NIS 2 – Banks – Implementing cybersecurity measures in essential services: A critical need

Introduction

The growing dependence on digital infrastructure in various sectors has exponentially increased the risk of cyber threats. These threats can lead to catastrophic consequences if not properly managed, especially in essential services. Cyber-attacks can disrupt critical operations, compromise sensitive data and cause financial and reputational damage. The NIS 2 Directive seeks to address these risks by mandating robust cybersecurity measures in critical sectors.

Essential services such as energy, transport, banking and healthcare are the backbone of modern society. Disruption can have far-reaching consequences, affecting not only the immediate sector, but also the economy and public safety. As cyber threats become more sophisticated, it is crucial to implement comprehensive cyber security strategies to protect these services from potential attacks.

This paper aims to highlight the importance of implementing these measures by examining potential threats and their impact on essential services. By understanding the risks and the necessary cybersecurity measures, we can better protect critical infrastructure and ensure the continuity of essential services.

Overview of the NIS 2 Directive

The Networks and Information Systems (NIS) 2 Directive is a key piece of EU legislation designed to improve the cyber security of critical infrastructure. It extends the scope of the original NIS Directive, increasing the obligations for Member States and operators of essential services to enhance their cybersecurity capabilities.

Key objectives of the NIS 2 Directive

  • Strengthening cyber security: Improving the security of networks and information systems across the EU.
  • Increased cooperation: Improved cooperation between Member States and the European Union Cyber Security Agency (ENISA).
  • Harmonization of regulations: Ensure consistent cybersecurity requirements across Member States.
  • Improve incident reporting: Establish mandatory reporting of significant cyber incidents to relevant authorities.

Key provisions

  • Broad scope: Includes additional sectors such as health, digital infrastructure and space.
  • Risk management: requires operators to adopt risk management practices, including technical and organizational measures.
  • Incident Response: Mandates the development and implementation of incident response plans.
  • Supply chain security: emphasizes the need to address cyber security risks in the supply chain.

Key services and potential cyber threats

  • Energy
  • Transportation
  • Banks
  • Financial market infrastructures
  • Health sector
  • Drinking water supply and distribution
  • Digital infrastructure
  • Public administration
  • Spazio

Banks

Description:

Banking involves financial institutions offering services such as deposits, loans and foreign exchange. It is essential for economic stability and personal financial security.

Potential Cyber Threats:

  1. Banking System Outages:
    • Description: Cyber attacks can disable banking systems, preventing transactions and access to funds, causing widespread financial disruption.
    • Impact: It affects both individuals and businesses, causing significant economic losses and loss of confidence in financial systems.
    • Examples: DDoS attacks targeting banking infrastructure, such as attacks on several banks in Europe in 2012.
  2. Fraudulent transactions:
    • Description.
    • Impact: Leads to direct loss of money and can cause major reputational damage for financial institutions.
    • Examples: phishing attacks and malware that compromise customers’ bank accounts, such as the Carbanak incident, which stole more than $1 billion from banks around the world.
  3. Customer data security breaches:
    • Description: Security breaches affecting customer data can lead to identity theft and financial fraud, undermining trust in financial institutions.
    • Impact: It affects millions of customers, leading to financial losses and potential lawsuits against banks.
    • Examples: major security breaches such as the Equifax incident in 2017, which exposed the personal data of 147 million people.
  4. ATM network compromise:
    • Description: Attacks on ATM networks can lead to unauthorized cash withdrawals and service interruptions.
    • Impact: It causes financial losses for banks and customers and can create panic among ATM users.
    • Examples: attacks on ATM networks, such as the Jackpotting attack, where ATMs were manipulated to release money in an unauthorized way.

