Some key trends identified in the study are:
- Cyber-criminals increasingly using advanced methods to implement attack techniques (vectors) that are non-traceable and difficult to take down. Anonymisation technologies and peer-to peer systems (so called distributed technologies) play an important role in this. It is clear that mobile technology is increasingly exploited by cyber-criminals. Threats of all kinds that were encountered in the more traditional arena of IT will affect mobile devices and the services available on these platforms.
- The wide spread of mobile devices leads to an amplification of abuse based on knowledge/attack methods targeting social media.
- The availability of malware and cyber-hacking tools and services, together with digital currencies (e.g. Bitcoins) and anonymous payment services is opening up new avenues for cyber-fraud and criminal activity.
- There is a real possibility of large impact events when attacks combining various threats are successfully launched.
- As reported by ENISA in its report on major cyber attacks (2013/07/20), cyber-attack is the sixth most important cause of outages in telecommunication infrastructures, and it impacts upon a considerable number of users. Taking into account these incidents, and denial of service threat developments, we observe an increase in infrastructure threats in 2013.
Drive-by-exploits: browser-based attacks still remain the most reported threats, and Java remains the most exploited software for this kind of threat.
Code Injection: attacks are notably popular against web site Content Management Systems (CMSs). Due to their wide use, popular CMSs constitute a considerable attack surface that has drawn the attention of cyber-criminals. Cloud service provider networks are increasingly used to host tools for automated attacks.
Botnets, Denial of Services, Rogueware/Scareware, Targeted Attack, Identity Theft and Search Engine Poisoning are the other trending threats.
The complete report is available here.