The report presented by Dreamlab Technologies CEO Nicolas Mayencourt and Professor Marc K. Peter at the ICT Security Conference 2022 showcased the level of vulnerability of exposed services on the country’s internet and provided a clear picture of the current state of Austria’s general and critical infrastructure security posture. The report was conducted using the software solution CyObs, a high-precision cyber radar system from Dreamlab Technologies. CyObs measures the external attack surface and registers all infrastructures connected to the internet, providing a comprehensive overview of potential vulnerabilities, i.e. possible attack areas on the Austrian internet.
The CyObs report depicted the current state of the Austrian cyberspace, with the following key insights:
- 1'279'036 active IPv4 addresses allocated to Austria were identified, as well as 493'457 active .at domain names
- 1,180,417 potential vulnerabilities were detected
- 206'124 classified as critical
- 358'887 classified as severe
Potential vulnerabilities include operating systems that are no longer supported and have documented security risks, firewalls that have not been updated, unprotected databases, vulnerable websites (where, for example, users' passwords can be stolen), connected industrial devices (with vulnerabilities and in many cases without upstream firewalls), FTP servers and webcams.
A separate CyObs scan of the domains used by the public administration (gv.at) also revealed that the official internet infrastructures have several potential vulnerabilities. 873 .gv.at active domains were examined and are currently exposed to over 5,500 potential vulnerabilities.
Nicolas Mayencourt and Marc K. Peter concluded their keynote by highlighting the large potential for Austria to establish basic cyber hygiene controls in their national cyberspace. Public discussion on cybersecurity practices is the starting point for a proactive national cybersecurity strategy, as it builds the foundation of the digital society and places the issues of digital rights, privacy, and product security for its citizens at the focus of the political and economic investments that are inevitable with ongoing digital transformation.
About the ICT Security Conference 2022
The ICT Security Conference 2022 on Information and Communication Technologies (ICT) takes place from 14.09.2022 to 15.09.2022 at the Exhibition & Congress Center Reed Messe Wien. In recent years, the ICT Security Conference has established itself as the largest and most comprehensive cybersecurity conference in Austria. Through this event, the Federal Ministry of Defence is making a decisive contribution to increasing cyber security throughout the country.
Further information: https://seminar.bundesheer.at and https://www.onlinesicherheit.gv.at
CyObs is a high-precision cyber radar system that effectively minimises attack surfaces. CyObs includes seamless coverage of cyberspace including dependencies and interfaces, reliable real-time diagnostics with alerts and recommendations, systematic analysis of cyber-attacks and fully automated scans, complemented by precise measurements. CyObs provides decision support for security measures and the measurement of success in cyberspace.
Further information: https://cyobs.com/
About Dreamlab Technologies AG
Dreamlab Technologies is a Swiss IT security company with locations on four continents. The combination of the Swiss technical capabilities as well as their international expertise enables Dreamlab to develop, assess and control cybersecurity based on quantifiable and verifiable open-standard technologies. Dreamlab advises organisations and authorities and helps them integrate information security awareness into their management cycle. In addition to its software products CyObs, CySOC and many other solutions, Dreamlab also offers IT security audits and training at all its locations.
Further information: https://dreamlab.net/
Federal Ministry of Defence
Dreamlab Technologies AG
Nicolas Mayencourt, CEO
Prof. Dr. Marc K. Peter