice with digital emergency scenarios in preparation for actual incidents within municipalities
Analogue alternatives and backup systems are slowly disappearing. As a result, society's dependence on digital networks has grown to such an extent that damage can lead to digital disruption. Although in many cases the impact of digital incidents and crises is limited to one's own business operations, they can also have consequences for the physical environment. Therefore, the need to practice with digital emergency scenarios in preparation for actual incidents should be an integral part of every municipality's business continuity plan.
19 May 2021
|
Report
:
Agenda Digitale Veiligheid 2020 – 2024
Administrative powers in the field of public order and security are not always applicable to cybersecurity
Administrative powers in the field of public order and security are not always properly applicable to cybersecurity, partly because these powers are based on the physical world. Various educational institutions are currently investigating digital interventions and the application of administrative powers. Fundamental issues play a role in the application of offline powers to online issues, such as the infringement of fundamental rights in (preventive) intervention or cross-border powers. At the moment there is limited support from the law and developments around legislation are time consuming. At the same time, the application of offline powers to online issues does require a willingness to take administrative action to act within the current powers and social responsibility when digital incidents occur.
19 May 2021
|
Report
:
Agenda Digitale Veiligheid 2020 – 2024
The cyber resilience of local chain cooperation structures is not guaranteed
In a network society, every organization does not stand alone. Dependencies have arisen in chains and networks and organizational processes and information systems have become intertwined. Municipalities are transferring more and more (executive) tasks to other organizations, with the result that information (systems) and data are spread more over these chains. At the same time, each organization in the chain collaboration or partnership is independently responsible for information security and business continuity. Each organization makes considerations based on interests, risks and available resources. Organizations also use different frameworks of standards and there are differences in legal responsibilities. It goes without saying that differences in maturity will arise between these chain partners and the digital resilience of local cooperation structures is not guaranteed. The challenge lies mainly in exploring the interfaces, mutual dependencies and associated risks in the chain. Determining chain dependencies, followed by joint risk assessments provides guidance in the prioritizing and planning measures.
19 May 2021
|
Report
:
Agenda Digitale Veiligheid 2020 – 2024
Lack of awareness of information security risks
Organizations depend on information to perform their core activities. The amount of information we process has grown enormously over the past decades. Due to the possibilities offered by ICT resources, we have also started linking more information. This has also made information processing more complex. Information and ICT are now inextricably linked. Organizations are not always sufficiently aware of what that information is worth to themselves, but certainly also to malicious parties. Lack of this insight means that organizations pay too little attention to knowing and managing the risks that arise when working with their information. They focus on technical security tools and the technical side of digital attacks, but focus too little on the value and importance of our information.
24 May 2021
|
Report
:
Risico’s beheersen: de waarde van informatie als uitgangspunt
The rapid development of IoT presents a number of challenges
The rapid development of IoT presents a number of challenges. These include:
-Security threats: enterprises have been building vast interconnected ecosystems for some time now, but only 29 percent of business and IT executives report that they’re confident that their ecosystems are secure
-Privacy issues: devices in your house gather a lot of information. What happens if this
data is improperly shared or misused?;
-Identity management: how can a platform be sure that a machine truly is who it says it
is?
-The standardisation of API platforms / IoT protocols: some of them are closed; some slightly more open.
28 May 2021
|
External
:
Technology Trend Report 2020
Quantum computing poses a fundamental cybersecurity threat
While the focus tends to be on the positive impact QC might have, the technology poses a fundamental threat, too: It has the power to break cryptographic keys in an extremely efficient way. This could expose businesses and governments to major cybersecurity threats, and potentially cause complete mayhem. Hence, the first thing the world needs to focus on, is making encryption methods entirely quantum-proof.
28 May 2021
|
External
:
Technology Trend Report 2020
CEO fraud has been going on for decades, but attacks are becoming more sophisticated
CEO fraud is a form of financial economic crime that has been going on for decades. Yet today it is the order of the day and employees are being tricked into making false payments in increasingly sophisticated ways. Before the theft, extensive research is often carried out into the victim and his or her organization. CEO fraud is one of the most common forms of internet crime. The consequences are often large and irreversible, both for the victim and financial and image damage to the organization. CEO fraud is often labeled as impossible and incomprehensible by outsiders. People hardly dare to talk about it when it has happened to them, stories are not shared or are shared anonymously. CEOs don't understand: how can this happen in their organization? Yet they themselves often pose the greatest danger. Organizations that are confronted with CEO fraud are often internationally oriented, involving several management layers and where hierarchy plays a major role. This presents problems, but just as many opportunities to stimulate desired behavior (preventively) and to counteract the danger.
9 June 2021
|
Report
:
Het Grootste Gevaar voor CEO-Fraude Vormt u Zelf
Openness in the digital world has consequences for the vulnerability of accounts with increased rights and privileges
Due to all kinds of (technological) developments, openness in the digital world is increasing and this has consequences for the vulnerability of accounts with increased rights and privileges. In particular, the attractiveness for cybercriminals to hack into these accounts is increasing. The challenge specifically focuses on the balance between adequately securing this type of account and workability.
14 June 2021
|
Report
:
De toekomst van IAM
New remote work model heightens security risks organisations
In the age of Covid-19 there was a rise of the remote working culture, rapid digital transformation and shift to the cloud, hereby risks occurred. These strongly increased cyber security risks are explained by three components as described below.
15 September 2021
|
Report
:
Cyber Security Best Practices in the Age of the Coronavirus
Hoe is Attack Surface Management toepasbaar?
Hieronder wordt beschreven hoe de technische aspecten die meegewogen worden in de Gemeentelijke Gemeenschappelijke Infrastructuur (GGI) verbeterd kunnen worden. Er is een plek waar alle factoren samensmelten: De digitale ontwikkelingen; de noodzaak om aan de regelgeving te voldoen; en het kunnen voorkomen van digitale aanvallen
– allen komen ze samen in het digitale aanvalsoppervlak van de gemeente. Attack Surface Management (ASM) biedt een methode om dit in kaart te brengen en te managen, maar hoe dit toe te passen.
15 September 2021
|
Report
:
BIO en GGI-Veilig
Prediction of trends in the ransomware threat landscape
Based on Group-IB’s observations of the ransomware threat landscape, our experts have compiled the following list of eight trends that the world should look out for in the coming year.
17 September 2021
|
Report
:
Ransomware Uncovered 2020/2021
CISO's guide to ransomware prevention in 5 minutes
This e-book describes what actions to undertake to prevent a ransomware attack. On top of that it presents how to respond after an ransomware attack has taken place. Furthermore solutions are presented to help your organisation against ransomware attacks.
3 November 2021
|
Report
:
Ransomware Prevention in 5 Minutes [eBook]
Hacking a city; who are the stakeholders?
In the E-guide ''This is how you hack a city'', the municipality of The Hague and Cybersprint outline what it takes for an organization to prepare itself to continuously improve digital security and how to involve hackers in the process. Working on cybersecurity also means working with various internal and external stakeholders.
17 November 2021
|
Report
:
E-Guide: Zo Hack Je Een Stad
Hacking a city; organizational readiness
In the E-guide ''This is how you hack a city'', the municipality of The Hague and Cybersprint outline what it takes to prepare your organization to continuously improve digital security and how to involve hackers in the process. There are various tools to prepare an organization to implement adequate digital security policies and thus work on their organizational readiness.
17 November 2021
|
Report
:
E-Guide: Zo Hack Je Een Stad
Digital identity and the need for an active government
A trusted digital identity, to which a number of verified attributes or claims are attached,
such as a name, BSN or proof that you are over 18, offers great added value and ease of use in doing digital business with each other. To realize plans around digital identity, the Dutch government will have to change course. The developments in the market and at the European level demand a more active government role in creating trust in a digital identity, enabling careful identification, reliable authentication and controlled authorization in a collaborative system.
