ENISA report on top cyber threats
Posted on 20 September 2013.
ENISA presented its list of top cyber threats, as a first “taste” of its interim Threat Landscape 2013 report. The study analyses 50 reports, and identifies an increase in threats to: infrastructure through targeted attacks; mobile devices; and social media identity thefts carried out by cyber-criminals over cloud services.


Some key trends identified in the study are:
  • Cyber-criminals increasingly using advanced methods to implement attack techniques (vectors) that are non-traceable and difficult to take down. Anonymisation technologies and peer-to peer systems (so called distributed technologies) play an important role in this. It is clear that mobile technology is increasingly exploited by cyber-criminals. Threats of all kinds that were encountered in the more traditional arena of IT will affect mobile devices and the services available on these platforms.
  • The wide spread of mobile devices leads to an amplification of abuse based on knowledge/attack methods targeting social media.
  • The availability of malware and cyber-hacking tools and services, together with digital currencies (e.g. Bitcoins) and anonymous payment services is opening up new avenues for cyber-fraud and criminal activity.
  • There is a real possibility of large impact events when attacks combining various threats are successfully launched.
  • As reported by ENISA in its report on major cyber attacks (2013/07/20), cyber-attack is the sixth most important cause of outages in telecommunication infrastructures, and it impacts upon a considerable number of users. Taking into account these incidents, and denial of service threat developments, we observe an increase in infrastructure threats in 2013.
The study identifies the following top threats with major impact since 2012.

Drive-by-exploits: browser-based attacks still remain the most reported threats, and Java remains the most exploited software for this kind of threat.

Code Injection: attacks are notably popular against web site Content Management Systems (CMSs). Due to their wide use, popular CMSs constitute a considerable attack surface that has drawn the attention of cyber-criminals. Cloud service provider networks are increasingly used to host tools for automated attacks.

Botnets, Denial of Services, Rogueware/Scareware, Targeted Attack, Identity Theft and Search Engine Poisoning are the other trending threats.

The complete report is available here.





Spotlight

Patching: The least understood line of defense

Posted on 29 August 2014.  |  How many end users, indeed how many IT pros, truly get patching? Sure, many of us see Windows install updates when we shut down our PC and think all is well. It’s not.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 2nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //