ENISA’s Threat Rankings: From Malware To Cyber Spies

When it comes to cybersecurity, what should you really be worried about? Europe's computer security agency has set out a list of the top threats in the online world, warning that hacking for profit is one of the biggest trends.

"Undoubtedly, optimisation of cybercrime turnover was the trend observed in 2016. And, as with many of the negative aspects in cyberspace, this trend is here to stay. 

The development and optimisation of badware towards profit will remain the main parameter for attack methods, tools and tactics," warned the report from the European Union Agency for Network and Information Security (ENISA).

It said criminals had been using unsecured Internet of Things (IoT) devices to launch giant distributed denial of service (DDoS) attacks, and have launched extortion attacks against commercial organisations that have "achieved very high levels of ransom and high rates of paying victims", and demonstrated the ability to affect the outcome of democratic processes like the US presidential elections.

Executive director of ENISA Udo Helmbrecht said: "As we speak, the cyber threat landscape is receiving significant high-level attention: it is on the agenda of politicians in the biggest industrial countries. This is a direct consequence of 'cyber' becoming mainstream, in affecting people's opinions and influencing the political environment of modern societies."

Malware tops ENISA's lists, with over 600 million samples identified per quarter, and mobile malware, ransomware, and information stealers the main areas of criminal malware innovation.

"Equally impressive was the fact that state-sponsored threat actors have launched malware that has had high efficiency by exploiting quite a few zero-day vulnerabilities," the report said.

It noted that the average lifespan of malware hashes, the unique identification of a malware variant used by malware detection tools, has shrunk so much that a specific malware variant might exist for just one hour.

Source: ENISA

"This is indicative of the speed of malware mutation in order to evade detection on the one hand, and one of the reasons for gaps in end-point protection measures (i.e. anti-virus software)," it said.

The report also blamed the availability of 'malware-as-a-service' offerings, which allow users to rent the infrastructure for a few thousand dollars per month to launch, for example, ransomware attacks with $100,000 monthly revenues.

The report said that DDoS attacks, once used by activists to disrupt corporate websites, are now being used for extortion attempts, part of the trend toward monetising hacking. Similarly, the report noted that phishing has successfully reached the executive level: CEO fraud is now causing significant losses to companies.

And while it may be a surprise that, following the controversy around the US presidential election, ENISA ranked cyber-espionage at the bottom of its list, it noted: 

"Known/confirmed cases are the top of the iceberg. This is because espionage campaigns are difficult to identify. And once identified are difficult/costly to analyse. It is believed that cyber-espionage is the motive of much more undetected campaigns. To this extent, the assessed descending trend of this threat may not be fully valid. 

“Secondly, cyber-espionage is much targeted: it uses the same methods as cyber-crime, but it possesses intelligence allowing it to lure victims much more efficiently."

ZDNet

A Common Language For Sharing Intelligence On Cybersecurity Threats:

Navigating The Cyber-Threat Landscape:

EU Will Fund Car, Hospital & Airport IT Security:

 

 

 

 

« US Buys Mysterious ISIS Drone Killer
Geolocation, Russian Hackers & False Flag Operations »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Oxygen Forensics

Oxygen Forensics

Oxygen Forensics offer the most advanced forensic data examination tools for mobile devices and cloud services.

Deltagon

Deltagon

Deltagon develops information security solutions to protect companies’ confidential information in e-communication and e-services.

Ridgeback Network Defense

Ridgeback Network Defense

Ridgeback is an enterprise security software platform that defeats malicious network invasion in real time. Ridgeback champions the idea that to defeat an enemy you must engage them.

Nok Nok Labs

Nok Nok Labs

Nok Nok is a market leader in next generation authentication for cloud, mobile and IoT applications.

CodeSealer

CodeSealer

CodeSealer provide invisible end-to-end user interface protection with a unique web security solution to eliminate Man-in-the-Middle and Man-in-the-Browser vulnerabilties.

Steganos

Steganos

Steganos offers highly secure and easy to use software tools that protect and secure on and offline data.

VXRL

VXRL

VXRL is a Hong Kong-based cybersecurity company. We provide consulting services, penetration testing, and corporate training.

Identifi Global Recruitment

Identifi Global Recruitment

Identifi Global is one of the UK's leading Cyber Security & IT Recruitment specialists.

iZOOlogic

iZOOlogic

iZOOlogic protects hundreds of the world’s leading brands, across banking, finance and government from cybercrime. We provide strong cyber defence solutions to protect client digital assets.

Edureka

Edureka

Edureka is an online technology training provider with the most effective learning system in the world. We help professionals learn trending technologies for career growth.

Strike Graph

Strike Graph

The Strike Graph GRC platform enables Security Audits & Certifications.

Corsica Technologies

Corsica Technologies

Corsica Technologies is recognized as one of the top managed IT and cybersecurity service providers. Our integrated IT and cybersecurity services protect companies and enable them to succeed.

Fortified Health Security

Fortified Health Security

Fortified’s team of cybersecurity specialists is dedicated to helping healthcare providers, payers and business associates protect their patient data across the Fortified Healthcare Ecosystem.

Advantex Network Solutions

Advantex Network Solutions

Advantex Network Solutions are a leading provider in Mitel, IT Solutions, Networking, and iP surveillance.

Palindrome Technologies

Palindrome Technologies

Palindrome Technologies help clients defend against cyberattacks across all attack surfaces, including hardware, software, network-to-cloud, people, and emerging technologies.

NAM-CSIRT

NAM-CSIRT

NAM-CSIRT is a team established to contribute to the security and stability of critical infrastructure and critical information infrastructure of the Republic of Namibia.