The ENISA Threat Landscape presents the top current cyber threats of 2013 and identifies emerging trends. In 2013 important news stories, significant changes and remarkable successes have left their footprint in the cyber-threat landscape. Both negative and positive developments have formed the 2013 threat landscape. In particular:
Negative trends 2013:
- Threat agents have increased the sophistication of their attacks and of their tools.
- Clearly, cyber activities are not a matter of only a handful of nation states; indeed multiple states have developed the capacity to infiltrate both governmental and private targets.
- Cyber-threats go mobile: attack patterns and tools targeting PCs which were developed a few years ago have now migrated to the mobile ecosystem.
- Two new digital battlefields have emerged: big data and the Internet of Things.
Positive developments in 2013:
- Some impressive law-enforcement successes: police arrested the gang responsible for the Police Virus; the Silk Road operator as well as the developer and operator of Blackhole, the most popular exploit kit, were also arrested.
- Both the quality and number of reports as well as the data regarding cyber-threats have increased
- Vendors gained speed in patching their products in response to new vulnerabilities.
A table of the top current threats and threat trends lists the following top three threats: 1. Drive-by-downloads, 2. Worms/Trojans and 3. Code injections. For full table.
Key open issues, identified are:
- The end-users lack knowledge yet they need to be actively involved. Adoption of simple security measures by end-users would reduce the number of cyber incidents for 50% worldwide!
- Numerous actors work on overlapping issues of threat information collection and threat analysis. Greater coordination of information collection, analysis, assessment and validation among involved organisations is necessary.
- The importance of increasing the speed of threat assessment and dissemination, by reducing detection and assessment cycles has been identified.
The Executive Director of ENISA, Professor Udo Helmbrecht remarked: “This threat analysis presents indispensable information for the cyber security community regarding the top threats in cyber-space, the trends, and how adversaries are setting up their attacks by using these threats.”
For full report
Background: EU Cyber Security Strategy
