Pierluigi Paganini December 12, 2013

ENISA releases the ENISA Threat Landscape 2013, it a collection of information on top cyber-threats that have been assessed in the reporting period.

The European Network and Information Security Agency (ENISA) published the ENISA Threat Landscape 2013 report, a document that was annually issued to analyze significant evolutions in the cyber-threat landscape.

The ENISA has chosen a singular approach this year to produce the report, rather than conduct its own research as usual, it has compiled the document analyzing existing reports published during the year.

More than 250 reports and sources have been considered to produce the ENISA Threat Landscape 2013 report

“Over 250 reports and sources have been analysed for this year’s report. From a threat landscape perspective, 2013 has brought good and bad developments.” states the document.

The principal concerning trends highlighted in the study are:

• Threat agents have increased the sophistication of their attacks and their tools.
• It has become clear that maturity in cyber activities is not a matter of a handful of nation states. Rather, multiple nation states have now developed capabilities that can be used to infiltrate all kinds of targets both governmental and private ones in order to achieve their objectives.
• Cyber-threats go mobile: attack patterns and tools that targeted PCs a few years ago, have been migrated to the mobile ecosystem.
• Two new digital battlefields have emerged: big data and the Internet of Things.

All the cyber threats mentioned in the document are increasing, just botnets and spam are abiding.

Fortunately also a positive trends emerged from the analysis, important improvements include law enforcement successes in the fight against cybercrime, the emergence of an improvement in cooperation between relevant organizations involved in the identification and mitigation of principal cyber-threats and the efficient response from vendors in patching vulnerabilities.

Curious that the ENISA Threat Landscape 2013 report doesn’t make reference to Snowden‘s case that has in my opinion marked the scenario last year.

“Issues related to industrial espionage and state sponsored surveillance became a major discussion topic during this reporting period. The ENISA Threat Report takes account of these issues to the extent that these activities are related to assessed cyber-threats. It should be noted however that, apart from providing guidelines on how to protect systems against the technical threats enumerated, any additional response to industrial espionage and state sponsored surveillance is not in ENISA’s mandate.” is the position expressed in the document.

The 2013 was characterized by the strong action of Law enforcement against cybercrime, the successes of authorities include the seizure of the Silk Road black market website and the arrest of (allegedly) Dread Pirate Roberts and the arrest of Paunch, the author of the popular Blackhole exploit kit.

Giving a look to the top cyber threats, drive-by-downloads remain the most insidious followed by Worms/Trojans and Code Injections.

The report confirms that web based attacks are predominant respect other cyber threats, cybercriminals use malicious URLs as the primary vector to serve malware meanwhile Java is the most exploited application.

” It has been observed that there is a shift from Botnets to URLs as means for malware distribution. Java remains the most exploited software, to infect a web site. In addition, attackers use code injection attacks to create malicious URLs.”

In 2013 the malware diffusion was very high, malicious codes were mainly derived from previous versions thanks to the use of toolkits for their customization. The underground market was very prolific during the last year, mobile platform suffered a concerning increment for number of malware families.

“Available attack tools (see also exploit kits) allow for the creation of malware variants based on available malware code. This activity can be performed even from users with moderate capabilities. This phenomenon is called polymorphism of existing code and is a key trend in malware development.”

“Malware increasingly targets mobile platforms, with mobile trojans coming at the first position. This is due to the increasing use of mobile devices, the increased sophistication of attacks (see below) but also due to the weaker/immature security mechanisms implemented on these platforms.”  states ENISA Threat Landscape 2013 report.

The ENISA Threat Landscape 2013 report concludes with a series of considerations to capitalize the knowledge acquired and proposing the activities and initiatives to conduce in the next year:

• Actively involve end-users in defence of cyber-threats;
• Increase cyber-threat intelligence by creating and disseminating appropriate knowledge and by coordinating activities of relevant organisations;
• Increase the speed of threat assessment to reduce exposure;
• Invest in research to enhance appropriateness of security policies and security controls.

Adverse events are inevitable but it is essential to know the main threats to mitigate the risks of exposure.