22 December 2021
|
Report
:
Digitale Identiteit en de Noodzaak van een Actieve Overheidsrol
Good preparation is essential to cyber resilience
The odds of an organization being affected by a cyber incident are 1 in 8. But preparing for and practicing a cyber crisis is hardly done. "Good preparation is essential to limiting the damage" states Job Kuijpers, CEO at EYE Security. Organizations often discover a cyber incident too late. At that point, something is already wrong; a lot of money has disappeared, data has been stolen or all systems have been locked down by ransomware. That is the moment when processes come to a standstill and it becomes clear that an organization has been affected.
28 January 2022
|
News
:
Cyberaanvallen: ‘Een crisismanager moet inhoudelijk snappen waar het over gaat’
Defending enterprises against modern cybercriminals — who are plentiful, well-resourced, persistent and endlessly inventive — has never been an easy task.
Today’s enterprise security programs face formidable challenges.As technologies evolve and increase in complexity, the attack surface continues to grow while head counts remain stagnant. It’s no easier to find, hire and retain talented cybersecurity professionals than it was a few years ago. This means that security leaders must find ways to accomplish more with the same number of people. The only way to achieve this aim consistently is to work smarter and not harder. Security programs must rely on intelligence that can guide them in applying their efforts where they’ll have then biggest impact. With access to the right intelligence sources—timely, relevant, in context and presented in a manner that makes
them easy to understand and use to drive action—it will finally be possible for security teams to gain the upper hand over attackers.
23 March 2022
|
Report
:
Top Five Areas Where Intelligence Bolsters Your Security
Georganiseerde misdaad trends in Amsterdam
Within organized crime, drugs and money laundering are common offences. Europol recently noted that drug trafficking dominated within criminal networks. Both in terms of the number of criminals active within this domain, as well as in terms of the large sums of money they make with the production, trafficking and distribution of the drugs. In addition, a lot of violence within organized crime is related to the drugs trade. Police employees say that criminals are now using more violence than ever before, which is worrying.
20 April 2022
|
Report
:
Trendbeeld Eenheid Amsterdam: Politiewerk in onrustige tijden
Trendbeeld cybercriminaliteit en digitalisering
The physical and digital worlds are overlapping more strongly due to the pandemic. According to the National Cybersecurity Center (NCSC) the pandemic has permanently changed the digital landscape. Cybercrime took a major flight. New developments within the digital domain follow each other in rapid succession. There is an increasing pressure on the government to fulfill its role within the digital domain. Experts warn that a solid approach to cybercrime can no longer be put off. Traditional forms of crimes are getting more digital, therefore a transformation is needed within the police force.
20 April 2022
|
Report
:
Trendbeeld Eenheid Amsterdam: Politiewerk in onrustige tijden
Cyberweerbaar NL is developing a cyber incident monitor
Cyberweerbaar NL is developing a Cyber Crisis Monitor to improve cyber resilience by learning from cyber incidents. The monitor will register incidents and share key lessons learned by participating organisations. It will focus on behavioural and organisational factors that contribute to the occurrence or resolution of cyber incidents.
The project is funded by the SPRONG Grant, awarded by the SIA Directorate to The Hague University of Applied Sciences (THUAS), Saxion, NHL Stenden University of Applied Sciences, and a large consortium of societal partners. The grant aims to enhance cooperation in the field of cyber resilience over the next eight years.
Security Delta (HSD) is contributing to this consortium for approximately two years with 60 project hours per year. HSD has written a memorandum about the success factors of the Cyber Crisis Monitor and has made several connections. The success of the monitor depends on the willingness of organisations and participants to report and upload information about incidents.
21 March 2024
|
News
:
Development Cyber Crisis Monitor: Learning from Cyber Incidents
The critical need for robust security measures in both hardware and software to protect embedded devices from evolving cyber threats.
