SlideShare a Scribd company logo

CERT-RO Romanian Approach in Cyber Security

S.E. CTS CERT-GOV-MD
S.E. CTS CERT-GOV-MD

CERT-RO Romanian Approach in Cyber Security Catalin PATRASCU

TechnologyNews & Politics
1 of 14
Download to read offline
CERT-RO Romanian Approach in Cyber Security Catalin PATRASCU catalin.patrascu@cert-ro.eu http://www.cert-ro.eu
About CERT–RO  COM (2010) 2020: Europe 2020 Strategy & COM (2010) 245: A Digital Agenda for Europe – Action area #3, Trust and Security: Member States should establish by 2012 a well-functioning network of CERTs at national level covering all of Europe  H.G. 494 / 2011 – Prevent, analyze, identify and react to cyber security incidents related to public IT&C infrastructure (not military, public safety, national security) – National contact point for similar structures – Elaborate and distribute public cyber security policies – Analyze technical and procedural problems within cyber infrastructures.
CERT-RO Partenrs
CERT-RO Services Proactive Reactive Support • Alerts on new threats and vulnerabilities that may affect national cyberspace. • Notices regarding the possibility of major cyber security incidents occurrence. • Study guides and documentation on recent developments in the field of IT & C. security. • Security assessment for partners (audits, network and application pentests etc.). • Alerts and warnings on the occurrence of major attacks preceding activities. • Alerts and warnings related to cyber security incidents occurrence. • Management of a database with national cyber security incidents. • Security incidents investigation and results dissemination. • Awareness activities for the government and partners. • Risk assessments • Support the partners in development of their own CERT teams. • Consulting services for securing critical infrastructures. • Development of the national policy and security strategy with partners.
Ticketing System CERT-RO uses Request Tracker for Incident Response (RTIR), a customised user interface which sits on top of Request Tracker (RT), a popular ticketing system. Everyday use of RTIR is through a web interface and does not require any additional software to be installed on the user’s machine. RT and RTIR are open-source projects supported by Best Practical Solutions LLC and can be obtained from the company website: http://bestpractical.com/rt/ - current stable release is RT 4.0.17 http://bestpractical.com/rtir/ - current stable release is RTIR 3.0.0
RTIR Interface - homepage
Incident Handling Workflow RTIR’s incident handling system relies primarily on e-mail. E-mail messages reporting incidents, called Incident Reports, are sent to an email address configured by CERT/CSIRT (alerts@cert-ro.eu). Messages that constitute on-going correspondence in the handling of a ticket include a number in the form [CERT-RO #34159] and are automatically appended to the corresponding RTIR ticket. All new messages that do not include a number in the form [CERT-RO #34159] are stored as new Incident Reports and appear in the New unlinked Incident Reports section of the RTIR homepage.
Incident Handling Workflow
Dealing with Structured Data Feeds CERT-RO receives daily reports (files with structured data) that together contain 50,000 to 100,000 records related to cyber security events. For that amount of data is needed an automated processing system. Currently we use an in house developed solution to automatically: • collect all data feeds; • store them in a relational database (MySQL); • perform data enrichment; • distribute alerts to the affected parties Right now we are working on adopting STIX (Structured Threat Information eXpression) - http://stix.mitre.org/, supported by MITRE, which is a collaborative community-driven effort to define and develop a standardized language to represent structured cyber threat information.
Report on cyber security alerts received by CERT-RO in the first 6 months of 2013
Report on cyber security alerts received by CERT-RO in the first 6 months of 2013 Number of alerts Number of unique IP’s
Advanced Persistent Threaths – APT’s In the first two months of 2013 where discovered two cyber espionage campaigns that targeted public institutions from Romania.  Red October (ROCRA) • Infection vector: email message with malicious document attached • Exploited vulnerabilities: CVE-2009-3129 (Excel), CVE-2010-3333 (Word), CVE-2012-0158 (Word)  MiniDUKE • Infection vector : email message with malicious document attached • Exploited vulnerabilities : exploit 0-day CVE-2013-0640/641 (Adobe Reader)
Conclusions Based on the analysis of data held by CERT-RO, it appears that computer science threats to the national cyberspace have diversified and evolutionary trends was observed, both in terms of quantity and in terms of technical complexity.
THANK YOU!

