The number of cyber attacks has exploded in recent years. In the past five years, the number of attacks in our country tripled, and they are also becoming more severe. Companies are willing to pay millions of dollars in ransom to get rid of hackers.
So write Het Parool and Algemeen Dagblad (1)(2). The dailies invoked the Open Government Act (Woo) and requested figures on this from the National Coordinator for Counterterrorism and Security (NCTV).
The figures show that fewer than seven hundred reports of cyber attacks were received by the NCTV in 2017. Last year there were more than two thousand. At least 180 cyber attacks targeted companies and organizations working in the vital sector. These include telecom companies, financial institutions and utility providers.
The greatest danger are ransomware attacks. In these, data is placed behind a digital lock and key. The only way to access the files again is to pay a ransom to the attackers. Once they receive the ransom, they hand over the decryption or decryption key. One hacker group reportedly captured $25 million this way.
Hackers are increasingly attacking entire business chains. As an example, the newspapers cite the ransomware attack on transport company Bakker Logistiek. Because the internal systems were down for several days, 250 trucks could not drive. Several Albert Heijn stores had empty cheese shelves as a result. The Port of Rotterdam and the Central Bureau for the Food Trade (CBL) recently expressed their concerns about the impact of cyber attacks on Dutch society.
Not only has the number of cyber attacks increased sharply. The intensity of attacks has also gradually grown. In addition, hacker groups are increasingly behaving like professional organizations. For example, we increasingly see digital customer service where victims can go with questions. Forums, a human resources department and their own website are no strangers these days.
Mourad Rerhioui of cybersecurity firm Rubrik confirms that there are "service bureaus" negotiating with duped individuals on behalf of hackers. More and more companies and organizations are negotiating with a party called "Melissa. This is said to have made deals with Dutch victims of cyber attacks on behalf of several hacker groups.
In addition to ransomware attacks, our country is also increasingly confronted with data breaches, according to daily newspapers. At the municipality of Buren, for example, hackers managed to capture 5 TB of data about the municipality and its citizens. In total, more than 730,000 files and more than 1,300 copies of identity documents were stolen. The attackers put 130 GB of data online on the dark web. Research by the Dutch cybersecurity firm Hunt & Hackett found that the hackers managed to get in via a leaked password from a VPN account.
"The Netherlands is still unaware of the dangers," warns security expert Pim Takkenberg of Northwave Cyber Security. He fears that the figures are just the tip of the iceberg. According to him, for fear of reputational damage, by no means all cyber attacks are reported to the authorities.
To increase our country's digital resilience, earlier this month the cabinet presented a brand new cybersecurity strategy, including an action plan with concrete measures. The plans state, among other things, that the National Cyber Security Center (NCSC), the Digital Trust Center (DTC) and the Cyber Security Incident Response Team for Digital Service Providers (CSIRT-DSP) will merge into a single national cybersecurity center no later than 2026. In this way, the cabinet wants to combat fragmentation in the cybersecurity landscape and combine cybersecurity knowledge and expertise.
There will also be a "cyber weather report" to give citizens and businesses timely warnings of current threats. In addition, the Landelijk Dekkend Stelsel (LDS) will be strengthened and expanded, "robust legal requirements for security and compliance monitoring" will be established, and the Dutch will be able to report multiple forms of cybercrime online starting next year. Finally, the cabinet will invest tens of millions of euros in the coming years to strengthen cybersecurity and increase the cyber resilience of our country.
Security specialists welcome the government's proactive stance, but at the same time are critical of the plans. They feel that concrete plans about cyber attacks taking place in the near future are lacking. Furthermore, the need about cooperation outside Europe has not penetrated the cabinet sufficiently.
https://www.parool.nl/nederland/toename-cybercrime-mysterieuze-melissa-onderhandelde-meermaals-over-losgeld~bca41cb1/
https://www.ad.nl/tech/mysterieuze-melissa-eist-meermaals-losgeld-na-cyberaanval-betaling-loopt-in-de-miljoenen~aca41cb1/
