• Home

  • Documents

  • Direct Threats to EU institutions/bodies/agencies · within EU institutions, bodies and agencies....
1
Direct Threats to EU institutions/bodies/agencies 2019 : EU-I | Techniques,Tactics, Procedures 6 % 5 % 4 % 5 % 2 % 2 % 10 % Targeted attacks have been a steady trend throughout 2019 within EU institutions, bodies and agencies. Trojan and Bots: an intense activity has been observed within EU-I. Data Harvesting & Leaks: active attempts to harvest cloud service credentials have been observed. The use of EU-I staff professional email addresses for private web accounts expose them to leakage. Phishing: this technique has remained an ongoing threat that includes phone scams, invoices, purchases, payments, etc... 24 % Data Harvesting & Leaks Phishing 33 % Trojans & Bots 9 % Targeted phishing Targeted attacks Ransomware Banking trojans Social media Sectoral threats TOP 10 TARGETED SECTORS 2019 Digital services IT Gov. & Admin. Finance Bank Telecoms Social Networks Digital infrastructure Health Energy Targeted Phishing: a rise in phishing messages has been observed in 2019; impersonation of EU-I employee or training provider, EU member state’s administration. Ransomware: several ransomware families have been observed, but no successful infection has been reported. Criminal crypto-mining remains an active threat, although the number of observed attempts has declined compared to previous quarters. DDoS - Distributed Denial of Service: several cases have been reported to CERT-EU, yet they did not cause any significant impact. Ransomware: several ransomware families have been observed, but no successful infection has been reported. Social media: a number of fake accounts impersonating EU-I members have been detected (Facebook, Twitter, Instagram). Public administrations in several countries have once again fallen victim to ransomware attacks. Cybercriminals have spoofed public administrations to lure victims during malware distribution campaigns. The procurement services of administrations are attractive targets for business email compromise frauds or credential harvesting campaigns. Hacktivist activities (denial of service attacks, web defacements, and intrusions) against governmental entities sometimes coincide with increased social unrest in the country. FOCUS ON: EUROPE APT28; Sandworm; Turla; Gamaredon Group; Berserk Bear APT41; APT17 Lazarus group Ransomware attacks represent a major threat for all sectors (administrations, universities, digital services, hospitals, etc.). The Cobalt cybercriminal group has been the most active against European financial institutions. Cyberespionage operations have affected important sectors (industry, foreign affairs, government). Disinformation campaigns are frequently observed as part of hybrid operations. Politically motivated hacktivists have carried out campaigns (DDoS, intrusions, disruptions) in some countries. Large European companies (e.g. hotels, telecom operators) have been compromised resulting in large personal data leaks. CERT-EU, CERT for the EU Institutions, Bodies and Agencies https://cert.europa.eu or [email protected] TLP: WHITE Crypto-mining DDoS FOCUS ON: Government and Administration Geographical threats APT33; APT34 Most active groups against Europe

Direct Threats to EU institutions/bodies/agencies · within EU institutions, bodies and agencies. Trojan and Bots: an intense activity has been observed within EU-I. Data Harvesting

  • Upload
    others

  • View
    3

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Direct Threats to EU institutions/bodies/agencies · within EU institutions, bodies and agencies. Trojan and Bots: an intense activity has been observed within EU-I. Data Harvesting

Direct Threats to EU institutions/bodies/agencies2019 : EU-I | Techniques,Tactics, Procedures

6 %

5 %

4 %

5 %

2 %

2 %

10 %

Targeted attacks have been a steady trend throughout 2019 within EU institutions, bodies and agencies.

Trojan and Bots: an intense activity has been observed within EU-I.

Data Harvesting & Leaks: active attempts to harvest cloud service credentials have been observed. The use of EU-I staff professional email addresses for private web accounts expose them to leakage.

Phishing: this technique has remained an ongoing threat thatincludes phone scams, invoices, purchases, payments, etc...

24 %Data Harvesting & Leaks

Phishing

33 %Trojans & Bots

9 %Targeted phishing

Targeted attacks

Ransomware

Banking trojans

Social media

Sectoral threats TOP 10 TARGETED SECTORS

2019Digital servicesITGov. & Admin.FinanceBankTelecomsSocial NetworksDigital infrastructureHealthEnergy

Targeted Phishing: a rise in phishing messages has been observed in 2019; impersonation of EU-I employee or training provider, EU member state’s administration.

Ransomware: several ransomware families have been observed, but no successful infection has been reported. Criminal crypto-mining remains an active threat, although the number of observed attempts has declined compared to previous quarters.

DDoS - Distributed Denial of Service: several cases have been reported to CERT-EU, yet they did not cause any significant impact.

Ransomware: several ransomware families have been observed, but no successful infection has been reported.

Social media: a number of fake accounts impersonating EU-I members have been detected (Facebook, Twitter, Instagram).

Public administrations in several countries have once again fallen victim to ransomware attacks. Cybercriminals have spoofed public administrations to lure victims during malware distribution campaigns. The procurement services of administrations are attractive targets for business email compromise frauds or credential harvesting campaigns.Hacktivist activities (denial of service attacks, web defacements, and intrusions) against governmental entities sometimes coincide with increased social unrest in the country.

FOCUS ON: EUROPE APT28; Sandworm; Turla;Gamaredon Group; Berserk Bear

APT41; APT17

Lazarus group

Ransomware attacks represent a major threat for all sectors (administrations, universities, digital services, hospitals, etc.).The Cobalt cybercriminal group has been the most active against European financial institutions.Cyberespionage operations have affected important sectors (industry, foreign affairs, government).Disinformation campaigns are frequently observed as part of hybrid operations.Politically motivated hacktivists have carried out campaigns (DDoS, intrusions, disruptions) in some countries. Large European companies (e.g. hotels, telecom operators) have been compromised resulting in large personal data leaks.

CERT-EU, CERT for the EU Institutions, Bodies and Agencies https://cert.europa.eu or [email protected]

TLP: WHITE

Crypto-mining

DDoS

FOCUS ON: Government and Administration

Geographical threats

APT33; APT34

Most active groups against Europe

National Ombudsmen & Similar Bodies in the EU Ombudsmen & Similar Bodies in the EU-Austria 01 Name: Herrn Dr. Peter Kostelka Title: Volksanwalt Institution: Volksanwaltschaft Address:

National Ombudsmen & Similar Bodies in the EU Ombudsmen & Similar Bodies in the EU-Austria 01 Name: Herrn Dr. Peter Kostelka Title: Volksanwalt Institution: Volksanwaltschaft Address:

Documents
EU agencies : legal and political limits to the transformation of the EU administration

EU agencies : legal and political limits to the transformation of the EU administration

Documents
Specialized Agencies and Other Bodies

Specialized Agencies and Other Bodies

Documents
The Development of Agencies at EU and National …€¦ ·  · 2018-04-21Professor J.H.H.Weiler ... The Development of Agencies at EU and National Levels: ... the EC institutions

The Development of Agencies at EU and National …€¦ ·  · 2018-04-21Professor J.H.H.Weiler ... The Development of Agencies at EU and National Levels: ... the EC institutions

Documents
Publications Office€¦ · EU Whoiswho – the electronic directory of services in the EU institutions, bodies and agencies ... been transformed from a traditional publishing house

Publications Office€¦ · EU Whoiswho – the electronic directory of services in the EU institutions, bodies and agencies ... been transformed from a traditional publishing house

Documents
Special Report 22/2020: Future of EU agencies – Potential

Special Report 22/2020: Future of EU agencies – Potential

Documents
EU Medicines Agencies Network Strategy to 2020 - …haieurope.org/wp-content/uploads/2015/07/Response-to-EU-Medicines... · EU Medicines Agencies Network Strategy to 2020 - ... fees

EU Medicines Agencies Network Strategy to 2020 - …haieurope.org/wp-content/uploads/2015/07/Response-to-EU-Medicines... · EU Medicines Agencies Network Strategy to 2020 - ... fees

Documents
Specialized Agencies and Other Bodies · 2019. 9. 6. · Specialized Agencies and Other Bodies staff, subject to geographical distribution. Throughout 2002, American representation

Specialized Agencies and Other Bodies · 2019. 9. 6. · Specialized Agencies and Other Bodies staff, subject to geographical distribution. Throughout 2002, American representation

Documents
The International Dimension of the EU Agencies: Framing a

The International Dimension of the EU Agencies: Framing a

Documents
Delegation of EU programmes to executive agencies for 2021

Delegation of EU programmes to executive agencies for 2021

Documents
The importance of standards bodies in EU funded projectsinspire.ec.europa.eu/events/conferences/inspire_2011/presentations/... · The importance of standards bodies in EU funded projects

The importance of standards bodies in EU funded projectsinspire.ec.europa.eu/events/conferences/inspire_2011/presentations/... · The importance of standards bodies in EU funded projects

Documents
Overview of the scientific processes of the EU Agencies ...ECDC Overview of the scientific processes of the EU Agencies Network on Scientific Advice (EU-ANSA) 2017 1. Nature of the

Overview of the scientific processes of the EU Agencies ...ECDC Overview of the scientific processes of the EU Agencies Network on Scientific Advice (EU-ANSA) 2017 1. Nature of the

Documents
EU Agencies: The way aheadecdc.europa.eu/.../press/news/Documents/100217_EU_Agencies_way_… · EU AGENCIES The way ahead 221551_brochure_EUagencies.indd 11551_brochure_EUagencies.indd

EU Agencies: The way aheadecdc.europa.eu/.../press/news/Documents/100217_EU_Agencies_way_… · EU AGENCIES The way ahead 221551_brochure_EUagencies.indd 11551_brochure_EUagencies.indd

Documents
Brexit and EU agencies - SWP€¦ · Brexit and EU agencies ... insufficient, aiming instead for a bespoke ‘deep and special partnership’ with the EU. It is here that EU agencies