Recommended

Cyber intelligence for corporate security
Cyber intelligence for corporate securityCyber intelligence for corporate security
Cyber intelligence for corporate security
G3 intelligence Ltd
 
Cyber Intelligence Vision Information Sheet 20Nov2013
Cyber Intelligence Vision Information Sheet 20Nov2013Cyber Intelligence Vision Information Sheet 20Nov2013
Cyber Intelligence Vision Information Sheet 20Nov2013
Dave Eilken
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Emulex Corporation
 
CSIRT_16_Jun
CSIRT_16_JunCSIRT_16_Jun
CSIRT_16_Jun
Candan BOLUKBAS
 
Web intelligence and big data
Web intelligence and big dataWeb intelligence and big data
Web intelligence and big data
Keyur Shah
 
Web Intelligence - Tutorial1
Web Intelligence - Tutorial1Web Intelligence - Tutorial1
Web Intelligence - Tutorial1
Obily W
 
System of security controls
System of security controlsSystem of security controls
System of security controls
S.E. CTS CERT-GOV-MD
 
Symantec (2)
Symantec (2)Symantec (2)
Symantec (2)
S.E. CTS CERT-GOV-MD
 

Recommended

Cyber intelligence for corporate security
Cyber intelligence for corporate securityCyber intelligence for corporate security
Cyber intelligence for corporate security
G3 intelligence Ltd
 
Cyber Intelligence Vision Information Sheet 20Nov2013
Cyber Intelligence Vision Information Sheet 20Nov2013Cyber Intelligence Vision Information Sheet 20Nov2013
Cyber Intelligence Vision Information Sheet 20Nov2013
Dave Eilken
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Emulex Corporation
 
CSIRT_16_Jun
CSIRT_16_JunCSIRT_16_Jun
CSIRT_16_Jun
Candan BOLUKBAS
 
Web intelligence and big data
Web intelligence and big dataWeb intelligence and big data
Web intelligence and big data
Keyur Shah
 
Web Intelligence - Tutorial1
Web Intelligence - Tutorial1Web Intelligence - Tutorial1
Web Intelligence - Tutorial1
Obily W
 
System of security controls
System of security controlsSystem of security controls
System of security controls
S.E. CTS CERT-GOV-MD
 
Symantec (2)
Symantec (2)Symantec (2)
Symantec (2)
S.E. CTS CERT-GOV-MD
 
Symantec (3)
Symantec (3)Symantec (3)
Symantec (3)
S.E. CTS CERT-GOV-MD
 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeter
S.E. CTS CERT-GOV-MD
 
Criminalitatea cibernetică – provocare pentru aplicarea legii
Criminalitatea cibernetică – provocare pentru aplicarea legiiCriminalitatea cibernetică – provocare pentru aplicarea legii
Criminalitatea cibernetică – provocare pentru aplicarea legii
S.E. CTS CERT-GOV-MD
 
SIS PREZENTARE CTS
SIS PREZENTARE CTSSIS PREZENTARE CTS
SIS PREZENTARE CTS
S.E. CTS CERT-GOV-MD
 
Cyber security from military point of view
Cyber security from military point of viewCyber security from military point of view
Cyber security from military point of view
S.E. CTS CERT-GOV-MD
 
Prezentare compartiment securitatea (2)
Prezentare compartiment securitatea (2)Prezentare compartiment securitatea (2)
Prezentare compartiment securitatea (2)
S.E. CTS CERT-GOV-MD
 
CLOUD COMPUTING Security Risks or Opportunities
CLOUD COMPUTING Security Risks or OpportunitiesCLOUD COMPUTING Security Risks or Opportunities
CLOUD COMPUTING Security Risks or Opportunities
S.E. CTS CERT-GOV-MD
 
Operarea md cert în reţea naţională de
Operarea md cert în reţea naţională deOperarea md cert în reţea naţională de
Operarea md cert în reţea naţională de
S.E. CTS CERT-GOV-MD
 
