Jul 28 2022

ENISA provides data related to major telecom security incidents in 2021

Category: Information Security,Security IncidentDISC @ 8:36 am

ENISA published a report that includes anonymised and aggregated information about major telecom security incidents in 2021.

ENISA published a report that provides anonymized and aggregated information about major telecom security incidents in 2021.

Every European telecom operator that suffers a security incident, notifies its national authorities which share a summary of these reports to ENISA at the start of every calendar year.

The reporting of security incidents has been part of the EU’s regulatory framework for telecoms
since the 2009 reform of the telecoms package.

This year the report includes data related to reports of 168 incidents submitted by national authorities from 26 EU Member States (MS) and 2 EFTA countries.

The incident had a significant impact on the victim, the total user hours lost (resulted by
multiplying for each incident the number of users by the number of hours) was 5,106 million user
hours. Experts noticed a huge increase compared to 841 million user hours lost in 2020. The reason for this is the impact of a notable EU-wide incident that was reported separately by three MS. ENISA has published technical guidelines on incident reporting under the EECC1, including on thresholds and calculating hours lost.

Below are the takeaways from incidents that took place in 2021:

  • 4,16% of reported incidents in 2021 refer to OTT communication services, for this reason the European Agency required further attention for security incidents related to OTT services.
  • This is the first time that incidents concerning confidentiality and authenticity were reported.
  • The number of incidents labeled as malicious actions passed from 4% in 2020 to 8% in 2021.
  • System failures continue to dominate in terms of impact but the downward trend continues. System failures accounted for 363 million user hours lost compared to 419 million user hours in 2020.
  • The number of Incidents caused by human errors is the same as in 2020.
  • Only 22% of incidents were reported as being related to third-party failures compared to 29%

Let me suggest reading the full report for additional information:


ENISA Telecom Security Incidents 2021

DISC InfoSec

#InfoSecTools and #InfoSectraining



Ask DISC an InfoSec & compliance related question

Tags: telecom security incidents

Dec 10 2021

The Red Team Guide

Category: Information Security,Security IncidentDISC @ 12:54 pm
The Red Team Guide – by Peerlyst

Download a copy of The Red Team Guide

Rtfm: Red Team Field Manual

The Red Team Field Manual (RTFM) is a no fluff, but thorough reference guide for serious Red Team members who routinely find themselves on a mission without Google or the time to scan through a man page. The RTFM contains the basic syntax for commonly used Linux and Windows command line tools, but it also encapsulates unique use cases for powerful tools such as Python and Windows PowerShell. The RTFM will repeatedly save you time looking up the hard to remember Windows nuances such as Windows wmic and dsquery command line tools, key registry values, scheduled tasks syntax, startup locations and Windows scripting. More importantly, it should teach you some new red team techniques.

Download a copy of The Red Team Guide

Incident Response Management Foundation Training Course

Tags: Red team, Red Team Field Manual, Rtfm, The red team guide

Dec 04 2021

Cybersecurity Incident & vulnerability response playbooks

Category: Information Security,Security IncidentDISC @ 4:43 pm

Cybersecurity Incident & Vulnerability Response Playbooks – Audiobook

Cybersecurity Incident & Vulnerability Response Playbooks by [Cybersecurity and Infrastructure Security Agency]

Tags: Incident Response, vulnerability response

Nov 18 2021

CISA releases incident response plans for federal agencies

Category: Security IncidentDISC @ 10:16 am

The Cybersecurity and Infrastructure Security Agency (CISA) has released new cybersecurity response plans for federal civilian executive branch (FCEB) agencies (” Federal Government Cybersecurity Incident and Vulnerability Response Playbooks“).

The documents aim at developing a standard set of operational procedures (i.e., playbook) to be used in planning and conducting cybersecurity vulnerability and incident response activity for federal civilian agency information systems.

“The playbooks provide federal civilian executive branch (FCEB) agencies with operational procedures for planning and conducting cybersecurity incident and vulnerability response activities. The playbooks provide illustrated decision trees and detail each step for both incident and vulnerability response.” reads the announcement.

The definition and adoption of standardized IR procedures allow to drastically reduce the associated risks for impacted organizations.

The document released by CISA presents two playbooks, one for incident response and one for vulnerability response, both developed for FCEB agencies. CISA plans to extend these playbooks for organizations outside of the FCEB to promote a process of standardization of the incident response practices.

