OSCE and UN partners train practitioners from Central Asia on effective investigations of cybercrimes and terrorist use of Internet

A three-day online training course for over 70 practitioners from the five Central Asian states on the effective investigation of crimes committed in cyberspace and with the use of digital technologies recently concluded. The event was organized by the OSCE Secretariat’s Transnational Threats Department jointly with the UN Office of Counter-Terrorism - UN Centre for Counter-Terrorism (UNCCT- UNOCT), and the UN Regional Centre for Preventive Diplomacy in Central Asia (UNRCCA) with the support of the OSCE field operations in Central Asia.
The practitioners from Kazakhstan, Kyrgyzstan, Tajikistan, Turkmenistan and Uzbekistan work in investigating crimes committed in cyberspace and with the use of digital technologies, as well as requesting, processing and handling digital evidence, in their respective countries.
“Terrorist and violent extremist actors have learned how to harness new technologies to great effect and we have witnessed the expansion of their activities in cyberspace,” said Oguljeren Niyazberdiyeva, Chief of the Office of the Under-Secretary-General for Counter-Terrorism. “The ongoing COVID-19 environment has exacerbated vulnerabilities and conditions conducive to terrorism as the whole world increasingly lives their lives in the virtual space generating ever increasing opportunities for terrorism-related cyber-crimes.”
Ambassador Alena Kupchyna, OSCE Co-ordinator to address Transnational Threats, said: “Issues related to improving the effectiveness of the investigation of cybercrimes and cyber-enabled terrorist offences are of increasing relevance in many countries. This emphasizes the need to develop the capacity of national criminal justice systems to investigate these types of crimes while ensuring respect for the rule of law and respect for human rights and fundamental freedoms.”
Philipp Saprykin, Deputy Head of UNRCCA said: “Together with our partners, UNRCCA continues to provide capacity-building assistance to Central Asian countries in priority areas identified through our regular consultations with Member States.”
The training was conducted by representatives and experts of the OSCE, the UNCCT-UNOCT, UNRCCA, the Counter-Terrorism Committee Executive Directorate (CTED) and the UN Office on Drugs and Crime. They familiarized participants with best international practices and case studies in cybercrime investigations, as well as countering the use of the Internet for terrorist purposes, based on respect for human rights and fundamental freedoms.

ENISA Threat Landscape 2020 highlights top cyber threats for January 2019-April 2020

The European Union Agency for Cybersecurity (ENISA), with the support of the European Commission, EU Member States and the CTI Stakeholders Group, has published the 8th annual ENISA Threat Landscape (ETL) report, identifying and evaluating the top cyber threats for the period January 2019-April 2020.
This publication is divided into 22 different reports, available in pdf form and ebook form. The combined report lists the major change from the 2018 threat landscape as the COVID-19-led transformation of the digital environment. During the pandemic, cyber criminals have been seen advancing their capabilities, adapting quickly and targeting relevant victim groups more effectively Infographic - Threat Landscape Mapping during COVID-19.
The ETL report is part strategic and part technical, with information relevant to both technical and non-technical readers. The following table describes the type of audience and content for each ETL report. You can navigate through the entire collection by using the links available in each report in the section "Related". For a better understanding on how the ETL is structured, we recommend the initial reading of "The Year in Review" report. Previous, ENISA Threat Landscape reports are available on the webpage - ETL though the years and Tematic Landscapes.
The full report is available at ENISA >>

New ITU study estimates US$ 428 billion are needed to connect the remaining 3 billion people to the Internet by 2030

The International Telecommunication Union (ITU) has published Connecting Humanity - Assessing investment needs of connecting humanity to the Internet by 2030, a comprehensive new study that estimates the investment needed to achieve universal, affordable broadband connectivity for all humanity by the end of this decade.

Connecting Humanity posits that nearly US$ 428 billion is required to connect the remaining 3 billion people aged ten years and above to broadband Internet by 2030. It is an ambitious goal and a major infrastructure investment challenge.

"Meeting the investment necessary to bring every person online by the end of this decade will require an unprecedented and concerted effort from the public and private sectors," said ITU Secretary-General Houlin Zhao. "The new Connecting Humanity study led by ITU is the much-needed roadmap that will guide decision-makers on the journey towards accessible, affordable, reliable, and safe digital technologies and services for all."

