Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.enisa.europa.eu Botnets: Measurement, Detection, Disinfection and Defence Dr Giles Hogben ENISA.

Published byAnnice Hopkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Www.enisa.europa.eu Botnets: Measurement, Detection, Disinfection and Defence Dr Giles Hogben ENISA."— Presentation transcript:

1 www.enisa.europa.eu Botnets: Measurement, Detection, Disinfection and Defence Dr Giles Hogben ENISA

2 www.enisa.europa.eu Overview Recommendations – Measurement and detection – Countermeasures Threat picture Roles, responsibilities and incentives – Focus on legal issues, information sharing

3 MEASUREMENT AND DETECTION

4 www.enisa.europa.eu The need to assess the threat level Deciding on investments (100’s of millions of Euros): in security measures. For governments as well as for businesses. Defining the political agenda: Botnets are a major threat to society to be engaged on governmental level. Assessing the success of measures: how do we know a technique worked

5 www.enisa.europa.eu 5 5

6 Measurement and Detection Problems identified with current measures – Lack of accuracy – Transparency of methodology – Incentives for exaggeration – Size is not everything

7 www.enisa.europa.eu Size is not everything From Panda Labs: order of 500 computers (not a botnet but some characteristics in common) took down Visa.com during the Anonymous attacks But nobody ever quotes anything else

8 www.enisa.europa.eu Impact depends on stakeholders Governments care about targeted theft of classified information and political/military targets. Financial organisations care about financial fraud and DDoS Email services care about spam volume. E-commerce providers care about DDoS attacks.

9 www.enisa.europa.eu Better impact indicators Distribution (origin) Spam statistics Bandwidth of attacks Data types harvested Financial damage Malware characteristics

10 KEY RECOMMENDATIONS FOR COUNTERMEASURES

11 www.enisa.europa.eu

12 Mitigate Existing Botnets X X X X X X X X X X

13 www.enisa.europa.eu

14

15 Responsibilitie s Governments Define clear and consistent laws Prosecute criminals Define capabilities Define central contact points Data protection End-users Keep machines clean Civic responsibility Corporate social responsibility ISP Identify, notify customers Help users clean machines Filter malicious traffic Detection, measurement Data protection Victims Resist extortion Pursue perpetrators. Cybercriminals … Software/OS Developers Write secure software Fix vulnerabilities (quickly) Detect attacks and inform users Researchers/ AV Vendors Detection Disinfection Responsible disclosure Malware analysis

16 www.enisa.europa.eu Beneficiaries Cybercriminals Innocent bystander/unwilling participant ISP, End-user Victims eCommerce, Banks, Web 2.0, Advertisers, Governments Current incentives

17 www.enisa.europa.eu Rebalancing the incentives Incentives Government Public private partnerships End-users Bot-Frei Awareness raising Raise sense of social responsibility Software Vendors Secure dev programmes SSE initiatives Criminals Prosecute and arrest Attack all parts of value-chain– esp those with no backup – e.g. money-laundering. Attack revenue streams ISP’s Financial incentives for end user cleaning initiatives Clarify and harmonise DP laws Victims Mutual assistance – e.g. in legal and other resources (Digital Addio-Pizzo) AV/Researchers Fast legal procedures Reward for reporting Clarify capabilities Information sharing

18 www.enisa.europa.eu Information sharing Benefits – Coordination – View on trends – Faster reaction Challenges – Abuse report formats – Mutually beneficial sharing – Trust between parties. – Confidentiality - how to know when 2 teams are infiltrating the same botnet without alerting the botmaster?

19 www.enisa.europa.eu Legal and Jurisdictional challenges Clear definition of who can do what in the EU 27 and beyond. – E.g. Status of IP address as Private Data Roles and responsibilities – points of contact across border – vide ENISA exercise. Empower people who are in a position to do something and clarify what – e.g. define clearly what botbusters can and cannot do. – E.g. Good samaritan provisions. – Quick reaction by law enforcement and justice. – Accelerated procedures – time is premium Find practical balance between DP laws and system security.

