161 retrieve incident handling statistics from organizations, administrators due to executive’s restriction. We continue to provide advice to system administrators in the Internet community who report security problems. We working now on establishing of regular chat system with administrators of organizations and to offer information on state of Internet security to the system administrators, network managers, and others in the Internet community.

2.2. Threats

Malware and the malicious web • The year began Gameover ZeuS peer-to-peer botnet activities which is also responsible for distributing Cryptolocker ransomware. Gameover ZeuS is a banking trojan that aims to steal banking and other sensitive private information. If this fails to deliver significant financial information, the criminals can deploy Cryptolocker, which encrypts your personal files on your computer and then attempts to extort money out of you in return for the decryption key. Without the key the files are permanently locked and the only way to recover the contents is from backup files. • The National Cyber Security Authority NCSA led the Mongolian effort in the global operation. Partnering with NCSA, MonCIRT provided dedicated page with information and explanations, as well as links to tools that would scan to determine if you were infected as well as cleaning up infected hosts. NCSA also provided useful advice about how the malware spreads and how you can defend yourself against it. • In 2014 more personal details, such as email addresses, passwords both encrypted and clear text, and even national ID numbers were put on public display. • Based on data for 2014, it is not surprising that the bulk of the security incidents disclosed were carried out with the majority of attackers going after a broad target base while using off-the-shelf tools and techniques. We attribute this to the wide public availability of toolkits and to the large number of vulnerable web applications that exist on the Internet. • The relative volume of the various alerts can help to describe how attacks are established and launched. They also frequently provide hints about how methods have evolved. Based on this, the main focus in 2014 may have been 162 the subversion of systems, with larger coordinated attacks being executed across fairly broad swaths of the Internet. MonCIRT participated in the information sharing campaign, raising awareness of the event and hosting a copy of the advice and links to the clean-up tools. Additionally we received and processed the sinkhole data, which we then distributed to Internet Service Providers ISPs to allow them to assist their customers who had been infected. For commercial organisations, the impact of ransomware cannot be underestimated. User education about cyber risks, along with robust security controls and a proven incident management capability, will help businesses to minimise the risk from, and impact of, crimeware like Gameover ZeuS and Cryptolocker.

2.3. Incident trends