This document delves into the critical importance of embedded software security in the evolving technological landscape. Here is a summary of the key points discussed in the report:
- Significance of Embedded Software Security: Embedded software plays a crucial role in various devices, systems, and applications, necessitating robust security measures to combat emerging threats.
- Hardware Security: Emphasis on embedding security features directly into hardware components to enhance system resilience against physical tampering and unauthorized access.
- Software Security: Importance of secure coding practices, robust software security measures, and the integration of defensive programming techniques to prevent attacks.
- IoT Ecosystem Security: Highlighting the need for safeguarding IoT devices through encryption, secure communication, and protection against reverse engineering and potential exploits.
- Cyber Attack Resilience: Strategies and technologies to enhance the security of embedded systems against evolving cyber threats, including the adoption of open source software, timely updates, and cryptographic protocols.
- Legislative Measures: Discussion on upcoming legislation like the National Cybersecurity Strategy and the NIST Secure Software Development Framework to enforce security standards and accountability.
- Future Outlook: Anticipation of increased use of AI and ML in IoT devices, the importance of binary transformation technologies, and the role of security solutions like Emproof Nyx in fortifying embedded device security.
Overall, the report underscores the critical need for proactive security measures, the integration of advanced technologies, and adherence to regulatory frameworks to safeguard embedded devices against sophisticated cyber threats in 2024 and beyond.
27 March 2024
|
External
:
Embedded software security: 2024 and beyond
The importance of protecting OT against cyberthreats
Operational Technology (OT) refers to the automation of physical processes. This is different from Information Technology (IT), which is about the automation of information. The resilience of OT against cyberthreats is, and always has been, very low. This was no huge issue in the past, as OT mainly included technology that required physical access. However, with the increasing interconnectedness between OT en IT, OT becomes digitally accessible. Cyberthreats therefore start to pose an increasing risk to OT. Effective drivers for organisations to take action are rules and regulations. Among them is the NIS2 regulation, which forces organisations to implement cybersecurity in OT by applying fines.
23 September 2024
|
Report
:
Understanding OT Security
Two drivers that increase cybersecurity compliance for Operational Technology (OT)
The resilience against cyberthreats in Operational Technology (OT) is very low. There are two main ways to increase cybersecurity compliance in OT-organisations:
1. By implementing rules and regulations, such as NIS2, organisations have to take responsibility in OT cybersecurity. For instance, through applying fines.
2. By providing to possibility to reduce cyber insurance premiums, organisations are incentivised to increase their cybersecurity efforts.
23 September 2024
|
Report
:
Understanding OT Security
There is a lack of OT security specialists
There is a growing demand for Operational Technology (OT) security specialists. While there are globally 156.000 specialists for Information Technology (IT), there are only 4000 specialists for OT. The gap is growing since universities barely provide specific OT security education and because it is difficult to find IT specialists that want to adapt to OT security. To increase the supply of OT security specialists, it might be effective to train OT engineers in the field of cyber security.
23 September 2024
|
Report
:
Understanding OT Security
Increased cooperation within the healthcare sector creates cybersecurity risks
cooperation creates openness in a chain by exchanging (sensitive) data. And the weakest link in a chain creates increased security risks throughout the chain. These risks can be specifically traced back to an increased risk of data leaks and cyber attacks. For example, ICT facilities such as chat and video, customer portals and medical equipment (sensors in combination with self-measuring instruments) often use the internet over which sensitive data is exchanged between specialists and clients. In addition, clients are often not aware of the security risks. An additional issue is that there is a great variety of medical equipment that does not always meet the security requirements. In addition, location independence and self-reliance also increase the risk of data breaches and misuse by cybercriminals and malicious employees.