20 www.enisa.europa.eu Legal Report Work in progress: separate report on legal issues Q2 based on survey of experts at EU and MS level. Stakeholder capabilities e.g. Packet inspection, Takedown, Remote disinfection Emergency powers Liability of stakeholders (for damages, non-action, disclosure) Gaps and recommendations

21 www.enisa.europa.eu Key messages We don’t have good enough information on threat levels. Provide the right incentives to those in a position to fight botnets. Efficient and comprehensive international co- operation Clarify and harmonise legislation

22 www.enisa.europa.eu Questions? Botnets: Detection, measurement, disinfection and defence – best practice and analysis. http://www.enisa.europa.eu/ botnets http://www.enisa.europa.eu/ botnets Botnets: 10 hard questions – Analysis by ENISA and expert group. http://www.enisa.europa.eu/botnets-10Q http://www.enisa.europa.eu/botnets-10Q Legal analysis and recommendations. In preparation

23 www.enisa.europa.eu National and pan European Internet Service Providers: 3 Antivirus Software Developers and Security Solutions Providers: 21 Operating System Providers: 4 Application and Network Providers and Developers: 2 Web 2.0 and Social Network Site Providers: 1 Academia: 4 CERTs: 14 Online User Communities and Consumer Protection Associations: 3 Regulators and Policy Makers: 7 Law Enforcement Agencies: 3 Pan European Associations of Providers: 4 Group Composition 23

Download ppt "Www.enisa.europa.eu Botnets: Measurement, Detection, Disinfection and Defence Dr Giles Hogben ENISA."

Similar presentations

IGF Hyderabad 2008 Dimensions of Cyber Security & Cyber Crime Michael Lewis, Carnegie Mellon University & Deputy Director, Q-CERT.

IGF Hyderabad 2008 Dimensions of Cyber Security & Cyber Crime Michael Lewis, Carnegie Mellon University & Deputy Director, Q-CERT.
1 FPEG Identity theft & payment fraud point 2.2 19 December 2007.

1 FPEG Identity theft & payment fraud point December 2007.
VICTIMS RIGHTS in EU law Daphne III – 2011-2012 AG Call KICK-OFF Meeting 21 January 2013 Centre Albert Borschette, Brussels.

VICTIMS RIGHTS in EU law Daphne III – AG Call KICK-OFF Meeting 21 January 2013 Centre Albert Borschette, Brussels.
Computer Emergency Response Teams

Computer Emergency Response Teams
UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.

UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.
www.rra.gov.rw Taxes for Growth & Development RWANDA REVENUE AUTHORITY INTRODUCTION Rwanda Revenue Authority in its modernization program embarked on.

Taxes for Growth & Development RWANDA REVENUE AUTHORITY INTRODUCTION Rwanda Revenue Authority in its modernization program embarked on.
Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.
Data-Sharing and Governance Consultation ANALYSIS OF RESPONSES.

Data-Sharing and Governance Consultation ANALYSIS OF RESPONSES.
Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.

Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.
AN INTERNATIONAL SOLUTION TO A GLOBAL PROBLEM. A Global Problem What is cybercrime? How does it affect us ? The solution.

AN INTERNATIONAL SOLUTION TO A GLOBAL PROBLEM. A Global Problem What is cybercrime? How does it affect us ? The solution.
Building Trust in Digital Online World Dr. Shekhar Kirani Vice President VeriSign India 5th June 2009 IBA Conference.

Building Trust in Digital Online World Dr. Shekhar Kirani Vice President VeriSign India 5th June 2009 IBA Conference.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
1 Understanding Botnet Phenomenon MITP 458 - Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.

1 Understanding Botnet Phenomenon MITP Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
CYBER CRIME AND SECURITY TRENDS

CYBER CRIME AND SECURITY TRENDS
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
IT security seminar Copenhagen, April 4th 2002 M. Jean-Michel HUBERT Chairman of the French Regulation Authority IRG Chairman.

IT security seminar Copenhagen, April 4th 2002 M. Jean-Michel HUBERT Chairman of the French Regulation Authority IRG Chairman.
©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.

©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.

Similar presentations

Ads by Google