Mitigation Strategies:

  • Real-Time Monitoring and Response: deploy advanced monitoring systems for rapid threat detection and response.
  • Data Encryption: using advanced encryption to protect sensitive customer and transaction data.
  • Multi-Factor Authentication: Implement multi-factor authentication to ensure secure access to bank accounts.
  • Customer Education: Educate customers on recognizing and avoiding phishing attempts and other social engineering methods.
  • Collaboration and information sharing: Promote collaboration between banks and law enforcement agencies to share threat intelligence and best practices.
  • Incident Response Planning: Develop and regularly update incident response plans to ensure rapid and effective responses to cyber incidents.

By understanding these potential threats and implementing robust mitigation strategies, the banking sector can increase resilience against cyber-attacks and ensure the continued provision of essential services.

Consultancy and audit for the implementation of the NIS Directive
Web and Network Security Audit (Pentesting)
/by

NIS 2 – Transport – Implementing cyber security measures in essential services: A critical need

Introduction

The growing dependence on digital infrastructure in various sectors has exponentially increased the risk of cyber threats. These threats can lead to catastrophic consequences if not properly managed, especially in essential services. Cyber-attacks can disrupt critical operations, compromise sensitive data and cause financial and reputational damage. The NIS 2 Directive seeks to address these risks by mandating robust cybersecurity measures in critical sectors.

Essential services such as energy, transport, banking and healthcare are the backbone of modern society. Disruption can have far-reaching consequences, affecting not only the immediate sector, but also the economy and public safety. As cyber threats become more sophisticated, it is crucial to implement comprehensive cyber security strategies to protect these services from potential attacks.

This paper aims to highlight the importance of implementing these measures by examining potential threats and their impact on essential services. By understanding the risks and the necessary cybersecurity measures, we can better protect critical infrastructure and ensure the continuity of essential services.

Overview of the NIS 2 Directive

The Networks and Information Systems (NIS) 2 Directive is a key piece of EU legislation designed to improve the cyber security of critical infrastructure. It extends the scope of the original NIS Directive, increasing the obligations for Member States and operators of essential services to enhance their cybersecurity capabilities.

Key objectives of the NIS 2 Directive

  • Strengthening cyber security: Improving the security of networks and information systems across the EU.
  • Increased cooperation: Improved cooperation between Member States and the European Union Cyber Security Agency (ENISA).
  • Harmonization of regulations: Ensure consistent cybersecurity requirements across Member States.
  • Improve incident reporting: Establish mandatory reporting of significant cyber incidents to relevant authorities.

Key provisions

  • Broad scope: Includes additional sectors such as health, digital infrastructure and space.
  • Risk management: requires operators to adopt risk management practices, including technical and organizational measures.
  • Incident Response: Mandates the development and implementation of incident response plans.
  • Supply chain security: emphasizes the need to address cyber security risks in the supply chain.

Key services and potential cyber threats

  • Energy
  • Transportation
  • Banks
  • Financial market infrastructures
  • Health sector
  • Drinking water supply and distribution
  • Digital infrastructure
  • Public administration
  • Spazio

Transportation

Description:

The transportation sector involves moving people and goods by air, rail, road and sea. It includes systems such as air traffic control, rail signaling and maritime navigation.

Potential Cyber Threats:

  1. Air Traffic Control Disruption:
    • Description.
    • Impact: It affects passenger safety, causes economic losses for airlines and can lead to chaos at airports.
    • Examples: Distributed Denial of Service (DDoS) attacks on air traffic control systems, such as the FAA incident in the US in 2015.
  2. Failures of Rail Signaling Systems:
    • Description: Hacking signaling systems can cause train collisions and derailments, resulting in significant loss of life and property.
    • Impact: Major risk to passenger and staff safety, economic losses and disruption to rail transport.
    • Examples: attacks on railway signaling systems, such as the cyber attack on Polish railways in 2022.
  3. Compromising Maritime Navigation Systems:
    • Description: Compromised navigation systems can lead to ship collisions or groundings, disrupting global supply chains.
    • Impact: Affects international trade, can cause oil spills and other environmental incidents, and endangers the lives of crews.
    • Examples: cyber attacks on ships’ GPS systems, such as incidents reported in the Strait of Hormuz.
  4. Hacking Public Transportation Systems:
    • Description: Attacks on public transportation systems can disrupt services and pose risks to passenger safety.
    • Impact: It causes delays and cancellations, affects the daily mobility of thousands of people and can create panic among the public.
    • Examples: ransomware attacks on ticketing or subway train control systems, such as the San Francisco Muni incident in 2016.