The study examines costs associated with infrastructure needs, enabling policy and regulatory frameworks, and basic digital skills and local content at both the global and regional levels, as well as how to mobilize the unprecedented levels of financing needed to extend networks to unserved communities.

Over the past several months, the COVID-19 pandemic has exposed different types of inequalities within and across countries and regions, including those related to quality of access, affordability and use of the Internet.

With so many essential services pushed online, there is a real and present danger that those without broadband Internet access could be left ever further behind. Hence assessing investment requirements to reach affordable universal connectivity is important to any country concerned with their ability to achieve the Sustainable Development Goals (SDGs).

According to ITU, over 12% of the global unconnected population live in remote, rural locations where traditional networks are not easily accessible, most of them in Africa and South Asia. This connectivity gap is exacerbated by the gender digital divide. Across the globe, more men than women use the Internet: only 48% of women as opposed to 58% of men.

Whereas in some regions bridging the connectivity gap predominantly means upgrading existing coverage and capacity sites, nearly half of the required radio access network (RAN) infrastructure investment in Sub-Saharan Africa, South Asia, and East Asia/Pacific will be greenfield, the new study says.

"While this is an ambitious aim, it is in no way an unachievable one," said Doreen Bogdan-Martin, Director of the ITU Telecommunication Development Bureau. "It is my hope that, as part of ITU's Connect 2030 Agenda efforts, this major new ITU assessment will provide clear, coherent evidence-based guidance for countries that will help accelerate efforts to reach unconnected communities, so that equality of opportunity is finally within reach of all."

Study for the creation of a national capabilities assessment framework

ENISA, the EU Agency for cybersecurity, held a workshop to validate the results of the study for the creation of a national capabilities assessment framework together with the EU Member States and related stakeholders. By assessing their National Cybersecurity Strategy objectives both at strategic and at operational level, Member States will be able to possibly enhance existing and build new cybersecurity capabilities. The purpose of the framework is to help Member States perform a self-assessment of their level of maturity. Other benefits include:

  • Identification of elements missing within the strategy;
  • Establish a history of lessons learned;
  • Referencing best practices;
  • Generate credibility and showing transparency for the public, National and international stakeholders and partners.

Sixty participants coming from academia, EU institutions, National Authorities, Ministries, and CSIRTs attended the online workshop. They were all actively engaged in the assessment and validation of the proposed report, which will be published later.

Members of the Hellenic Ministry of Digital Governance and of the Ministry of Justice and Security in the Netherlands also intervened. Each of them gave a short presentation on the recent NCSS efforts conducted in Greece and in the Netherlands respectively. They also shared the main challenges they face as well as good practices and lessons learned.

The representatives identified the following challenges and lessons learned:

  • Most resources tend to be dedicated to the planning and implementation phase. While obviously important, this may lead to a lack of coordination and organisation in the monitoring and evaluation phase of the strategy.
  • The strategy should provide explicit ownership and accountability for the measures identified to reach the objectives. This is not currently the case.
  • Clarifying relations between objectives, measures, resources and expected outputs of the next national strategy will be essential in order to re-structure the policy theory.
  • Cybersecurity is a domain where information is highly confidential and not easily distributed. This is why it is crucial for EU Member States to have common tools and processes based on the shared experience.

Background on National Cybersecurity Strategies

In line with its strategic objectives, the European Agency for Cybersecurity, (ENISA) supports the efforts of Member States in the area of NCSS by:

  • Supporting cybersecurity as an integral part of national policies through the development of guidelines on the NCSS lifecycle and through analysis of existing strategies to outline good practices. The Good Practice Guide on NCSS published in 2016 is one of them.
  • Supports cutting-edge competencies and capabilities through performing deep dives on specific national strategic objectives, such as the publication on the Good practices in Innovation. This can also be done by developing online tools to support the uptake of lessons learned and good practices. Examples of such tools are the NCSS evaluation tool and the NCSS Interactive Map.
  • Empowering and engaging Member States through community building by maintaining an experts group on NCSS and by fostering cooperation and exchange of good practices between MS. Publications on effective collaborative models for PPPs and ISACs are good examples of such effort.