Brexit and EU agencies - SWP€¦ · Brexit and EU agencies ... insufficient, aiming instead for a bespoke ‘deep and special partnership’ with the EU. It is here that EU agencies

Documents
Biographies - EU Agencies Network | Extranet · Biographies Keynote speakers and panellists Organised by the EU Agencies Network. More info on euagencies.eu or by email Coordination-EU-Agencies@euipo.europa.eu

Biographies - EU Agencies Network | Extranet · Biographies Keynote speakers and panellists Organised by the EU Agencies Network. More info on euagencies.eu or by email [email protected]

Documents
THE EU AGENCIES working for youeurojust.europa.eu/doclibrary/corporate/Relevant EU...THE EU AGENCIES WORKING FOR YOU. A Single market, single currency, borderless travel, internal

THE EU AGENCIES working for youeurojust.europa.eu/doclibrary/corporate/Relevant EU...THE EU AGENCIES WORKING FOR YOU. A Single market, single currency, borderless travel, internal

Documents
Linguistic Autonomy of EU Institutions, Bodies and Agencies

Linguistic Autonomy of EU Institutions, Bodies and Agencies

Documents
DIRECTORATE GENERAL FOR INTERNAL POLICIES 15 2.4.1. Limitation to EU institutions, bodies, offices and agencies 15 2.4.2. Exclusion of legislative procedures and judicial proceedings

DIRECTORATE GENERAL FOR INTERNAL POLICIES 15 2.4.1. Limitation to EU institutions, bodies, offices and agencies 15 2.4.2. Exclusion of legislative procedures and judicial proceedings

Documents
COMMISSION EUROPEAN...Articles 105a to 108 provide for rules that centralise the exclusion process for all institutions, EU offices, agencies and bodies. In particular, Article 108(7)

COMMISSION EUROPEAN...Articles 105a to 108 provide for rules that centralise the exclusion process for all institutions, EU offices, agencies and bodies. In particular, Article 108(7)

Documents
Specialized Agencies and Other Bodies · Specialized Agencies and Other Bodies Food and Agriculture Organization ( FAO) Established in 1945 in Rome, FAO is the UN specialized agency

Specialized Agencies and Other Bodies · Specialized Agencies and Other Bodies Food and Agriculture Organization ( FAO) Established in 1945 in Rome, FAO is the UN specialized agency

Documents
5. EU Control Bodies Authorities En

5. EU Control Bodies Authorities En

Documents
Translation Centre For the Bodies of the EU

Translation Centre For the Bodies of the EU

Documents
EU agencies on the move: challenges ahead...5. The Lisbon Treaty has acknowledged the existence of EU agencies which strengthens the position of agencies as part of the EU executive

EU agencies on the move: challenges ahead...5. The Lisbon Treaty has acknowledged the existence of EU agencies which strengthens the position of agencies as part of the EU executive

Documents
SOURCES FOR PROCUREMENT RESEARCH GRANTS – INTERNATIONAL AGENCIES, GOVERNMENT AND PRIVATE BODIES

SOURCES FOR PROCUREMENT RESEARCH GRANTS – INTERNATIONAL AGENCIES, GOVERNMENT AND PRIVATE BODIES

Documents
Recommendation 2013/473/EU on notified bodies audits

Recommendation 2013/473/EU on notified bodies audits

Documents
2017 Discharge of the EU decentralised agencies Answers to

2017 Discharge of the EU decentralised agencies Answers to

Documents
Swimming in the Monero pools - imf-conference.org · Emilien Le Jamtel CERT-EU Security Analyst @__Emilien__ kwouffe •CERT for European Institutions, Agencies, and Bodies. •Around

Swimming in the Monero pools - imf-conference.org · Emilien Le Jamtel CERT-EU Security Analyst @__Emilien__ kwouffe •CERT for European Institutions, Agencies, and Bodies. •Around

Documents
The EU justice and home affairs agencies · 2020-02-11 · The EU JHA agencies are spread across different Member States (see map). The JHA agencies established a network, in 2006,

The EU justice and home affairs agencies · 2020-02-11 · The EU JHA agencies are spread across different Member States (see map). The JHA agencies established a network, in 2006,

Documents
Trick or treat? Unveil the “Stratum” of the mining pools · 2019-04-29 · The Computer Emergency Response Team for the EU institutions, bodies and agencies (EU-I): Constituency

Trick or treat? Unveil the “Stratum” of the mining pools · 2019-04-29 · The Computer Emergency Response Team for the EU institutions, bodies and agencies (EU-I): Constituency

Documents
Information Guide Agencies and Decentralised Bodies of the …aei.pitt.edu/74857/1/Agencies_Decentralised_Bodies.pdf · 2016-04-25 · Summaries of EU legislation Executive agencies

Information Guide Agencies and Decentralised Bodies of the …aei.pitt.edu/74857/1/Agencies_Decentralised_Bodies.pdf · 2016-04-25 · Summaries of EU legislation Executive agencies

Documents