14 June 2021
|
Report
:
Identity & Access Management voor de Zorg
Control your digital risks with Attack Surface Management
Your attack surface is the sum of all external facing online assets related to your brand. These can be abused by malicious actors to carry out an attack. It’s vital to know what is in your attack surface, so you understand what you need to protect – and how.
28 October 2021
|
Report
:
Attack Surface Management
Nieuwe technologieën zetten onze digitale soevereiniteit onder druk
De Cyber Security Raad (CSR) vierde afgelopen jaar zijn tienjarig-jubileum. De raad
brengt vanuit het publieke, private en wetenschappelijke perspectief advies uit over de maatschappelijke vraagstukken die de digitalisering met zich meebrengt, waaronder het
CSR Adviesrapport ‘Integrale aanpak cyberweerbaarheid’, een belangrijk advies voor het
nieuwe kabinet voor een open, (digitaal) veilige en welvarende samenleving. In dit
gesprek blikken covoorzitters Pieter-Jaap Aalbersberg en Sylvia van Es samen met
wetenschapper Michel van Eeten terug op het afgelopen decennium en kijken ze samen
vooruit naar welke rol de raad in de toekomst moet spelen.
21 March 2022
|
Report
:
Cyber Security Raad Magazine
Op zoek naar gelijkgestemden
De Cyber Security Raad (CSR) vierde afgelopen jaar zijn tienjarig-jubileum. De raad
brengt vanuit het publieke, private en wetenschappelijke perspectief advies uit over de maatschappelijke vraagstukken die de digitalisering met zich meebrengt, waaronder het
CSR Adviesrapport ‘Integrale aanpak cyberweerbaarheid’, een belangrijk advies voor het
nieuwe kabinet voor een open, (digitaal) veilige en welvarende samenleving. In dit
gesprek blikken covoorzitters Pieter-Jaap Aalbersberg en Sylvia van Es samen met
wetenschapper Michel van Eeten terug op het afgelopen decennium en kijken ze samen
vooruit naar welke rol de raad in de toekomst moet spelen.
21 March 2022
|
Report
:
Cyber Security Raad Magazine
The cybersecurity skills gap continues to grow
The number of unfilled cybersecurity jobs will increase from just 1 million in 2014 to 3.5 million in 2020. This deficit of skills is likely to become a growing matter of public concern during the early part of this new decade. The threats we face in cyberspace today will only become more intense unless there are sufficient people with the skills to counter them coming through the pipeline. Without investing in training existing staff on how to prevent or mitigate cyberattacks in their field, as well as hiring experts with the skills to spot new threats on the horizon, industry stands to lose hundreds of millions of dollars.
25 May 2021
|
External
:
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
Het belang van sterke wachtwoorden
Everyone has difficulties with coming up with strong passwords. And with good reason, as we have more and more accounts for both business and personal use, and the requirements for a strong password seem to get stricter and stricter. But these strict requirements are there for a good reason!
The Question
Passwords are the access to your email, your digital workplace and all your accounts online and therefore a favorite target of criminals. Which is why Awareways have asked 40.000 people in various organizations (and across several of our ongoing security awareness programs) if they find coming up with passwords difficult.
They have divided them into small-, mid-size and large entities according to the number of employees (2.500, respectively). Overall, 47.3 % in small organizations found it difficult, while as much as 61.1% in large organizations admitted to finding it tough as well. Mid-sized organizations were in the middle with 52.1%. What’s the logic behind these numbers?
The Answer
Well, large organizations usually have more apps and infrastructure, and require more authentications, making password management all the more complex.
Employees in small organizations meanwhile are more used to coming up with passwords, because they lack such facilities, and thus have more ‘practice’. Or, if we’re taking a more cynical approach, the requirements for strong passwords haven’t permeated to small organizations. They can come up with easy-to-remember ones, and have less difficulties.
Whatever the reasons, any organization should be aware of the risks of weak passwords, and offer their employees both guidance and help in keeping their credentials safe.
