The European Union Agency for Network and Information Security (ENISA) has published its annual report on the cyberthreat landscape, entitled ENISA Threat Landscape 2014. The document closely examines the evolution of top and emerging threats in 2014. It is considered by the security community to be a valuable analysis of principal threats.
The ENISA report provides useful information that could help decision-makers and cybersecurity experts reduce attack surfaces and, thus, their exposure to top cyberthreats. That means it's worth taking the time to review the report and glean insights about ways you can increase your security. To get you started, here's an overview of some of the ENISA's findings:
ENISA Threat Landscape 2014 describes a scenario characterized by a growing number of sophisticated threats, as well as an effective law enforcement response that, with an internationally coordinated effort, has been fairly successful in combating cybercrime. Between the takedown of the GameOver Zeus botnet, the arrest of the developers responsible for the Blackhole exploit kit and the seizure of several underground black markets on Tor as part of the Onymous Operation, the cybercrime ecosystem has been significantly impacted.
The report confirms an increase in threats to the overall Internet infrastructure; however, it's worth noting that among the threats mentioned, "NTP-based reflection within DDoS attacks are declining as a result of a reduction of infected servers."
It's no surprise 2014 is considered the year of data breaches and leakage incidents; after all, in that year, their number and severity dramatically increased, resulting in the exposure of hundreds of millions of records. The ENISA report highlights the impact of Heartbleed and other such flaws affecting popular encryption libraries. These vulnerabilities represent serious threats to the IT industry and its application in multiple sectors. The report states, "In the reporting period we have experienced leakage incidents, one of which — Heartbleed — has been classified by the security community as 'one of the most serious to affect the Internet.'"
According to ENISA's report, malicious code is the principal current threat, and threat trends confirm its worrying evolution. Web-based attacks and Web application attacks follow suit.
The reduction of threats related to botnets and ransomware can be attributed to the operations that law enforcement conducts in order to take over the infrastructure criminal crews use. Unfortunately, as ENISA's top threats table shows, the phenomenon is considered transitory.
The ENISA Threat Landscape 2014 further confirms the Internet community's fear of government surveillance programs. Surveillance activities have fueled mistrust in the network, and security experts fear this will have a dramatic impact on the overall security of the Internet infrastructure.
Whether you're a security expert at your firm, exploring various threat modeling approaches, or you're simply interested in the evolution of the threat landscape, the ENISA report is worth the read. Armed with this knowledge and with the guidance of a security expert at your side, you'll be well-equipped to protect against even the most ominous of threats to come.
Photo Source: Flickr