161 retrieve incident handling statistics from organizations, administrators due to
executive’s restriction. We continue to provide advice to system administrators in the Internet community
who report security problems. We working now on establishing of regular chat system with administrators of organizations and to offer information on state of
Internet security to the system administrators, network managers, and others in the Internet community.
2.2. Threats
Malware and the malicious web •
The year began Gameover ZeuS peer-to-peer botnet activities which is also responsible for distributing Cryptolocker ransomware. Gameover ZeuS is a
banking trojan that aims to steal banking and other sensitive private information. If this fails to deliver significant financial information, the
criminals can deploy Cryptolocker, which encrypts your personal files on your computer and then attempts to extort money out of you in return for the
decryption key. Without the key the files are permanently locked and the only way to recover the contents is from backup files.
• The National Cyber Security Authority NCSA led the Mongolian effort in the
global operation. Partnering with NCSA, MonCIRT provided dedicated page with information and explanations, as well as links to tools that would scan to
determine if you were infected as well as cleaning up infected hosts. NCSA also provided useful advice about how the malware spreads and how you can defend
yourself against it. •
In 2014 more personal details, such as email addresses, passwords both encrypted and clear text, and even national ID numbers were put on public
display. •
Based on data for 2014, it is not surprising that the bulk of the security incidents disclosed were carried out with the majority of attackers going after a
broad target base while using off-the-shelf tools and techniques. We attribute this to the wide public availability of toolkits and to the large number of
vulnerable web applications that exist on the Internet. •
The relative volume of the various alerts can help to describe how attacks are established and launched. They also frequently provide hints about how
methods have evolved. Based on this, the main focus in 2014 may have been
162 the subversion of systems, with larger coordinated attacks being executed
across fairly broad swaths of the Internet. MonCIRT participated in the information sharing campaign, raising awareness of
the event and hosting a copy of the advice and links to the clean-up tools. Additionally we received and processed the sinkhole data, which we then
distributed to Internet Service Providers ISPs to allow them to assist their customers who had been infected. For commercial organisations, the impact of
ransomware cannot be underestimated. User education about cyber risks, along with robust security controls and a proven incident management capability, will
help businesses to minimise the risk from, and impact of, crimeware like Gameover ZeuS and Cryptolocker.
2.3. Incident trends