Report on the evolution of cyber threats for 2017

Energy industry, the target of cyber-attacks in Romania

The Romanian National Computer Security Incident Response Team (CERT-RO) published on May 11 the Report on the evolution of cyber threats in 2017.

The report is the outcome of analysis on information collected and processed by the institution during 2017. A novelty compared to reports in the previous years is the introduction of analysis on trends in terms of evolution of cyber threats at global level.

138,217,026 cyber security alerts were collected and processed in 2017, up 25% compared to 2016, affecting a number of 2.89 million unique IP addresses in Romania.

Following the analysis of cyber security alerts collected by CERT-RO in 2017, the following has been found:

  • 33.71% (2.89mln) of total IPs allocated to RO were affected;
  • 83.63% (115.60mln) of alerts collected and processed targeted vulnerable computer systems;
  • 10.32% (14.33mln) of alerts processed refer to compromised computer systems, in the sense that they were either infected with various forms of malware or exploited and used by attackers in various types of attacks;
  • 1,709 ‘.ro’ web domains were reported to CERT-RO as compromised, decreasing by approximately 84% compared to 2016 (10,639). The number accounts for approximately 0.18% of total ‘.ro’ domains registered in Romania in December (944,145) and approximately 0.38% of total active ‘.ro’ domains (438,366).

“Cyber security is essential, given that the number of Internet users is steadily increasing and e-commerce is considerably developing in our country. We therefore pay a special attention to creating and maintaining a safer activity framework for both citizen and providers of goods and services that use the new technologies,” Petru Bogdan Cojocaru, Minister of Communications and Information Society, stated.

The report briefly outlines the most publicized attacks at European level in 2017, WannaCry and NotPetya, which also affected users in Romania.

“The analysis conducted by CERT-RO shows that cyber threats are in a growing trend, in terms of both number and complexity. A relevant example is represented by the malware threats, characterized by a tendency to use advanced methods of avoiding detection, such as embedding pre-installed tools or running only in memory,” Catalin Arama, Director of the Romanian National Computer Security Incident Response Team – CERT-RO – affirmed.

At the same time, the report highlights that threats and vulnerabilities of the national cyber space continue to diversify, which is also shown by the fact that in 2017 CERT-RO introduced new types of alerts. Moreover, it is the first year when the report analyses the entire picture of cyber risks and threats at global level.

 

Cooperation protocols

Last month, following up bilateral discussions between representatives of CERT-RO and E.ON, the two bodies agreed on a collaboration protocol on cyber security, extending CERT-RO’s cooperation with the private sector.

The protocol was signed having in mind the soon-to-come transposition of the Directive concerning measures for a high common level of security of network and information systems across the Union (NIS Directive). The regulation will impose minimum security measures for service operators from several essential industries: energy, transportation, water, banking, health, financial markets and digital services.

“We are taking seriously the risks associated to cyber incidents or attacks. Digital systems in our electricity distribution networks may be the target of such attacks, with potential particularly serious consequences on supply security, as well as with significant damages for the company. At the same time, we are aware of our obligations in terms of protecting the energy systems that provide essential services, as well as of data collected and managed,” Frank Hajdinjak, CEO of E.ON Romania, mentioned.

CERT-RO and ENEVO Group also signed a cooperation protocol which covers cyber security information exchange, support for awareness campaigns and skill sharing among specialists.

Specialists claim that, with the increased role of digital technologies in the energy infrastructure, the greatest risks in the case of systems are represented by cyber-attacks. Market studies show that, in the second half of last year, the largest number of cyber-attacks took place against energy organizations and industrial control systems integrators.

CERT-RO is a single point of contact at national level for the prevention, analysis, identification of and reaction to cyber security incidents in the Romanian cyber space, as well as in relation to and communication with similar institutions on the territory of the European Union.

Back to top button