Covid-19 Sparks Upward Trend in Cybercrime

Europol’s 2020 cybercrime report updates on the latest trends and the current impact of cybercrime within the EU and beyond.

So much has changed since Europol published last year’s Internet Organised Crime Threat Assessment (IOCTA). The global COVID-19 pandemic that hit every corner of the world forced us to reimagine our societies and reinvent the way we work and live. During the lockdown, we turned to the internet for a sense of normality: shopping, working and learning online at a scale never seen before. It is in this new normal that Europol publishes its 7th annual IOCTA. The IOCTA seeks to map the cybercrime threat landscape and understand how law enforcement responds to it. Although the COVID-19 crisis showed us how criminals actively take advantage of society at its most vulnerable, this opportunistic behaviour of criminals should not overshadow the overall threat landscape. In many cases, COVID-19 has enhanced existing problems.

Social engineering and phishing remain an effective threat to enable other types of cybercrime. Criminals use innovative methods to increase the volume and sophistication of their attacks, and inexperienced cybercriminals can carry out phishing campaigns more easily through crime as-a-service. Criminals quickly exploited the pandemic to attack vulnerable people; phishing, online scams and the spread of fake news became an ideal strategy for cybercriminals seeking to sell items they claim will prevent or cure COVID-19.

Encryption continues to be a clear feature of an increasing number of services and tools. One of the principal challenges for law enforcement is how to access and gather relevant data for criminal investigations. The value of being able to access data of criminal communication on an encrypted network is perhaps the most effective illustration of how encrypted data can provide law enforcement with crucial leads beyond the area of cybercrime.

Ransomware attacks have become more sophisticated, targeting specific organisations in the public and private sector through victim reconnaissance. While the COVID-19 pandemic has triggered an increase in cybercrime, ransomware attacks were targeting the healthcare industry long before the crisis. Moreover, criminals have included another layer to their ransomware attacks by threatening to auction off the comprised data, increasing the pressure on the victims to pay the ransom. Advanced forms of malware are a top threat in the EU: criminals have transformed some traditional banking Trojans into modular malware to cover more PC digital fingerprints, which are later sold for different needs.

The main threats related to online child abuse exploitation have remained stable in recent years, however detection of online child sexual abuse material saw a sharp spike at the peak of the COVID-19 crisis. Offenders keep using a number of ways to hide this horrifying crime, such as P2P networks, social networking platforms and using encrypted communications applications. Dark web communities and forums are meeting places where participation is structured with affiliation rules to promote individuals based on their contribution to the community, which they do by recording and posting their abuse of children, encouraging others to do the same. Livestream of child abuse continues to increase, becoming even more popular than usual during the COVID-19 crisis when travel restrictions prevented offenders from physically abusing children. In some cases, video chat applications in payment systems are used which becomes one of the key challenges for law enforcement as this material is not recorded.

SIM swapping, which allows perpetrators to take over accounts, is one of the new trends in this year’s IOCTA. As a type of account takeover, SIM swapping provides criminals access to sensitive user accounts. Criminals fraudulently swap or port victims’ SIMs to one in the criminals’ possession in order to intercept the one-time password step of the authentication process.

In 2019 and early 2020 there was a high level of volatility on the dark web. The lifecycle of dark web market places has shortened and there is no clear dominant market that has risen over the past year. Tor remains the preferred infrastructure, however criminals have started to use other privacy-focused, decentralised marketplace platforms to sell their illegal goods. Although this is not a new phenomenon, these sorts of platforms have started to increase over the last year. OpenBazaar is noteworthy, as certain threats have emerged on the platform over the past year such as COVID-19-related items during the pandemic.

CISA and MS-ISAC Release Joint Ransomware Guide

The Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing a joint Ransomware Guide meant to be a one-stop resource for stakeholders on how to be proactive and prevent these attacks from happening and also a detailed approach on how to respond to an attack and best resolve the cyber incident. CISA and MS-ISAC observed there are vast products and resources available, but very few that have them all in one place.