The Vulnerability Response Playbook applies to any flaw that is observed to be exploited by threat actors to gain compromise computer networks of the agencies. The playbook builds on CISA’s Binding Operational Directive 22-01 and standardizes the high-level process to address these vulnerabilities.

The playbooks will facilitate better coordination and effective response and enable tracking of cross-organizational successful actions.

“FCEB agencies should use the playbooks to shape their overall defensive cyber operations. The playbooks apply to information systems used or operated by an FCEB agency, a contractor of the agency, or another organization on behalf of the agency. CISA encourages agencies to review the playbooks and CISA’s webpage on EO 14028 for more information.” concludes CISA. “Although CISA created the playbooks for FCEB agencies, we encourage critical infrastructure entities; state, local, territorial, and tribal government organizations; and private sector organizations to review them to benchmark their own vulnerability and incident response practices.”

The incident response playbook has to be used in incidents that involve confirmed malicious cyber activity for which a major incident has been declared or not yet been reasonably ruled out (i.e. Incidents involving lateral movement, credential access, and exfiltration of data, and compromised administrator accounts).

incident response process

While aimed at federal agencies, CISA also encourages public and private sector partners, including critical infrastructure entities and state, local, territorial, and tribal (SLLT) government organizations, to review them to improve their incident and vulnerability response practices.


Nov 15 2021

ENISA – The need for Incident Response Capabilities in the health sector

Category: hipaa,Security IncidentDISC @ 10:43 am

The European Union Agency for Cybersecurity (ENISA) published an analysis of the current state of development of sectoral CSIRT capabilities in the health sector since the implementation of the NIS Directive.

An attack against a hospital can lead to physical damages and put the lives of patients at risk. The Agency remarks the need to set up solid Incident Response Capabilities (IRC) in the health sector. The document aims at offering insights on current incident response (IR) trends and providing recommendations about the development of IR capabilities in the health sector.

In 2020, the number of reports sent to ENISA about cybersecurity incidents saw an increase of 47% compared to the previous year.

The level of exposure to cyber threats is increasing to the adoption of emerging technologies such as the Internet of Things (IoT), Artificial Intelligence (AI), big data, and cloud computing.

Computer Security Incident Response Teams (CSIRTs) are tasked to develop the capabilities needed to address cyber threats and implement the provisions of the Directive on security of network and information systems (NIS Directive).

“Although dedicated health sector CSIRTs are still the exception in the Member States, sector specific CSIRT cooperation is developing.” reads the report. “The lack of sector-specific knowledge or capacity of national CSIRTs, lessons learned from past incidents and the implementation of the NIS Directive appear to be the main drivers of the creation of sector-specific incident response capabilities in the health sector.”

While the lifetime of healthcare equipment is about 15 years on average, the pace of updates that are released by the vendors but in many cases, the healthcare devices remain unpatched for long periods. Another challenge the healthcare sector is faced with is the complexity of systems due to the increased number of connected devices is enlarging the attack surface.

Below is the list of recommendations included in the report:

  1. Enhance and facilitate the creation of health sector CISRTs by allowing easy access to funding, promoting capacity building activities, etc.
  2. Capitalise on the expertise of the health CSIRTs for helping Operators of Essential Services (OES) develop their incident response capabilities by establishing sector-specific regulations, cooperation agreements, communication channels with OES, public-private partnerships, etc.
  3. Empower health CSIRTs to develop information sharing activities using threat intelligence, exchange of good practices and lessons learned, etc.

“The key force driving the development of incident response capabilities of CSIRTs is the information related to security requirements and responsibilities of organisations for each sector.” concludes the report. “Shared frameworks for incident classification and threat modelling, education activities and a network allowing communication between incident response actors constitute the main resources and tools currently supporting the development of incident response capabilities.”


Tags: ENISA, health sector, Incident Response

Aug 13 2021

3 Ways To Avoid Internet Hacking Incidents With Sports Related Ventures

Category: Hacking,Security IncidentDISC @ 9:49 am

Nowadays just as one cannot take enough safety measures when leaving their house of work to avoid running into problems and tribulations along the way, the exact same measures are to be taken into consideration when strolling around the wonderful world of the internet. It can be argued that the internet stands right up there as being one of the most important tools that recent technology has offered mankind to make lives easier. You can look for information, shop, wager on sporting events like pro football games through sites that focus on NFL predictions for games amongst other services and many other activities.

