The Computer Incident Response Centre Luxembourg (CIRCL) received nearly 12,000 tickets reporting phishing, data theft and scamming incidents last year.
CIRCL has published its online operational incident response statistics for 2018; these statistics cover activities related to the incident response activities of CIRCL especially in regards to reporting and notifications from/to third parties. In total, there were some 12,000 reports of such activities.
These statistics reveal that the handling of information leaks has been a recurrent task for CIRCL since 2012, mainly due to the operation of data-mining and leak monitoring software capable of fetching unstructured data, including information leaks. However, the human triage of these potential leaks is time consuming. SQL injections where frequently reported by people up until 2012, whilst a peak in system compromises in 2013 can be explained by the implementation of automated detection of compromised systems in information leaks.
In 2015, attacker groups such as Armada Collective and DD4BC were active in Luxembourg by blackmailing their victims. Malware and system compromises have been omnipresent during the last six years. In the time frame of 2011 to 2015, CIRCL was mainly confronted with industrial espionage software. Malware running on mobile phones has also been regularly reported since December 2016. Spam and scams, as well as phishing campaigns, have also been regularly reported and observed in the Grand Duchy. Phishing has often targeted international organisations, attacks which have similarly been observed in other countries since 2013.