This one-stop guide is divided into two parts:

First, the guide focuses on best practices for ransomware prevention, detailing practices that organizations should continuously do to help manage the risk posed by ransomware and other cyber threats. It is intended to enable forward-leaning actions to successfully thwart and confront malicious cyber activity associated with ransomware. Some of the several CISA and MS-ISAC preventive services that are listed are Malicious Domain Blocking and Reporting, regional CISA Cybersecurity Advisors, Phishing Campaign Assessment, and MS-ISAC Security Primers on ransomware variants such as Ryuk.

The second part of this guide, response best practices and services, is divided up into three sections: (1) Detection and Analysis, (2) Containment and Eradication, and (3) Recovery and Post-Incident Activity. One of the unique aspects that will significantly help an organization’s leadership as well as IT professional with response is a comprehensive, step-by-step checklist. With many technical details on response actions and lists of CISA and MS-ISAC services available to the incident response team, this part of the guide can enable a methodical, measured and properly managed approach.

“It is a CISA priority to help our partners defend against ransomware, advise them on appropriate risk-management actions and provide best practices for a resilient, responsible incident response plan in the event of an cyberattack,” said Bryan Ware, Assistant Director for Cybersecurity, CISA. “The collaborative and consistent engagement with our industry and government partners support our concerted efforts to offer trusted, proactive and timely resources and services. This guide is based on operational insight from CISA and MS-ISAC and our engagements with varied sector partners.”

Recent events stress the important reminder that ransomware can happen at any time to any organizations, so we encourage all organizations with sensitive or important data stored on their network to take steps now to protect it, including backing up data, training employees, and patching systems to blunt the potential impact of ransomware. Malicious actors have adjusted their ransomware tactics over time to include pressuring victims for payment by threatening to release stolen data if they refuse to pay and publicly naming and shaming victims as secondary forms of extortion.

One of the ways this guide can help is with identifying their critical data. It’s hard to have an organization determine after-the-fact what critical data was impacted by a ransomware incident if they did not have that understanding of what critical data they had ahead of time. And, it is hard to revert to backups if an organization does not have or has not properly maintained and tested their backups.

This joint ransomware guide is written primarily for the IT professional, but every level of an organization can benefit from reviewing it. CISA and MS-ISAC are proud to provide this guide that can help them plan for a ransomware incident and understand the risk management, analytical, and response services available to them.

October is European Cyber Security Month

The European Cybersecurity Month (ECSM) is the European Union’s annual campaign dedicated to promoting cybersecurity among EU citizens and organisations, and to providing up-to-date online security information through awareness raising and sharing of good practices.

The ECSM campaign is coordinated by the European Union Agency for Cybersecurity (ENISA) and the European Commission, and supported by EU Member States and hundreds of partners (governments, universities, think tanks, NGOs, professional associations, private sector business) from Europe, and beyond.

The EU Agency for Cybersecurity coordinates the organisation of the ECSM campaign by acting as a “hub” for all participating Member States and EU Institutions, and by providing expert suggestions, generating synergies and promoting common messaging among EU citizens, businesses and public administration. The Agency also publishes new materials and provides expert advice on different cybersecurity topics for Member States’ audiences.

Since the first event in 2012, the European Cybersecurity Month has been reaching its key priorities by bringing together parties from across Europe under the slogan ‘Cybersecurity is a Shared Responsibility’ to unite against cyber threats.

Each year, for the entire month of October, hundreds of activities take place across Europe, including conferences, workshops, training sessions, webinars, presentations and more, to promote digital security and cyber hygiene.

Increasing resilience of the cyber/ICT environment requires fostering international co-operation, say participants at OSCE high-level conference

International co-operation and multilateral approaches are needed to maintain resilience and stability of the cyber-ICT environment, concluded participants of the high-level conference of the OSCE Albanian Chairmanship that ended today in Vienna.

Agron Tare, Deputy Minister for Europe and Foreign Affairs of Albania said that securing the cyber ecosystem requires “engagement, collaboration and co-ordination amongst all relevant stakeholders to preserve a functioning and stable ICT environment.”

Deputy Minister Tare also stressed the role the OSCE plays in regional efforts to develop new ideas on establishing a stable cyber/ICT environment and putting those ideas into practice, thus contributing to global efforts.

“The OSCE – through its sixteen existing confidence-building measures - has provided us with a platform to build trust and capacities, enhance co-operation and reduce tensions that may stem from the use of ICTs,” Tare said, noting that it is important to make them work for all OSCE participating States.

