ENISA's report, Threat Landscape, Mid-year 2013, is not original research per se, but a wide-ranging interim review of existing reports from other sources. Its purpose, says Udo Helmbrecht, executive director, is to inform "security stakeholders as early as possible about developments in cyber threats, so that they are able to take countermeasures." A full report for 2013 will be published before the end of the year.
ENISA finds no change in the order of the top five threats compared to 2012. These are drive-by exploits, worms and trojans, code injection, exploit kits, and botnets. There are, however, differences in detail. For example, the emphasis for delivering drive-by attacks has shifted from the use of botnets to malicious URLs. "An advantage of URLs as a distribution mechanism," says the report, "lies in the fact that URLs are not such an easy target for law enforcement takedowns."
On code injection attacks, the report notes the continuing attacks against popular CMS systems, which provide "a considerable attack surface that has drawn the attention of cyber-criminals." It is worth noting, it adds, "that cloud service provider networks are used increasingly to host tools for automated attacks, thus implementing an important step in code injection attack vectors."
Developments in botnets include the use of botnet infrastructure to mine bitcoins, the increased use of P2P botnets, the evolution of browser-based botnets, and finally "a rise in TOR-based botnets."
In other areas, ENISA notes the DDoS return of "the DNS reflection technique to launch amplification attacks, an old technique that has made a come-back." Rogueware/scareware is also increasing. "One reason for the growth is the expansion of ransomware and fake Antivirus distribution to mobile platforms, such as Android," says the report.
On targeted attacks, ENISA notes that "cyber espionage attacks reached a dimension that went far beyond expectations." It warns that "mobile spyware applications might become strong tools for APTs targeting Bring Your Own Device environments." And on identity theft it notes that social media remains a significant medium "It is worth mentioning," it adds, "that an increase in malicious browser extensions has been registered, aimed at taking over social network accounts."
The message that ENISA draws from its survey is that criminals are increasingly using advanced techniques "to implement attack vectors that are non-traceable and difficult to take down;" that "mobile technology is, and will increasingly become, exploited by cyber-criminals;" that the consumerization of malware, exploit kits and services "will open up new avenues for cyber-fraud and criminal activity;" and that there is "a real possibility of large impact events when attacks combining the above threats are successfully launched."