Malware tops ENISA threat landscape for 2017
Unsurprisingly, top of ENISA’s list for 2017 is malware. Unchanged for the past year, the top three are:
- Web based attacks
- Web application attacks
Obviously, two major attacks dominated the media in 2017 – both using leaked NSA tools. The WannaCry and NotPetya attacks were among the most destructive ever seen, and hit indiscriminate targets all over the world.
The report also points to successful takedowns of illegal dark web marketplaces and many successful arrests of cyber criminals, which is promising. However, they suggest that the gaps created by lawful takedowns of malicious botnets have been filled by a massive spike in phishing/spearphising campaigns, the success of which has led to some of the more notorious data breaches of 2017.
Supply chain attacks are highlighted in the report as a very efficient way of targeting large infrastructures and enterprises: “Supply chain attacks can maximise the impact with minimal effort invested by criminals”. They used the example of a compromised software vendor, whose downloaded updates, injected with malicious code, quickly spread through many enterprise networks.
This threat hasn’t gone unnoticed in the United States, either – the latest update to the National Institute of Standards and Technology’s (NIST) Cyber Security Framework also delves deep into the management of supply chain risk. Supply chains are rapidly becoming a major attack vector, and NIST are right to highlight concerns to them. The new update outlines a typical supply chain risk management (SCRM) function and stresses its importance within a large organisation. It recommends enacting cyber security requirements in supplier contracts, and sets out possible language for the assessment, verification and validation of compliance. It also stresses that procurement departments need to be trained to include cyber security as a major factor in the buying process, and bids measured against critical security outcomes.
The main trends of the 2017 threat landscape are summarised here, from the report. To read it in full, please follow this link.
- Complexity of attacks and sophistication of malicious actions in cyberspace continue to increase.
- Threat agent of all types have advanced in obfuscation, that is, hiding their trails.
- Malicious infrastructures continue their transformation towards multipurpose configurable functions including anonymization, encryption and detection evasion.
- Monetization of cybercrime is becoming the main motive of threat agents, in particular cyber-criminals. They take advantage of anonymity offered by the use digital currencies.
- State-sponsored actors are one of the most omnipresent malicious agents in cyberspace. They are a top concern of commercial and governmental defenders.
- Cyber-war is entering dynamically into the cyberspace creating increased concerns to critical infrastructure operators, especially in areas that suffer some sort of cyber crises.
- Skills and capabilities are the main concerns for organisations. The need for related training programmes and educational curricula remains almost unanswered.