Www.enisa.europa.eu Botnets: Measurement, Detection, Disinfection and Defence Dr Giles Hogben ENISA.

Slides:

Advertisements

Similar presentations

IGF Hyderabad 2008 Dimensions of Cyber Security & Cyber Crime Michael Lewis, Carnegie Mellon University & Deputy Director, Q-CERT.

Advertisements

1 FPEG Identity theft & payment fraud point December 2007.

VICTIMS RIGHTS in EU law Daphne III – AG Call KICK-OFF Meeting 21 January 2013 Centre Albert Borschette, Brussels.

Computer Emergency Response Teams

UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.

Taxes for Growth & Development RWANDA REVENUE AUTHORITY INTRODUCTION Rwanda Revenue Authority in its modernization program embarked on.

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

Data-Sharing and Governance Consultation ANALYSIS OF RESPONSES.

Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.

AN INTERNATIONAL SOLUTION TO A GLOBAL PROBLEM. A Global Problem What is cybercrime? How does it affect us ? The solution.

Building Trust in Digital Online World Dr. Shekhar Kirani Vice President VeriSign India 5th June 2009 IBA Conference.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

1 Understanding Botnet Phenomenon MITP Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.

(Geneva, Switzerland, September 2014)

CYBER CRIME AND SECURITY TRENDS

Norman SecureSurf Protect your users when surfing the Internet.

IT security seminar Copenhagen, April 4th 2002 M. Jean-Michel HUBERT Chairman of the French Regulation Authority IRG Chairman.

©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.

APA of Isfahan University of Technology In the name of God.

Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.

1 ENISA’s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA Cyprus, 28.

Market Analysis Decision Group.

1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB

An invitation to fight bots: the ACDC community Wout de Natris De Natris Consult/reach out officer eco RIPE 67 Athens, Tuesday 15 October 2013.

Catherine Bowen, Policy & Stakeholder Director. What is the NBCS? The National Business Crime Solution (NBCS) is a ‘Not for Profit’ Initiative that provides.

1 Brett Roberts Director of Innovation | Microsoft NZ | 28 Aug 07 Technology and Privacy.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

E-government in the Pacific Islands: project update Rowena Cullen Graham Hassall.

Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.

COMP 2903 A27 – Why Spyware Poses Multiple Threats to Security Danny Silver JSOCS, Acadia University.

Internet Drivers License CSS411/BIS421 Computing Technology & Public Policy Mark Kochanski Spring 2010.

Computer & Network Security

OPSWAT Presentation for XXX Month Date, Year. OPSWAT & ____________ Agenda  Overview of OPSWAT  Multi-scanning with Metascan  Controlling Data Workflow.

Success factors that govern the compilation of indicators An efficient model for change PART 3.

EISAS Pilot Collaborative Awareness Information Dissemination to EU Citizens & SMEs 1.

Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.

Australia Cybercrime Capacity Building Conference April 2010 Brunei Darussalam Ms Marcella Hawkes Director, Cyber Security Policy Australian Government.

Page 1 Battling Botnets: Implications for a Cybercrime Strategy July 8, 2010.

AREVA T&D Security Focus Group - 09/14/091 Security Focus Group A Vendor & Customer Collaboration EMS Users Conference September 14, 2009 Rich White AREVA.

2011 East African Internet Governance Forum (EA – IGF) Rwanda Cyber briefing: Positive steps and challenges Didier Nkurikiyimfura IT Security Division.

A FRICA INTERNET GOVERNANCE FORUM TH SEPTEMBER,2015 AFRICA UNION COMMISSION HQS, ADDIS ABABA,ETHIOPIA Presented By: Michael Ilishebo, ZAMBIA.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Corporate Social Responsibility LECTURE 25: Corporate Social Responsibility MGT

International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.

Get Safe Online Expert advice for everyone In association with.

© Cloud Security Alliance, 2015 Jim Reavis CEO, Cloud Security Alliance.

EU activities against cyber crime Radomír Janský Unit - Fight against Organised Crime Directorate-General Justice, Freedom and Security (DG JLS) European.

Customs Reform – Challenges and Solutions/ Kiev December

Article 28(2) USD Introduction. The Problem Fraud and Misuse scale Evolving risks Impact on end users –Direct financial impact –Direct inconvenience Indirect.

Intellectual Property. Confidential Information Duty not to disclose confidential information about a business that would cause harm to the business or.

1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.

Decision Group April 2010 Market Analysis. Agenda  Market  DPI/DPC Market Size  Market Segments  Forensic Solution Market  Competitors  Decision.

Information Systems Week 7 Securing Information Systems.

ISACA Ireland Cyber Security Policy 9 February 2016.

Impact Research 1 Enabling Decision Making Through Business Intelligence: Preview of Report.

Friday 22nd April 2016 DS Chris Greatorex SEROCU

BotLeg WP1 Workshop. Agenda o 14:00 – 14:15 Botleg PhD research: questions and goals o 14:15 – 15:15 WP1 questionnaire findings and Brainstorming (D1)

Information and Network security: Lithuania Tomas Lamanauskas Deputy Director Communications Regulatory Authority (RRT) Republic of Lithuania; ENISA Liaison.

EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.

PROTECTING YOUR DATA THREATS TO YOUR DATA SECURITY.

Security and resilience for Smart Hospitals Key findings

Cybersecurity - What’s Next? June 2017

Securing Information Systems

The Challenge of Spam Spam is a harmful, costly, and evolving threat to Internet users. A collaborative approach is needed to provide the best spam-mitigation.

Cyber attacks on Democratic processes

Fighting against botnets

The European Union response to cyber threats

Chapter # 3 COMPUTER AND INTERNET CRIME

Presentation transcript:

Botnets: Measurement, Detection, Disinfection and Defence Dr Giles Hogben ENISA

Overview Recommendations – Measurement and detection – Countermeasures Threat picture Roles, responsibilities and incentives – Focus on legal issues, information sharing

MEASUREMENT AND DETECTION

The need to assess the threat level Deciding on investments (100’s of millions of Euros): in security measures. For governments as well as for businesses. Defining the political agenda: Botnets are a major threat to society to be engaged on governmental level. Assessing the success of measures: how do we know a technique worked

5 5

Measurement and Detection Problems identified with current measures – Lack of accuracy – Transparency of methodology – Incentives for exaggeration – Size is not everything

Size is not everything From Panda Labs: order of 500 computers (not a botnet but some characteristics in common) took down Visa.com during the Anonymous attacks But nobody ever quotes anything else

Impact depends on stakeholders Governments care about targeted theft of classified information and political/military targets. Financial organisations care about financial fraud and DDoS services care about spam volume. E-commerce providers care about DDoS attacks.

Better impact indicators Distribution (origin) Spam statistics Bandwidth of attacks Data types harvested Financial damage Malware characteristics

KEY RECOMMENDATIONS FOR COUNTERMEASURES

Mitigate Existing Botnets X X X X X X X X X X

Responsibilitie s Governments Define clear and consistent laws Prosecute criminals Define capabilities Define central contact points Data protection End-users Keep machines clean Civic responsibility Corporate social responsibility ISP Identify, notify customers Help users clean machines Filter malicious traffic Detection, measurement Data protection Victims Resist extortion Pursue perpetrators. Cybercriminals … Software/OS Developers Write secure software Fix vulnerabilities (quickly) Detect attacks and inform users Researchers/ AV Vendors Detection Disinfection Responsible disclosure Malware analysis

Beneficiaries Cybercriminals Innocent bystander/unwilling participant ISP, End-user Victims eCommerce, Banks, Web 2.0, Advertisers, Governments Current incentives

Rebalancing the incentives Incentives Government Public private partnerships End-users Bot-Frei Awareness raising Raise sense of social responsibility Software Vendors Secure dev programmes SSE initiatives Criminals Prosecute and arrest Attack all parts of value-chain– esp those with no backup – e.g. money-laundering. Attack revenue streams ISP’s Financial incentives for end user cleaning initiatives Clarify and harmonise DP laws Victims Mutual assistance – e.g. in legal and other resources (Digital Addio-Pizzo) AV/Researchers Fast legal procedures Reward for reporting Clarify capabilities Information sharing

Information sharing Benefits – Coordination – View on trends – Faster reaction Challenges – Abuse report formats – Mutually beneficial sharing – Trust between parties. – Confidentiality - how to know when 2 teams are infiltrating the same botnet without alerting the botmaster?

Legal and Jurisdictional challenges Clear definition of who can do what in the EU 27 and beyond. – E.g. Status of IP address as Private Data Roles and responsibilities – points of contact across border – vide ENISA exercise. Empower people who are in a position to do something and clarify what – e.g. define clearly what botbusters can and cannot do. – E.g. Good samaritan provisions. – Quick reaction by law enforcement and justice. – Accelerated procedures – time is premium Find practical balance between DP laws and system security.

Legal Report Work in progress: separate report on legal issues Q2 based on survey of experts at EU and MS level. Stakeholder capabilities e.g. Packet inspection, Takedown, Remote disinfection Emergency powers Liability of stakeholders (for damages, non-action, disclosure) Gaps and recommendations

Key messages We don’t have good enough information on threat levels. Provide the right incentives to those in a position to fight botnets. Efficient and comprehensive international co- operation Clarify and harmonise legislation

Questions? Botnets: Detection, measurement, disinfection and defence – best practice and analysis. botnets botnets Botnets: 10 hard questions – Analysis by ENISA and expert group. Legal analysis and recommendations. In preparation

National and pan European Internet Service Providers: 3 Antivirus Software Developers and Security Solutions Providers: 21 Operating System Providers: 4 Application and Network Providers and Developers: 2 Web 2.0 and Social Network Site Providers: 1 Academia: 4 CERTs: 14 Online User Communities and Consumer Protection Associations: 3 Regulators and Policy Makers: 7 Law Enforcement Agencies: 3 Pan European Associations of Providers: 4 Group Composition 23