Mitigation Strategies:

  • Monitoring and Response Systems: deployment of advanced monitoring systems for real-time threat detection and response.
  • Security Audits and Penetration Tests: Conduct regular security audits and penetration tests to identify and remediate vulnerabilities.
  • Incident Response Planning: Develop and regularly update incident response plans to ensure rapid and effective responses to cyber incidents.
  • Collaboration and Information Sharing: Promote collaboration between carriers and government agencies to share threat intelligence and best practices.
  • Critical Infrastructure Protection: Strengthening critical infrastructure protection measures such as access control and encryption of communications.

By understanding these potential threats and implementing robust mitigation strategies, the transportation sector can increase resilience against cyber-attacks and ensure the continued provision of essential services.

Consultancy and audit for the implementation of the NIS Directive
Web and Network Security Audit (Pentesting)
/by

NIS 2 – Energy – Implementing cyber security measures in essential services: A critical need

Introduction

The growing dependence on digital infrastructure in various sectors has exponentially increased the risk of cyber threats. These threats can lead to catastrophic consequences if not properly managed, especially in essential services. Cyber-attacks can disrupt critical operations, compromise sensitive data and cause financial and reputational damage. The NIS 2 Directive seeks to address these risks by mandating robust cybersecurity measures in critical sectors.

Essential services such as energy, transport, banking and healthcare are the backbone of modern society. Disruption can have far-reaching consequences, affecting not only the immediate sector, but also the economy and public safety. As cyber threats become more sophisticated, it is crucial to implement comprehensive cyber security strategies to protect these services from potential attacks.

This paper aims to highlight the importance of implementing these measures by examining potential threats and their impact on essential services. By understanding the risks and the necessary cybersecurity measures, we can better protect critical infrastructure and ensure the continuity of essential services.

Overview of the NIS 2 Directive

The Networks and Information Systems (NIS) 2 Directive is a key piece of EU legislation designed to improve the cyber security of critical infrastructure. It extends the scope of the original NIS Directive, increasing the obligations for Member States and operators of essential services to enhance their cybersecurity capabilities.

Key objectives of the NIS 2 Directive

  • Strengthening cyber security: Improving the security of networks and information systems across the EU.
  • Increased cooperation: Improved cooperation between Member States and the European Union Cyber Security Agency (ENISA).
  • Harmonization of regulations: Ensure consistent cybersecurity requirements across Member States.
  • Improve incident reporting: Establish mandatory reporting of significant cyber incidents to relevant authorities.

Key provisions

  • Broad scope: Includes additional sectors such as health, digital infrastructure and space.
  • Risk management: requires operators to adopt risk management practices, including technical and organizational measures.
  • Incident Response: Mandates the development and implementation of incident response plans.
  • Supply chain security: emphasizes the need to address cyber security risks in the supply chain.

Key services and potential cyber threats

  • Energy
  • Transportation
  • Banks
  • Financial market infrastructures
  • Health sector
  • Drinking water supply and distribution
  • Digital infrastructure
  • Public administration
  • Spazio

Energy

Description:

The energy sector covers the production, transmission and distribution of electricity, oil and natural gas. It is fundamental to the functioning of all other sectors.

