The Threat Landscape is Like the Curate's Egg, Suggests ENISA

ENISA identified four areas where the threat landscape has worsened
ENISA identified four areas where the threat landscape has worsened

"Over 250 reports and sources have been analysed for this year’s report," it states. "From a threat landscape perspective, 2013 has brought good and bad developments." Like the curate's egg, it is good, but only in parts.

Improvements in the threat landscape over the last year include 'impressive' law enforcement successes, improved response by vendors in patching vulnerabilities, and the emergence of and improvement in cooperation between relevant organizations involved in assessing and defending cyber-threats.

Law enforcement successes of particular note include the arrest of the gang responsible for the Police Virus, the arrest of the Blackhole EK developer (Paunch), and the arrest of (allegedly) Dread Pirate Roberts and the takedown of the Silk Road underground market site.

But while law enforcement undoubtedly cooperates with the intelligence agencies, ENISA specifically excludes Snowden (not mentioned at all in the text) and his revelations on NSA and GCHQ hacking. "Apart from providing guidelines on how to protect systems against the technical threats enumerated, any additional response to industrial espionage and state sponsored surveillance is not in ENISA's mandate," says the report.

Four areas where the threat landscape has worsened include: the increased sophistication of the attacks and the tools used; increased and improved nation state involvement in cyber attacks; the evolution of traditional PC threats into the mobile world; and the emergence of two new digital battlefields, big data and the Internet of Things.

Within individual threats, drive-by-downloads remain the main threat, and that threat is still increasing. "Web based attacks remain as the number one threat. Malicious URLs are considered the main channel for malware installation. It has been observed that there is a shift from Botnets to URLs as means for malware distribution," says the report. In fact, none of the threats enumerated by ENISA are declining: and only the threat from botnets and spam is steady. The next three most serious threats – worms and trojans, code injection, and exploit kits – are all worsening.

"This threat analysis," explains Udo Helmbrecht, executive director of ENISA, "presents indispensable information for the cyber security community regarding the top threats in cyber-space, the trends, and how adversaries are setting up their attacks by using these threats." It's purpose is to help industry better understand threats, and better plan their future defenses.

ENISA's own conclusions are that firstly, end-users need to be better educated in the need for security and good security practices. "Analysis shows that knowledge about implementation of simple security measures is not available in the wide basis of end-users. Adoption of simple security measures by end-users would half the number of cyber incidents worldwide!"

Two other prime requirements in the fight against cybercrime are that "greater coordination of information collection, analysis, assessment and validation among involved organizations is necessary," and that detection and assessment cycles need to be reduced. 

Finally, while it doesn't quite suggest that getting hacked is inevitable, it does stress the need for companies to build resilience into their networks. "IT-infrastructures need to be resilient and robust to successful attacks without suffering severe impact regarding their availability, integrity and confidentiality."

What’s Hot on Infosecurity Magazine?