CERT Polska: The security landscape of the Polish Internet

Operating since 1996 in the structures of NASK (Scientific and Academic Computer Network) - research institute conducting scientific activity, national .pl domain registry and providing advanced ICT services, CERT Polska team - the first Emergency Response Team established in Poland (Computer Emergency Response Team), published a report on the security of the Polish Internet for 2016.

Main conclusions from the report

1. In 2016, CERT Polska handled 1926 incidents, by 32 percent. more than in 2015. This is primarily a result of the growing awareness of the existence of CERT teams (including CERT Polska) and their role in responding to incidents and threats, as well as direct cooperation between CERT Polska and an increasing number of entities and organizations.

2. Weak security of the Internet of Things makes it relatively easy to use it for network attacks.

3. Mirai botnets, using mainly webcams and video recorders, have made record DDoS attacks on the largest providers of Internet services in the world, causing problems with access to the most popular websites and services. In Poland, we have observed up to 14,000 devices per day belonging to the Mirai botnet.

4. The trend of criminals using home routers is increasing. An example of such activities is sending spam and using home routers as proxy servers.

5. The most common type of incident served in CERT Polska was phishing, accounting for more than half of all cases. In comparison to previous years, the number of phishing and phishing websites sent by e-mails has increased noticeably. The distribution of malware - both well-known and new variants has also increased. Criminals use a wide range of solutions, especially in the case of theft with the use of mobile devices.

6. The average daily number of infected computers observed by CERT Polska in Polish networks is about 20,000. In comparison with 2015, it is twice as low. These values ​​are understated. Due to the limitations of sources that we have.

7. The dominant botnets in Polish networks are: Mirai, Conficker, ISFB and Nymaim.

8. Ransomware is quite a big threat in Poland. The main routes of infection are e-mails with attachments and the kits exploit.

9. Exploit kits are still one of the most effective methods of malware infection, widely used also in Poland. In 2016, CERT Polska began a new cycle of research on this threat.

10. DDoS attacks measured in hundreds of Gbps become everyday life and a very real risk for business.

11. Many websites depend on a few key suppliers, which means that attacks on such sensitive targets have an enormous scale of impact. An example is the attack on Dyn in October 2016.

12. In 2016, information on multiple susceptibilities was published. According to CERT Poland, the most important ones concerned Cisco ASA, MySQL, GNU / Linux kernel, Tor Browser and antivirus software.

13. Coordinated actions of law enforcement agencies of many countries and private entities bring more and more tangible positive effects. An example is the closing of the Avalanche botnet, as well as the increasingly frequent detention of cybercriminals - also in Poland.

14. As the value of cryptocurrencies increases, the number and scale of attacks on websites dealing with their storage and exchange as well as the motivation of criminals to such activities increases. The value of assets stolen in this way in 2016 is counted in tens of millions of dollars.

15. An unresolved issue - important especially in the context of large-scale attacks, such as the theft of money from the SWIFT system or alleged interference in the presidential election in the US remains the issue of attribution.



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.