Last week, the Dutch Cybersecurity Insights Report 2024 from the NCTV was published (#CSBN2024). The report summarizes some well-known developments: the main threat actors in the Netherlands are nation states and criminals. The NCTV indicates that cyber-attacks are increasing in complexity and intensity. Cyber risks are calling for a broader approach as they increasingly touch upon broader organizational risks. Finally, the NCTV points out that the cybersecurity of digital processes is critical for our society but at the same time competing with other stakeholders. So far, nothing new. Some statistics: in 2023, at least 178 ransomware attacks were reported to the authorities, and over 97 zero-day exploits were used during attacks. Additionally, the following risks were highlighted: · Quantum computing is positioned as a current risk for national security; · Monocultures and large reliance on very few cloud providers form a risk; · The large-scale trade of personal data is considered a current risk for national security; · Dutch civil infrastructure #OT: bridges, highways, tunnels and sluices, are increasingly vulnerable for cyberattacks. Recent incidents already resulted in annoying traffic jams. Furthermore, the list of cyber incidents included in the report is long. Many incidents are related to ransomware, DDOS, and theft of personal data, but there were also some special cases: · The signal of babyTV was hijacked and used to broadcast Russian propaganda, which apparently was collateral damage, to broader signal attacks aimed at Ukraine. More radio signal abuse was performed in Poland, where an untrusted signal halted several railroad vehicles and was able to play the Russian national anthem; · The Belgium 112 was rerouted on March, due to a cyber-attack on the emergency systems. The root cause remains unclear; · The (by the USA attributed) Chinese hacker group: Volt Typhoon is targeting vital infrastructure, with the objective of preparing to sabotage it in case of a conflict; · Drinking water companies are on the hook this year. Both USA based companies in various states, as well as facilities in Ireland were impacted by a cyber incident. Although the objective of the attacker was different per country. Source: https://lnkd.in/eTQrak3i