Moldova cyber security 02.10.2013 rr
Moldova cyber security 02.10.2013 rrMoldova cyber security 02.10.2013 rr
Moldova cyber security 02.10.2013 rr
S.E. CTS CERT-GOV-MD
 
GESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEI
GESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEIGESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEI
GESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEI
S.E. CTS CERT-GOV-MD
 
Киберпреступность отступает?
Киберпреступность отступает?Киберпреступность отступает?
Киберпреступность отступает?
S.E. CTS CERT-GOV-MD
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
Cisco Secure X
Cisco Secure XCisco Secure X
Cisco Secure X
S.E. CTS CERT-GOV-MD
 
CERT-GOV-MD: Cyber Security in Moldova: Challenges and Responses
CERT-GOV-MD: Cyber Security in Moldova: Challenges and ResponsesCERT-GOV-MD: Cyber Security in Moldova: Challenges and Responses
CERT-GOV-MD: Cyber Security in Moldova: Challenges and Responses
S.E. CTS CERT-GOV-MD
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
Aare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activitesAare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activites
S.E. CTS CERT-GOV-MD
 
Symantec
SymantecSymantec
Symantec
S.E. CTS CERT-GOV-MD
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
FIDO Alliance
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
UXDXConf
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
IES VE
 
Buy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptxBuy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptx
EasyPrinterHelp
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 

More Related Content

More from S.E. CTS CERT-GOV-MD

More from S.E. CTS CERT-GOV-MD (17)

Symantec (3)
Symantec (3)Symantec (3)
Symantec (3)
 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeter
 
Criminalitatea cibernetică – provocare pentru aplicarea legii
Criminalitatea cibernetică – provocare pentru aplicarea legiiCriminalitatea cibernetică – provocare pentru aplicarea legii
Criminalitatea cibernetică – provocare pentru aplicarea legii
 
SIS PREZENTARE CTS
SIS PREZENTARE CTSSIS PREZENTARE CTS
SIS PREZENTARE CTS
 
Cyber security from military point of view
Cyber security from military point of viewCyber security from military point of view
Cyber security from military point of view
 
Prezentare compartiment securitatea (2)
Prezentare compartiment securitatea (2)Prezentare compartiment securitatea (2)
Prezentare compartiment securitatea (2)
 
CLOUD COMPUTING Security Risks or Opportunities
CLOUD COMPUTING Security Risks or OpportunitiesCLOUD COMPUTING Security Risks or Opportunities
CLOUD COMPUTING Security Risks or Opportunities
 
Operarea md cert în reţea naţională de
Operarea md cert în reţea naţională deOperarea md cert în reţea naţională de
Operarea md cert în reţea naţională de
 
Moldova cyber security 02.10.2013 rr
Moldova cyber security 02.10.2013 rrMoldova cyber security 02.10.2013 rr
Moldova cyber security 02.10.2013 rr
 
GESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEI
GESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEIGESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEI
GESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEI
 
Киберпреступность отступает?
Киберпреступность отступает?Киберпреступность отступает?
Киберпреступность отступает?
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
Cisco Secure X
Cisco Secure XCisco Secure X
Cisco Secure X
 
CERT-GOV-MD: Cyber Security in Moldova: Challenges and Responses
CERT-GOV-MD: Cyber Security in Moldova: Challenges and ResponsesCERT-GOV-MD: Cyber Security in Moldova: Challenges and Responses
CERT-GOV-MD: Cyber Security in Moldova: Challenges and Responses
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
Aare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activitesAare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activites
 
Symantec
SymantecSymantec
Symantec
 

Recently uploaded

A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
UXDXConf
 
Buy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptxBuy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptx
EasyPrinterHelp
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
UXDXConf
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
ScyllaDB
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
UXDXConf
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
 

Recently uploaded (20)

Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
Buy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptxBuy Epson EcoTank L3210 Colour Printer Online.pptx
Buy Epson EcoTank L3210 Colour Printer Online.pptx
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
THE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreelTHE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreel
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 

