Latest publications of type Security Guidance

Generative AI in Cybersecurity: Balancing Innovation and Risk

Thu, 03 Jul 2025 22:20:00 CEST

The integration of generative AI into cybersecurity operations represents both unprecedented opportunity and emerging risk. While these technologies offer powerful capabilities for threat analysis, incident response, and security automation, they simultaneously introduce new attack vectors that adversaries are rapidly exploiting. The cybersecurity community faces a critical challenge: how to harness AI's defensive potential whilst maintaining robust protection against AI-enabled threats. Organisations across sectors are grappling with questions of responsible adoption, governance frameworks, and risk management strategies. In this guidance, CERT-EU examines the dual nature of generative AI in cybersecurity, providing practical recommendations for security teams seeking to balance innovation with vigilance. Drawing from operational experience and threat landscape analysis, this resource offers actionable insights for navigating the complex decision-making process surrounding AI adoption in security contexts.

DDoS Overview and Response Guide

Mon, 03 Jun 2024 17:30:00 CEST

The evolution of DDoS attack techniques and targets has been continuously followed in the past by the specialists ranging from large companies to security expert blogs. However, recently it has caught general attention due to several incidents that might mean a change of paradigm in the way such attacks have been addressed so far. Strategies to mitigate DDoS need to be adopted, and should focus initially on prevention, but eventually on designing multi-layered defense strategies. In this white-paper, CERT-EU has focused on procedures for securing IT infrastructure from threats against availability. The white-paper is based on proven DDoS identification and mitigation methods that can effectively and efficiently respond to DDoS attacks.

Security Guidance 23-002 - Potential impact and risks of Generative AI in EUIBAs

Thu, 11 May 2023 09:25:00 CEST

Recently, there has been a substantial leap forward in the development of Generative AI technology. Additionally, further rapid advancements are expected as researchers continue to push the boundaries of AI capabilities. At CERT-EU, we assess that the development of Generative AI technology will continue and become quite common, and as such, it is crucial to embrace this transformative innovation. The technology presents numerous opportunities, however, it also comes with risks. This guidance aims at defining the position of CERT-EU towards Generative AI technology and provide an initial overview of this complex topic.
The most recent version adds a bit of information on indirect prompt-injection attacks and additional options for EUIBAs to use the technology.

Security Guidance 22-001 - Cybersecurity mitigation measures against critical threats

Wed, 09 Mar 2022 12:01:00 CET

On February 14, ENISA and CERT-EU made a joint publication strongly encouraging all EU- based organisations to implement a set of cybersecurity best practices.

Building on this joint publication, CERT-EU is making available the following specific imple- mentation recommendations. By applying these systematically, organisations can boost their cybersecurity defence and resilience. This would allow them to:

1. Improve their cybersecurity posture to fend off a wide range of attacks and limit the number of cybersecurity incidents.

2. Detect and react to cyber operations that may be carried off by sophisticated threat actors.

Security Guidance 22-002 - Hardening Signal

Thu, 03 Mar 2022 14:15:00 CET

Signal is a well-known, secure, encrypted instant messaging service developed by the non-profit Signal Technology Foundation and Signal Messenger LLC. It uses standard cellular telephone numbers as identifiers and all communications between Signal users are secured with end-to end encryption.

Staff of public and private organisations, including senior management, may be using Signal sometimes to quickly coordinate and exchange information on work-related matters. Signal groups may also have been set up for business continuity reasons in case corporate instant messaging tools become unavailable.

The following document provides clear and pragmatic recommendations for hardening the configuration of Signal apps. If you have suggestions that could help improve it, contact us at services@cert.europa.eu. We always appreciate constructive feedback.

Security White Paper 2019-001 - PowerShell -- Cybersecurity Perspective

Fri, 19 Jul 2019 15:31:00 CEST

In the last years we have seen an increasing use of PowerShell for malicious purposes. This was mainly caused by its powerfulness and lack of means to counter this kind of usage. On the other hand PowerShell also evolved, providing currently also more means for defenders. The aim of this document is to present PowerShell from a cybersecurity perspective. Described are also controls that can be implemented in the prevention and detection of cyberattacks using PowerShell.

Security White Paper 2017-004 - Mitigating Risks Related to Network Devices

Fri, 06 Oct 2017 14:12:00 CEST

Network devices, such as routers, switches, or firewalls, are essential components of every IT infrastructure. All traffic has to go through several such network devices. Compromising network devices allows an adversary to steal sensitive data, corrupt communications, or disrupt activity of the targeted organization. The range of attacks against network devices has been growing for the past years, from exploitation of undocumented access to development of complex implants modifying the behavior of devices. The purpose of this white-paper is to provide recommendations on how to assess, prevent, and detect network devices
compromise.

Security White Paper 2017-002_Detecting Lateral Movements in Windows Infrastructure

Tue, 18 Apr 2017 16:27:00 CEST

Lateral movement techniques are widely used in sophisticated cyber-attacks in particular in Advanced Persistent Threats (APTs). An adversary uses these techniques to access other hosts from a compromised system and get access to sensitive resources, such as mailboxes, shared folders, or credentials. This white-paper provides guidelines to detect
the lateral movements exploiting NTLM and Kerberos protocols in a Windows 7 and 2008 based environments.

UPDATED - Security White Paper 2017-001_v1_2 - DMARC — Defeating E-Mail Abuse

Wed, 11 Jan 2017 10:13:00 CET

DMARC is a mechanism to define a coherent e-mail policy that can effectively be used by both the sender and the receiver of the e-mail messages. The senders can list the authentication mechanisms they have put in place, and the receivers are informed what the sender suggests them to do, if the authentication fails on any message that
claims to originate from them.

Security White Paper 2016-003 - Authentication Methods

Wed, 11 Jan 2017 09:56:00 CET

Lately, protecting data has become increasingly difficult task. Cyber-attacks have become one of the most serious threats to any organization. Companies and organizations are taking measures in order to defend their assets, and the authentication methods are an increasingly important security measure.
Authentication is the security term for verifying that the user is indeed who he claims to be. The procedure of confirming a user’s authenticity, is the action of comparing the provided credentials of the user against an existing database of validated identities.
However, since depending only on the use of simple credentials – or a single method of authentication in general – have lately proven to be highly unreliable, the use of multiple factors for the authentication process is highly recommended.