The ISDays took place on April 1st and 2nd. Raphael Vinot from CIRCL gave a keynote speech titled “the Luxembourg Cybersecurity threat landscape. Diving into real incidents, what can you expect from the attackers…”
Raphael explained that in 2014, a total of 83610 events were processed and the CIRCL team conducted around 3209 technical investigations. The attacks are separated in 3 different categories: cybercriminals with a financial objective; government-supported attackers with an information objective and the cyberactivists who have a political or fun objective.
Raphael also stated that all incidents need to be handled even if they seem to be minor security incidents.
In the past months, in Luxembourg, attackers have been active in the following areas:
- Phishing attacks involving fraud with overwritten bank details. A number of organisations with huge invoice processing have been targeted.
- Ransomware. The most recent one is the CT-Locker. In 50% of the cases, SMEs and companies discovered non-functional or incomplete backups.
- VoIP and PBX systems, as attackers easily scan for vulnerable management interfaces in PBX or VoIP servers connected to the Internet.
“It is important to note that security is not a matter of security products but a majority of incidents are detected by humans”, explains Raphael.
A number of services developed and operated by CIRCL are available to: help detect malicious software and suspicious documents with the Dynamic Malware Analysis; share information about incidents thanks to the Malware information Sharing Platform (MISP); monitor leaks with PasteMining, and check the maliciousness of a link with the URL Abuse tool.