CERT-RO Romanian Approach in Cyber Security

  • 1. CERT-RO Romanian Approach in Cyber Security Catalin PATRASCU catalin.patrascu@cert-ro.eu http://www.cert-ro.eu
  • 2. About CERT–RO  COM (2010) 2020: Europe 2020 Strategy & COM (2010) 245: A Digital Agenda for Europe – Action area #3, Trust and Security: Member States should establish by 2012 a well-functioning network of CERTs at national level covering all of Europe  H.G. 494 / 2011 – Prevent, analyze, identify and react to cyber security incidents related to public IT&C infrastructure (not military, public safety, national security) – National contact point for similar structures – Elaborate and distribute public cyber security policies – Analyze technical and procedural problems within cyber infrastructures.
  • 4. CERT-RO Services Proactive Reactive Support • Alerts on new threats and vulnerabilities that may affect national cyberspace. • Notices regarding the possibility of major cyber security incidents occurrence. • Study guides and documentation on recent developments in the field of IT & C. security. • Security assessment for partners (audits, network and application pentests etc.). • Alerts and warnings on the occurrence of major attacks preceding activities. • Alerts and warnings related to cyber security incidents occurrence. • Management of a database with national cyber security incidents. • Security incidents investigation and results dissemination. • Awareness activities for the government and partners. • Risk assessments • Support the partners in development of their own CERT teams. • Consulting services for securing critical infrastructures. • Development of the national policy and security strategy with partners.
  • 5. Ticketing System CERT-RO uses Request Tracker for Incident Response (RTIR), a customised user interface which sits on top of Request Tracker (RT), a popular ticketing system. Everyday use of RTIR is through a web interface and does not require any additional software to be installed on the user’s machine. RT and RTIR are open-source projects supported by Best Practical Solutions LLC and can be obtained from the company website: http://bestpractical.com/rt/ - current stable release is RT 4.0.17 http://bestpractical.com/rtir/ - current stable release is RTIR 3.0.0
  • 6. RTIR Interface - homepage
  • 7. Incident Handling Workflow RTIR’s incident handling system relies primarily on e-mail. E-mail messages reporting incidents, called Incident Reports, are sent to an email address configured by CERT/CSIRT (alerts@cert-ro.eu). Messages that constitute on-going correspondence in the handling of a ticket include a number in the form [CERT-RO #34159] and are automatically appended to the corresponding RTIR ticket. All new messages that do not include a number in the form [CERT-RO #34159] are stored as new Incident Reports and appear in the New unlinked Incident Reports section of the RTIR homepage.
  • 9. Dealing with Structured Data Feeds CERT-RO receives daily reports (files with structured data) that together contain 50,000 to 100,000 records related to cyber security events. For that amount of data is needed an automated processing system. Currently we use an in house developed solution to automatically: • collect all data feeds; • store them in a relational database (MySQL); • perform data enrichment; • distribute alerts to the affected parties Right now we are working on adopting STIX (Structured Threat Information eXpression) - http://stix.mitre.org/, supported by MITRE, which is a collaborative community-driven effort to define and develop a standardized language to represent structured cyber threat information.
  • 10. Report on cyber security alerts received by CERT-RO in the first 6 months of 2013
  • 11. Report on cyber security alerts received by CERT-RO in the first 6 months of 2013 Number of alerts Number of unique IP’s
  • 12. Advanced Persistent Threaths – APT’s In the first two months of 2013 where discovered two cyber espionage campaigns that targeted public institutions from Romania.  Red October (ROCRA) • Infection vector: email message with malicious document attached • Exploited vulnerabilities: CVE-2009-3129 (Excel), CVE-2010-3333 (Word), CVE-2012-0158 (Word)  MiniDUKE • Infection vector : email message with malicious document attached • Exploited vulnerabilities : exploit 0-day CVE-2013-0640/641 (Adobe Reader)
  • 13. Conclusions Based on the analysis of data held by CERT-RO, it appears that computer science threats to the national cyberspace have diversified and evolutionary trends was observed, both in terms of quantity and in terms of technical complexity.