RIA Cyber Security Report 2016

The Estonian version of the report was released already in March.

One interesting piece of information disclosed in the report is the case of targeted attack against the SCADA system used at Viru Keemia Grupp AS. The case was also widely covered in Estonian media.

In 2016, traffic bearing the hallmarks of malware was spotted in the computer network of Viru Keemia Grupp (VKG), an Estonian group of oil shale, power and public utility companies. Software experts found the Mimikatz malware in the VKG office network, used in Windows systems to extract identity credentials (such as passwords, password hashes etc.). [..] Upon further investigation, it was found that a workstation in the SCADA monitoring segment was infected. The workstation was then removed from the network. Network traffic and examples of malware found on computers all pointed to a targeted attack. The malware and control server used have been linked to the APT28 cyber espionage group.

The report also includes RIA position statement on technology backdoors:

From Estonia’s perspective, strong encryption is vital for ensuring trust in the state’s digital services, as all of the e-services provided by the government and many private sector e-services are based on strong encryption (Estonian digital identity). In the longer term, building in backdoors would thus reduce trust in the digital state, but trust is an extremely important value for Estonia. As a result, Estonia has not supported building backdoors into e-services, and the objective and function of RIA continues to be to ensure the high level of trust in Estonian digital identity.

Links:
https://www.ria.ee/en/ria-cyber-security-more-important-than-ever.html
https://www.ria.ee/public/Kuberturvalisus/RIA_CSA_2017.PDF

Leave a Reply

Your email address will not be published. Required fields are marked *