Potential cyber threats:

  1. Grid Outage:
    • Description:Attacks on control systems, such as Supervisory Control and Data Acquisition (SCADA) systems, can cause widespread power outages.
    • Impact: It affects homes, businesses and critical services such as hospitals and emergency response, leading to economic and social chaos.
    • Examples: the 2015 attack on Ukraine’s electricity grid by the Sandworm group, which caused widespread blackouts.
  2. Oil and Gas pipeline disruptions:
    • Description:Cyber intrusions can shut down pipeline operations by targeting industrial control systems (ICS), resulting in significant supply shortages and economic losses.
    • Impact: Disrupts fuel supplies to industries, transportation and homes, causing economic instability and environmental risks.
    • Case in point: the ransomware attack on the Colonial Pipeline in 2021, which disrupted fuel supplies across the eastern United States.
  3. Security breaches at Nuclear Power Plants:
    • Description: Compromise of nuclear facilities can lead to unauthorized access to critical systems, potentially resulting in dangerous radiation releases.
    • Impact: Severe health and environmental risks, long-term contamination and loss of public confidence in nuclear safety.
    • Example: the Stuxnet worm, which targeted Iran’s nuclear facilities, highlighting vulnerabilities in nuclear security.
  4. Attacks on the Energy Supply Chain:
    • Description: Supply chain disruption can disrupt the delivery of essential resources such as fuel and equipment, paralyzing energy production and distribution.
    • Impact: Causes delays and shortages in energy supply, affecting all dependent sectors and potentially leading to cascading failures.
    • Examples: attacks on third-party suppliers and vendors, such as the SolarWinds hack, which demonstrated the potential for supply chain vulnerabilities to be exploited.

Mitigation Strategies:

  • Cybersecurity Incident Monitoring and Response : Implement advanced monitoring systems to detect and respond to threats in real time.
  • Security Audits and Penetration Tests: Conduct regular security audits and penetration tests to identify and address vulnerabilities.
  • Supply chain security: Enhance the security of supply chain operations through strict supplier verification and continuous monitoring.
  • Incident Response Planning: Develop and regularly update incident response plans to ensure rapid and effective responses to cyber incidents.
  • Collaboration and information sharing: Promote collaboration between industry stakeholders and government agencies to share threat intelligence and best practices.

By understanding these potential threats and implementing robust mitigation strategies, the energy sector can increase resilience against cyber-attacks and ensure the continued provision of essential services.

Consultancy and audit for the implementation of the NIS Directive
Web and Network Security Audit (Pentesting)
/by

The Criminal Relevance of Artifacts Identified in Cybercrime Investigations

,

🌟 “The Criminal Relevance of Artifacts Identified in Cybercrime Investigations”🌟



We are excited to announce our participation in the 3rd edition of the International Conference “Forensic Science and its Implications in the Development of Human Society” (FOSIDHUS), which took place on May 25, 2024, at Casa Universitarilor in Iași. This edition’s theme was “The Challenges of Forensic Science in the Digital Age.”

At this prestigious event organized by the Faculty of Law of “Alexandru Ioan Cuza” University of Iași, we had the honor of presenting our paper titled “The Criminal Relevance of Artifacts Identified in Cybercrime Investigations.” Together with my colleague Florin Zaborilă, we discussed the importance of digital artifacts in the context of criminal investigations and their impact on judicial procedures.


We would like to extend our special thanks to the conference organizers, especially Mrs. Ancuța Elena Frantz, for her dedication and efforts in organizing this successful event. We also thank the National Institute of Forensic Expertise, represented by Mr. Gabriel Dumitru Păduraru, forensic expert, for the organizational support.

We appreciate all the participants and colleagues for their presence, involvement in valuable discussions, and exchange of ideas! We are glad to be part of this academic and professional community dedicated to advancing forensic science.

Presentations made by specialists from the private sector at conferences like the International Conference “Forensic Science and its Implications in the Development of Human Society” are pivotal in advancing knowledge and practice in forensic science. Here are key reasons why these presentations are invaluable:

  1. Bringing real-world expertise: Specialists from the private sector regularly engage with cutting-edge technologies and face diverse practical challenges in their daily work. Their presentations provide valuable real-world insights and experiences to the academic and professional community, effectively bridging the gap between theory and practice.
  2. Sharing advanced techniques and tools: The private sector is often at the forefront of technological innovation. Presentations by these specialists can introduce new techniques, tools, and methodologies that have been developed and tested in real-world scenarios, providing attendees with current knowledge and practical applications.
  3. Enhancing collaboration: Conferences provide a platform for fostering collaboration between the private sector and academic or governmental institutions. Such collaboration can lead to the development of comprehensive and effective strategies for tackling cybercrime and other forensic challenges.
  4. Influencing policy and best practices: Insights from the private sector can inform the development of policies and best practices within forensic science. Their experiences can highlight gaps in current approaches and suggest improvements, thereby enhancing the overall effectiveness of forensic investigations.
  5. Professional development and networking: Presentations by private sector specialists offer attendees opportunities for professional development. Participants can learn about the latest trends and developments in the field and engage in networking that may lead to future collaborations, job opportunities, or partnerships.
  6. Stimulating innovation and research: By presenting new findings and case studies, private sector experts can inspire further research and innovation within the academic community. Their contributions can help identify new areas of study and spur the development of novel solutions to forensic challenges.
/by

Cybercrime Investigation Romania

,

🔒💻 I had the honor of accepting the invitation to participate as a lecturer at the cybersecurity session dedicated to prosecutors and officers specialized in #investigating #cybercrime.
..with Florin Ionut Zaborila

📖 During my presentation, titled “Theoretical and Practical Aspects of Cybersecurity, Methods of Compromising Information Systems, Useful Information for Judicial Authorities in Investigating Cybercrime,” I addressed essential topics to strengthen the technical investigative capabilities of law #enforcement #agencies.

🔍 This session is part of the annual #training program organized by the Prosecutor’s Office attached to the Iași Court of Appeal and the General Inspectorate of the Romanian Police – Directorate of Criminal Investigations.
🙏 I am deeply honored to share my expertise in cybercrime and contribute to the enhancement of the knowledge and skills of colleagues involved in cybercrime investigations.
🤝 Special thanks to the organizing institutions for the invitation and their ongoing commitment to training and developing specialists in #cybersecurity.

The importance of public-private collaboration in Cybercrime Investigation

Collaboration between the public and private sectors is essential in investigating cybercrime due to the complexity and speed with which threats in the online environment evolve. This collaboration offers numerous advantages that can make a significant difference in effectively combating cybercrime:

  1. Access to advanced technology: The private sector, especially technology companies, often possesses advanced resources and technological tools that can be essential in investigating and preventing cybercrime. Through partnerships with these companies, law enforcement authorities can access these resources, enhancing their investigative capabilities.
  2. Information and intelligence sharing: Collaboration enables the rapid and efficient exchange of information and intelligence between public and private entities. This is crucial for identifying and responding promptly to new threats and tactics used by criminals.
  3. Expertise and training: Private companies can offer valuable expertise and training opportunities for personnel in the public sector. Training programs and workshops supported by industry experts help develop the technical skills of officers and prosecutors, contributing to a better understanding and management of cyber incidents.
  4. Additional resources: Investigating cybercrime often requires considerable resources. Through collaboration with the private sector, law enforcement authorities can benefit from additional resources, including financial, logistical, and human resources, to support complex investigations.
  5. Innovation and Adaptability: The private sector is often more agile and capable of rapidly innovating in response to new threats. Public-private partnerships allow authorities to adopt innovative solutions and adapt more quickly to the constantly changing cyber landscape.
  6. Improvement of policies and legislation: Through ongoing dialog between the public and private sectors, more effective and better-adapted policies and laws can be developed to meet the real needs and current challenges in the field of cybersecurity.

Public-private collaboration not only strengthens the investigative capabilities of authorities but also creates a united front against cybercrime, ensuring better protection for citizens and critical infrastructures.

/by

Maritime Cybersecurity Course

, ,

🌐🛡️ Thrilled to share insights from my participation in the Maritime Cybersecurity Course hosted by the MARITIME CYBERSECURITY MARITIME CYBERSECURITY CENTRE OF EXCELLENCE (MARCYSCOE) at Constanta Maritime University! This transformative two-day program was organized under the prestigious aegis of the European Security and Defence College (ESDC), focusing deeply on the critical area of maritime cybersecurity.


In the digital era, where maritime operations heavily rely on interconnected technologies, the importance of robust cybersecurity strategies cannot be overstated. The course provided us with comprehensive knowledge on EU maritime cybersecurity #policies, cutting-edge technological #tools, and advanced #strategies for identifying and managing #cyber #threats.


A significant highlight was the #collaboration and interaction with fellow participants from Romania and various other countries. This diverse gathering not only enriched our learning experience but also underscored the importance of international cooperation in tackling global cybersecurity challenges. The mix of #public and #private sector participants fostered a dynamic exchange of ideas and best practices, paving the way for stronger cross-border and cross-sector partnerships.


Thanks to the expert-led classes, interactive workshops, and real-world case studies, we are better equipped to enhance our cyber #defense capabilities and safeguard our maritime infrastructures. A big shoutout to the Maritime Cybersecurity Centre of Excellence for orchestrating such an impactful program.
As we continue to advance our cybersecurity #frameworks and collaborate across borders, we are collectively strengthening our defenses against evolving cyber threats, ensuring a #safer maritime future for everyone.

/by

Trends in financial fraud

,

The presentations/discussions on #cybersecurity and #cybercrime always manage to arouse the participants’ curiosity and desire to learn more about cases, investigations, victims, money and criminals.


The Master’s Week, organized by the Law Students Association Iasi, gave us the opportunity to present a small part of the work of investigators of #informatic crimes, underlining the importance of combining legal and technical aspects.

The cyber fraud analysis “Investor Fever” is recommended to all internet and technology users to understand the evolution of financial fraud!

Disseminating this information is essential to educate and sensitize the general public, especially those preparing for a career in the legal profession. A thorough understanding of cyber security issues and how cyber investigations are conducted is crucial for future legal professionals. They must be prepared to tackle the complex and ever-changing challenges in the cybercrime landscape.

The importance of collaboration between legal and technical aspects cannot be emphasized enough. In an increasingly digitized world, lawyers, judges and other legal professionals need to be able to interpret and apply the law in the context of cybercrime. What’s more, this increased knowledge contributes to a successful career, as cybersecurity skills are becoming increasingly sought after.

On this occasion I had the pleasure to participate in the presentation prepared by the team of the General Anticorruption Directorate (DGA), Iasi County Anticorruption Service and I can say that I found out extremely important #information.

Thank you to Mr. Inspector Florin Ionut Zaborila, Coordinator of the Computer Crime Investigation Department of IPJ Iași, for his permanent #collaboration and involvement in disseminating information / warnings about the dangers of the online environment!

We thank the organizers and the University “Alexandru Ioan Cuza” of Iași for the invitation! This initiative has been an important step in educating and preparing future legal professionals, helping to shape an informed and competent generation in the face of modern cyber challenges.

/by

Bank phishing & 2FA bypass

Read more
/by

Investor Fever – Financial Investment Fraud

A particular feature of today’s financial fraud is the ability of criminals to adapt quickly to new technologies and trends. In an increasingly connected world, where more and more transactions take place online, criminals have developed the ability to quickly exploit any vulnerability. This includes using social networks to spread fake investment schemes, compromising the security of mobile apps for unauthorised access to bank accounts, and even exploiting emerging technologies such as cryptocurrency and blockchain to devise new types of scams.

Read more
/by