Referring to the OSCE Informal Working Group, which set an example for how to drive co-operation forward in the field of cyber/ICT security, the Deputy Minister noted its flagship “Adopt-a-CBM” initiative, inaugurated in 2018 by the Hungarian Chair of the Informal Working Group established by Permanent Council Decision 1039. He noted that the initiative is “the most promising way ahead regarding the implementation of the confidence-building measures.”

Péter Sztáray, Minister of State for Security Policy, Ministry of Foreign Affairs and Trade of Hungary, said that the pandemic added a new threat to existing global challenges and, more than anything showed that all countries rely heavily on cyber/ICT technologies to maintain daily business, enable most critical infrastructure systems and drive economic and social growth. “In the future there will be an even heavier reliance on digital infrastructure. That is why international co-operation, a multilateral approach on both global and regional level is needed more than ever,” Sztáray said.

DDoS coalition is working together during the current DDoS attacks

In recent weeks, dozens of companies in Europe, including multiple ISPs in Belgium, France, and the Netherlands, reported DDoS attacks that targeted their DNS infrastructure. have been targeted by DDoS attacks. This concerns attacks on internet providers, banks and digital service providers. Due to the collaboration and countermeasures taken by the members of the NaWas coalition, the consequences for the customers of these organizations have been diminished.

In a DDoS attack (Distributed Denial of Service) cyber criminals try to make a website, server or service inaccessible. Via a botnet, for example, a centrally controlled network of hacked computers, an online service is visited so massively that it is overloaded. Ordinary website visitors can no longer continue to use the online service.

Many digital services and the underlying infrastructure are essential to our daily life. Consider, for example, payment transactions, information services and online hospital patient files. DDoS attacks are therefore not only annoying for an affected company and its customers, but can have major consequences.

A DDoS attack is punishable. The police are committed to detecting cyber criminals and preventing and disrupting cybercrime and DDoS attacks. The police calls on companies that are being attacked to file a report and not to respond to possible extortion.

Using the right mitigation, most of the attacks can be successfully turned down and the service levels are not interrupted. The participants in the Anti-DDoS Coalition, are actively sharing information and helping each other to counter the attacks. The partnership consists of seventeen organizations including internet providers, internet exchanges, academic institutions, non-profit organizations and banks. The coalition aims to investigate and mitigate DDoS attacks from different angles.

Further details can be found at www.nbip.nl

New ACSC report details cyber threats across Australia

The inaugural ACSC Annual Cyber Threat Report outlines key cyber threats and statistics over the period 1 July 2019 to 30 June 2020. Over this period, the ACSC responded to 2,266 cyber security incidents and received 59,806 cybercrime reports at an average of 164 cybercrime reports per day, or one report every 10 minutes.

Key cyber threats highlighted include:

Malicious cyber activity against Australia’s national and economic interests is increasing in frequency, scale, and sophistication. Phishing and spearphishing remain the most common methods used by cyber adversaries to harvest personal information or user credentials to gain access to networks, or to distribute malicious content.

Over the past 12 months the ACSC has observed real-world impacts of ransomware incidents, which have typically originated from a user executing a file received as part of a spearphishing campaign. Ransomware has become one of the most significant threats given the potential impact on the operations of businesses and governments.

The 5G network and IoT devices have the potential to be revolutionary, but they require new thinking about how best to adopt them securely. Insecure or misconfigured systems make it very easy for hackers looking to compromise networks, cause harm and steal information.

Cybercrime is one of the most pervasive threats facing Australia, and the most significant threat in terms of overall volume and impact to businesses and individuals. The Australian Competition and Consumer Commission’s (ACCC) Targeting Scams 2019 report, identified Australians lost over $634 million to scams in 2019.

The ACSC Annual Cyber Threat Report has been developed with law enforcement partners, the Australian Federal Police and the Australian Criminal Intelligence Commission, to provide important information about emerging cyber threats impacting the Australian economy.

Full report avaioable at https://www.cyber.gov.au/sites/default/files/2020-09/ACSC-Annual-Cyber-Threat-Report-2019-20.pdf

1 2 3