Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Day 1 Large Scale Attacks


Published on

Presentation by CERT-Hungary

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

Day 1 Large Scale Attacks

  1. 1. LARGE SCALE ATTACKS Lessons learnt Proposals for National and EU Policy Ferenc Suba J.D., MA Chairman of the Board PTA CERT-Hungary Vice-chair of the MB ENISA
  2. 2. Large scale attacks 1. Large phishing attack against Hungarian banks: 7 banks in HU, for 2 weeks, „foreign” attacks from international botnet administered by 4 virtual domain name servers (all abroad, from Asia, Europe, Americas) 2. Attacks on Estonia (international aspects): attacks from 4000 compromised machines (cca. 50% from the Americas, 12 from HU)
  3. 3. The response Phishing in HU (national+ international response): - PTA-CERT Hungary as coordinator - With the help of CERT community+ HU Banking ISAC - Localisation +shutting down of VDNS (all abroad) - Within 4-12 hours - Notification of ISPs via national CERTs - Notification of clients from the banks - Filing a case against unknown persons at the police Estonian crisis (international response): - Finnish national CERT + US CERT as coordinators - With the help of CERT community - Localisation + cleaning of compromised machines - Within 2 weeks (after FIRST and TF-CSIRT involvement) - Notification of ISPs, system administrators via national CERTs
  4. 4. Lessons learnt Proposals for National Policy Not enough or lacking: - Preparedness - Early warning - Manpower - Coordination - Communication with international partners - Media work National policy: - Goverment support (national strategy, responsible HLO, money) - Crisis management plan - Early warning system - National CERT - National coordination body (private sector, policy makers, law enforcement, CERTs) - Involvement of international CERT community - Communication plan - Regular exercises
  5. 5. Financial ISAC in Hungary - History: joint comexes with banks since early 2006 - Great leap forward: large phising attacks in Dec 2006 - Constituents: CERT-HU, Law Enforcement, Banking Assoc. of HU, Financial Supervisory Authority - Activity: information sharing, exercises, recommendations, coordination - Results: TLP, Advisory, complex exercises (simulated DDos attack, insider attack) - Future: FSA recomm. on the security of internet banking, coop. with similar ISACs (GOVCERT.NL, AUSCERT, DHS)
  6. 6. CIIP in Energy Sector Reason: proprietary systems are vulnerable, too! Keywords: CO-OPERATION, COMMUNICATION, EXERCISE USA: ISAC Model (branch specific co-op. under DHS) Europe: EU-SCSIE (Shell, Electrabell, Swissgrid, EDF, CERN, SEEMA, Melanie, CERT-Hungary) Global: Meridian Process Control WG Hungary: CIIP WG (MOL, Paks, MAVIR, Telco, CERT-Hungary)
  7. 7. Legal instruments of International Collaboration, future - No legally binding international agreements - Basic instrument: Memorandum of Understanding for co- operation - reasons: legally binding procedures too slow + flexibility - FIRST: two faces: association incorporated according to Californian law + conference = annual general meeting - ICAAN: association incorporated according to Californian law - Future at international level: Governments enter into this area of international co-operation (national cybersecurity strategies, NATO Cyberdefence Policy) - Future at national level: Act on Information Security, Government Network Security Centres
  8. 8. Thank you! PTA CERT-Hungary Puskás Tivadar Közalapítvány ENISA