Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Expert Comment on EU rapid responce cyber team initiative

June 2021 by Experts

The comment by Andrey Yakovlev, Security Researcher at IntSights and Kurt Glazemakers, CTO at Appgate on the news about the EU launching a cyber security rapid response team, that the US is now wanting to be a part of.

Andrey Yakovlev, Security Researcher at IntSights:
It is always good to have international agencies cooperate to solve crime, in my opinion. Cybercrime is typically a multi-state operation. For example, a server may be located in one country’s data center, whereas the domain may be registered by a registrar from another country and the attacker sits in a third. Having a reliable framework that can help minimize bureaucracy and act faster on subpoenas? Sounds like a great initiative.

This initiative might deter some cyber criminals, but it likely won’t make much of a dent overall. We might see more news about European criminals getting arrested, we may hear more news about successful dismantlers of cybercrime infrastructure. But at the end of the day, what does it do to a cyber criminal who’s sitting in Russian Saratov or in Chinese Shanghai?

The net is that they will scramble, shift their tactics, and continue. Serious money makers are not likely to stop; they make some serious money, so they view their efforts as well worth the risks.

There are already alliances and frameworks that aid cooperation throughout different states in the fight against cybercrime. Take the Five Eyes intelligence alliance, for example. Although created in the 1940s, the agreement allows for cooperation in cyberspace. Personally, I think this new EU initiative is a response to the cyber-offensive that goes on in the world, but it’s not only about the attacks themselves, it is also about the way attackers behave. Let’s take ransomware gangs for example, whose attacks I’m sure were part of the reasoning for the creation of this organisation.

Apart from targeting governmental agencies and critical infrastructure, ransomware gangs began to behave like LLC or LTD companies - over time, they started doing marketing, inviting media outlets, competing with each other - all to attract the right kind of attention. This is one of the reasons ransomware affiliates were removed from cybercriminal forums. Too much noise.

Kurt Glazemakers, CTO at Appgate:
I do think this initiative is a good idea. Cyberattacks are getting more and more sophisticated, and some of them are organised on a nation state level, and by well built-out organisations. It is key to share the knowledge and lesson’s learned to better protect governments and enterprises. Most governments and enterprises don’t have the knowledge to properly investigate cyberattacks and their root cause. The SolarWinds’ attack was an eyeopener for many organisations, where they realized they would have been compromised as well if they had the SolarWinds product installed in their network.
The initiative will not stop or deter the cyberattacks, but it could reduce impact and will help to build better defense against those threads by sharing expertise.
Europe has not been the fastest to make decisions like this and hand over controls and regulations from the nation to the European level has always been difficult, unless there is a sense of urgency or real benefit for the individual nations. The sense of urgency has definitely been raised with the SolarWinds hack and Colonial pipeline attack as one of the latest addition, where the first was an eye opener in the sophistication of the attack, while the Colonial pipeline was an eye opener on the economic impact. It is just a matter of time until the next one will hit.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts