Categories: Security

Reading the ENISA Threat Landscape report for Internet Infrastructure

ENISA published a study on the on the threat landscape and provides a list of good practices that aim at securing an Internet infrastructure assets.

ENISA has published the annual analysis on the threat landscape, the document titled Threat Landscape and Good Practice Guide for Internet Infrastructure  analyzes in details the current cyber threats and provide useful information on their trends.

The study is part of the ENISA Threat Landscape 2014, an activity conducted by the Agency to improve threat analysis and the evaluation of emerging trends in cyber security in compliance with Cyber Security Strategy for the EU.

Sharing information on cyber threats among the IT community is essential to improve the security posture of individuals and organization by adopting the necessary countermeasures.

The report is primarily targeted at Internet infrastructure owners, Internet organizations, security experts, developers of security guides, and policy makers, but I strongly recommend the reading to everyone due to data it includes.

” this study details the assets of Internet infrastructure (structured into eight types: hardware, software, information, human resources, protocols, services, interconnections, and infrastructure) and list the threats applicable to these Internet infrastructure assets. These results are structured into mind maps. The study then classifies Important Specific Threats of the Internet infrastructure – namely Routing threats, DNS threats, Denial of Service, and Generic threats – and links each threat with a list of assets exposed” states the executive summary of the study.

The study provides all the information that allows asset owners to evaluate the surface of exposure of their infrastructure and related risks, the report also includes the analysis of the current trends for main threats and list of good practices to improve the security of architecture exposed on the Internet.

The asset types specifically addressed in the report are hardware, software, information, and human resources, meanwhile the threats have been regrouped in the following categories depending on their source.

  • Physical attacks.
  • Disasters, including natural disasters and environmental disasters directly caused by human.
  • Failure or malfunction.
  • Outages.
  • Unintentional damage.
  • Damage.
  • Nefarious activities and abuse.
  • Eavesdropping/Interception/Hijacking.
  • Legal.

 

The authors of the study analysed data published by principal security institutions in order to identify the most important specific threats.

The experts elaborate a final listing by clustering the above threats in groups according to the exposed assets. Each threat group regroups the threats menacing a particular technical domain and/or technology, with no discrimination in regard with their threat type.

“The main threat groups are routing threats, DNS threats, DDoS threats, and generic threats which are not specific to the Internet infrastructure as denoted above.”

Analyzing the summary trends for threat type for each threat group it is possible to note that all the trends are increasing except the DNS threats, this means that experts observed a greater number of attacks this year compared to the previous year.

“DNS Threat is decreasing. Yet, the number of cyber attacks targeting DNS remains important in relation to the total number of attacks. This decreasing trend shall only denote a diminution of DNS as an attack vector by threat agents.”

The Threat Landscape and Good Practice Guide for Internet Infrastructure report provides Five technical recommendations and four organisational recommendations as reported below

Technical recommendations

  • Recommendation 1: For Internet Infrastructure owners and electronic communications network regulatory agencies, evaluate your current level of security by understanding the
    assets covered (and not covered) by existing security measures.
    Recommendation 2: For Internet infrastructure owners, evaluate the application of adapted good practices in a focused manner.Recommendation 3: For Internet infrastructure owners, cooperate with the community to
  • Recommendation 3: For Internet infrastructure owners, cooperate with the community to
  • exchange on threats and promote the application of good practices as mitigation measures.
    Recommendation 4: For users deploying good practices guides, report on their implementations, assets covered and gaps found.
  • Recommendation 5: Words matter: Ensure the right use of terms and definitions.

Organisational recommendations:

  • Recommendation 6: For Internet infrastructure owners, use proper risk assessment methods to understand vulnerable assets in your Internet infrastructure and prioritise your protection actions.
  • Recommendation 7: Build an information and communication technology security awareness and training program.
  • Recommendation 8: Internet infrastructure owners shall commit third-party vendors to apply security measures.
  • Recommendation 9: Internet infrastructure owners should stay current on any updates.

Threats analysed in the current study indicate they are globally on the rise. It is important to apply good practices and promote the exchange of information, in order to mitigate threats and secure Internet infrastructure. ENISA’s Guide gives an up to date overview of emerging threats and lays the foundations for the community towards a more secure Internet infrastructure through proper risk assessment, training and evaluation”. said Udo Helmbrecht , ENISA’s Executive Director, explaining the importance of the project: 

The Threat Landscape and Good Practice Guide for Internet Infrastructure published  by the ENISA also includes a gap analysis that highlights existing shortcomings of current good practices.

“From the analysis, the gaps are linked to the application of skill sets in all important specific threats analysed, as well as to system configuration and essential addressing protocols for (Distributed) Denial of Service.”

Enjoy The Reading …

Pierluigi Paganini

(Security Affairs –  ENISA, Threat Landscape)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Experts warn of an ongoing malware campaign targeting WP-Automatic plugin

A critical vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and…

9 hours ago

Cryptocurrencies and cybercrime: A critical intermingling

As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement…

11 hours ago

Kaiser Permanente data breach may have impacted 13.4 million patients

Healthcare service provider Kaiser Permanente disclosed a security breach that may impact 13.4 million individuals…

11 hours ago

Over 1,400 CrushFTP internet-facing servers vulnerable to CVE-2024-4040 bug

Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over…

14 hours ago

Sweden’s liquor supply severely impacted by ransomware attack on logistics company

A ransomware attack on a Swedish logistics company Skanlog severely impacted the country's liquor supply. …

16 hours ago

CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog

CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…

1 day ago

This website uses cookies.