No good news from ENISA Threat Landscape Mid year 2013

ENISA Threat Landscape Mid year 2013 presents top cyber threats, anticipating its interim Threat Landscape 2013 report. The study reveals concerning trends.

ENISA published a new report titled ENISA Threat Landscape Mid year 2013 that provides an interesting update for the list of top cyber threats.

The scope of the ENISA Threat Landscape Mid year 2013 is to give an overview on the trends for cyber threats to give possibility to improve our assessment capabilities according actual scenario and to respond to the evolution of menaces.

It is critical for the security community to flag interesting changed and new developments, alerting the public as early as possible about incoming cyber threats.

 

The ENISA Threat Landscape Mid year 2013 analyses 50 reports, and identifies the trend for main threats to:

• infrastructure
• mobile devices
• social media
• cloud services

The document highlight that cybercrime increasingly using sophisticated techniques for the attacks, the hackers are improving methods to be non-traceable and to make more resistant their malicious structures to take down operated by law enforcement.

Cybercriminals are even more adopting peer-to-peer protocols for their botnets, last malware in order of time is Mavade that according security experts is responsible for the spike in Tor traffic.

Technologies such as mobile and social networking are increasingly threatened by cybercriminals that are “adapting” traditional threats, such as drive-by-exploit and malware, in these new contexts.

“The proliferation of mobile devices will lead to an amplification of abuse based on knowledge/attack vectors targeting to social media.” states the report.

The document highlights the organizational capacity of cybercrime ecosystem that increased its offer for hacking services and malware development, the black market has also increased the adoption of virtual currency schema to protect anonymity of its transactions.

Anonymous payment services are completing an offer able to respond to needs of cybercrime ecosystem that is opening up new avenues for cyber-fraud and criminal activity.

As reported in the above table the ENISA Threat Landscape Mid year 2013 identifies the following top threats with major impact since 2012.

Drive-by-exploits: browser-based attacks still remain the most reported threats, and Java remains the most exploited software for this kind of threat.

Worms/Trojans 

Sophisticated malware are used by cyber criminals and governments for various purposes such as offensive attacks, cyber espionage and for realization of sophisticated cyber scams. Cybercrime makes extensive use of malware especially for the realization of bank frauds, the situation regarding the use of mobile platforms and social networks is concerning, these platforms are exploited to spread on large-scale malicious agents.

Code Injection: attacks are notably popular against web site Content Management Systems (CMSs). Due to their wide use, popular CMSs constitute a considerable attack surface that has drawn the attention of cyber-criminals. Cloud service provider networks are increasingly used to host tools for automated attacks.

As reported in the ENISA Threat Landscape Mid year 2013 Botnets, Denial of Services, Rogueware/Scareware, Targeted Attack, Identity Theft and Search Engine Poisoning still represents serious menaces to the IT community, the unique cyber threat down is spam as expected.

Analyze these threats separately is reductive, another concerning trend reported by the study is a real possibility of large impact events when attackers combine various techniques of attack … and let me add that this most common scenario as described also in last “ENISA Threat Landscape 2012” report

Pierluigi Paganini

(Security Affairs –  cybercrime, ENISA Threat Landscape Mid year 2013)