So what's on your security radar as we move into the New Year? The European Network and Information Security Agency (ENISA) has taken data from more than 100 different security reports produced in 2011 and 2012 to produce a Threat Landscape report that attempts to identify the top ten information security demons. The report sourced analysis that was put forth by a range of industry interest groups, CERTS, vendors, government and private organizations. While the list contains no real surprises, it does act as a baseline and point of consensus which is worthy of a glance.
"The ENISA Threat Landscape provides an overview of threats, together with current and emerging trends. It is based on publicly available data and provides an independent view on observed threats, threat agents and threat trends. Over 120 recent reports from security industry, networks of excellence, standardization bodies and other independent institutes have been analyzed," ENISA says of the research.
Though the list threats identified in the report are basically the same sorts of challenges IT security professionals have been dealing with for years, ENISA characterized them as "emerging" because of the impact they have on new technologies and areas of increased concern that have become important factors in the IT marketplace, including mobile devices, social media technology, critical infrastructure governance, trust infrastructures, cloud computing services, and the rise of big data.
"This is the first and most comprehensive Cyber Threat Analysis available to date and a point of reference for all cyber security policy makers, and stakeholders," said Udo Helmbrecht, ENISA's Executive Director.
The consolidated list that makes up the top ten threats identified by ENISA include:
- Drive-by exploits (malicious code injects to exploit web browser vulnerabilities): This threat refers to the injection of malicious code in HTML code of websites that exploits vulnerabilities in user web browsers.
- Worms/trojans: Mmalicious programs that have the ability to replicate and re-distribute themselves by exploiting vulnerabilities of their target systems.
- Code injection attacks: Includes well-known attack techniques against web applications such as SQL injection (SQLi), cross-site scripting (XSS), cross-site request forgery (CSRF), Remote File Inclusion (RFI) etc.
- Exploit kits: Ready to use software package to automate cybercrime.
- Botnets: Hijacked computers that are remotely controlled.
- (Distributed) Denial of Service attacks (DDoS/DoS): An attempt to make a resource unavailable to its users.
- Phishing: Fraudulent e-mails and legitimate looking websites by cybercriminals in order to deceitfully gain user credentials.
- Compromising confidential information: Data breaches that occurred via intentional, unintentional information disclosure performed by internal or external threat agents.
- Rogueware/scareware: Any kind of fake software that cybercriminals distribute (e.g. via social engineering techniques) in order to lure users to their malicious intentions.
- Spam: Abusive use of e-mail technology to flood user mailboxes with unsolicited messages.
The authors acknowledge that some elements of information security were beyond the scope of the report, which does not address trends in geographical distribution of threats or take into consideration other factors that can affect security and business continuity efforts, such as natural disasters or the failure to properly manage complex IT systems. The report also contains suggestions for standardization of threat report industry-wide in order to produce analytics that can be employed more objectively by end users.