The internet has become the perfect tool for anyone and everyone to find absolutely everything they may want, need or anything in between, it’s become a staple of commodity and leisure, but it can also be a very dangerous tool if not handled properly. This tech tool has especially garnered fame and recognition amongst sports fans who flock to it in order to find all items related to their favorite teams, athletes and sports, but rest assured, one wrong move and dire consequences could be on the way

 Today though, let’s focus on one of sports fans’ favorite online activities, online sports betting and how to prevent hacking incidents from happening.

Table of Contents

Incident Response & Computer Forensics

Tags: NBA, NFL, Sports Related Ventures

Sep 08 2020

Hackers use legit tool to take over Docker, Kubernetes platforms

Category: Security Breach,Security IncidentDISC @ 3:08 pm

In a recent attack, cybercrime group TeamTNT relied on a legitimate tool to avoid deploying malicious code on compromised cloud infrastructure and still have a good grip on it.

Source: Hackers use legit tool to take over Docker, Kubernetes platforms

Misusing tool of the trade
Analyzing the attack, researchers at Intezer discovered that TeamTNT installed Weave Scope open-source tool to gain full control of the victim’s cloud infrastructure.

According to them, this may be the first time a legitimate third-party tool is abused to play the part of a backdoor in a cloud environment, also indicating the evolution of this particular group.

Weave Scope integrates seamlessly with Docker, Kubernetes, and the Distributed Cloud Operating System (DC/OS), and AWS Elastic Compute Cloud (ECS). It provides a complete map of processes, containers, and hosts on the server and control over installed applications.

“The attackers install this tool in order to map the cloud environment of their victim and execute system commands without deploying malicious code on the server,” Intezer notes in a report today.

Download a Security Risk Assessment Steps paper!

Security Risk assessment Quiz – Find Out How Your security risk assessment Stands Up!

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Subscribe to DISC InfoSec blog by Email

👉 Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet

Jun 17 2019

U.S. Govt Achieves BlueKeep Remote Code Execution, Issues Alert

Category: Malware,Security IncidentDISC @ 8:57 am

The Cybersecurity and Infrastructure Security Agency (CISA) published an alert for Windows users to patch the critical severity Remote Desktop Services (RDS) RCE security flaw dubbed BlueKeep.

Source: U.S. Govt Achieves BlueKeep Remote Code Execution, Issues Alert

How to check if a target is vulnerable to the new RDP vulnerability (BlueKeep).

Enter your email address:

Delivered by FeedBurner

Tags: BlueKeep, RDP vulnerability, Remote Code Execution

Aug 11 2012

ISO 27001 Information Security Incident Management

Category: ISO 27k,Security IncidentDISC @ 10:37 pm

English: ISMS activities and their relationshi...

English: ISMS activities and their relationship with Risk Management (Photo credit: Wikipedia)

Section 13 of Annex A handle information security incident management. One of the important thing to know about this section is the difference between an event and an incident.

Information Securty Event: is an occurance of a system, service or netwrok state indicating a possible breach of information security policy or failure of safeguards.

Informtaion Security Incident: is indicated by a single or series of unwanted information security events that have a significant probability of compromising business operations.

IT Governance: An International Guide to Data Security and ISO27001/ISO27002

This video covers Section A.13 of ISO 27001. This refers to the reporting of information security events and weaknesses and the management of information security.

Tags: Information Security, Information Security Management System, ISO 27001 Lead Implementer, ISO/IEC 27001, Policy

Feb 13 2012

What Is a Security Incident and How to handle one

Category: Security IncidentDISC @ 2:13 pm

A security incident is a computer, network, or paper based activity which results (or may result) in misuse, damage, denial of service, compromise of integrity, or loss of confidentiality of a network, computer, application, or data; and threats, misrepresentations of identity, or harassment of or by individuals using these resources.

Examples of incidents may include but not limited to the followings:
• Root-level attacks on networking infrastructure, critical systems, or large, multi-purpose or dedicated servers
• Compromise of privileged accounts on computer systems
• Denial-of-service attacks on networking infrastructure and critical systems
• Attacks launched on others from within umn.edu
• Compromise of individual user accounts or desktop (single-user) systems
• Scans of University systems originating from the Internet
• Spam and mail forgery that originates from, or is relayed through umn.edu
• Viruses, Worms and Trojan Horses

Computer Security Incident Handling Guide