11 May 2023
|
News
:
Strong passwords – difficult to think of, difficult to crack
Artificial intelligence (AI) will play an increasing role in both cyber-attack and defense
AI is the new arms race, but unlike earlier arms races, anyone can get involved – there’s no need for the sort of resources that were previously only available to governments. This means that while AI is undoubtedly being researched and developed as a means of crippling an enemy state’s civil and defense infrastructure during war, it’s also easily deployable by criminal gangs and terrorist organizations. So rather than between nations, today’s race is between hackers, crackers, phishers and data thieves, and the experts in cybersecurity whose job it is to tackle those threats before they cause us harm. Just as AI can “learn” to spot patterns of coincidence or behavior that can signal an attempted attack, it can learn to adapt in order to disguise the same behavior and trick its way past our defenses. This parallel development of offensive and defensive capabilities will become an increasingly present theme as AI systems become more complex and, importantly, more available and simpler to deploy. Everything from spam email attempts to trick us into revealing our credit card details to denial-of-service attacks designed to disable critical infrastructure will grow in frequency and sophistication. On the other hand, the tech available to help us avoid falling victim, such as deep learning security algorithms, automation of systems that are vulnerable to human error, and biometric identity protection, are getting better too.
25 May 2021
|
External
:
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
Political interference increasingly common and increasingly sophisticated
Targeted disinformation campaigns aimed at swaying public opinion have almost become an accepted feature of democracy today. Cybercrime targeting elections has taken two forms. The first involves the spreading of “fake news” and false narratives – usually designed to slur a candidate – via social media. The second is direct attacks against candidates' or digital electoral infrastructure. Both forms of digital electoral interference are likely to become a growing problem over the next 12 months, partly due to the fact that they have proven to be highly effective up until now. Consequently, we can expect more investment in technology designed to counter them, as well as efforts to raise public awareness of the issue. Countering the false narratives means building systems, either automated or manual, that can sift out lies, propaganda, and bad-faith by analyzing both content and metadata – where the information originates from, and who is likely to have created it. Facebook and Google have both invested in technology designed to determine whether or not political messaging fits patterns that suggest it could be part of a targeted “fake news” campaigns. This is because of the overwhelming evidence that these tactics are being increasingly adopted by state actors with the aim of causing political unrest.
25 May 2021
|
External
:
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
Vehicle hacking and data theft increases
Modern cars are fitted with an array of GPS devices, sensors, and in-car communication and entertainment platforms that make them an increasingly profitable target for hackers and data thieves. The automobile is likely to increasingly become the backdoor of choice in the coming years thanks to the growing amount of data they collect and store about our day-to-day lives. Attackers will have the choice of targeting either the vehicles themselves, using them to access email accounts and then personal information, or the cloud services where data is routinely sent for storage and analysis. Another danger is that malicious actors compromise the digital controls and safety features of modern vehicles. During 2020, we’re likely to see more debate over this aspect of the safety of self-driving vehicles, as the regulatory framework that will allow them to operate on our roads continues to take shape.
25 May 2021
|
External
:
The 5 Biggest Cybersecurity Trends In 2020 Everyone Should Know About
Preventing cyberattacks
To resist cyber attacks, it is necessary to take preventive measures. This way you block or delay cyber attacks and discourage the attackers.
31 March 2022
|
Report
:
Aanpak voor cybersecurity: verdedigbaar netwerk, hoe doe je dat?
Damage control
An organization must be able to respond to a successful cyber attack and security incident in an appropriate manner. That is why it is so important to undertake digital investigations and initiate corrective action.
31 March 2022
|
Report
:
Aanpak voor cybersecurity: verdedigbaar netwerk, hoe doe je dat?
Cybercriminals are increasingly mature and resilient against law enforcement actions
Despite high-profile law enforcement actions against criminal communities and syndicates in 2018, the ability of threat actors to remain operational highlights the significant increase in the maturity and resilience of criminal networks
14 April 2021
|
Report
:
