CERT-RO, Romania’s National Computer Security Incident Response Team, has published a cyber-security alerts report for 2013. The study details malware infections, compromised websites, phishing, spam and even advanced persistent threats (APTs).
The organization says it has collected a total of 43,231,149 alerts from automated systems, involving a total of 2,213,426 unique IP addresses. The number of manually collected alerts is 450.
The figures show that a total of 10,239 .ro domains were compromised in 2013. This number represents around 1.4% of the total number of domains. There are around 710,000 domains registered in Romania.
CERT-RO’s report reveals that 60% of the compromised domains were infected with some sort of malware. 27% of the affected sites were defaced and 13% were used to host phishing sites.
Over 33.6 million of the alerts recorded by the agency were related to botnets (botnet drone), over 6.7 million to vulnerabilities (open resolvers), close to 2 million to abusive content (spam) and half a million to information harvesting.
There are around 13.5 million IP addresses allocated to Romania. More than 16% of them were involved in at least one cyber security alert in 2013.
It turns out that Conficker (Downup) infections are still highly common in Romania. Over 12.5% of the IPs allocated to Romania are said to have been infected with the worm. In fact, 40% of the alerts collected last year refer to Conficker worm infections.
In addition to Conficker, which accounts for 53% of infections, the list of common malware infections also includes Sality (11%), Citadel (8%), Pushdo (7%) and ZeroAccess (3%).
As expected, most of the computers involved in cyber security incidents are running Windows, followed by Solaris and Linux.
When it comes to APTs, Romanian organizations were targeted in two major operations last year: MiniDuke, with 6 infected victims, and Red October, with 55 unique IPs targeted.
“It is worth noting that Romanian entities are becoming more frequent targets for APT threats, respectively cyber-attacks with a high degree of complexity, launched by groups that have the capacity and motivation to persistently attack a target in order to obtain certain benefits (usually sensitive information),” CERT-RO noted in its report.
Experts believe a growth in the number and severity of APT attacks should be expected in 2014.
An important conclusion of the report is that computer systems in Romania are used by foreign attackers as a proxy, and the country shouldn’t be viewed as a “generator of cyber security incidents.”
The full cyber security alerts report from CERT-RO is available on the organization’s website.