Cyber threats are continuing to grow and get more sophisticated, a new report said.
Along those lines, there has been an increase in threats to the infrastructure through targeted attacks; mobile devices, and social media identity thefts carried out by cyber-criminals over Cloud services, according to the ENISA’s interim Threat Landscape 2013 report.
Some key trends identified in the study:
• Cyber-criminals increasingly use advanced methods to implement attack vectors that are non-traceable and difficult to take down. Anonymization technologies and peer-to peer systems play an important role in this. It is clear cyber criminals are increasingly exploiting mobile technology. Threats of all kinds encountered in the more traditional arena of IT will affect mobile devices and the services available on these platforms.
• The wide spread usage of mobile devices leads to an amplification of abuse based on knowledge/attack methods targeting social media.
• The availability of malware and cyber hacking tools and services, together with digital currencies and anonymous payment services is opening up new avenues for cyber-fraud and criminal activity.
There is a real possibility of large impact events when attacks combining various threats successfully launch.
As reported by ENISA in its report on major cyber attacks, cyber attack is the sixth most important cause of outages in telecommunication infrastructures, and it has an impact upon a considerable number of users. Taking into account these incidents, and denial of service threat developments, there has been an increase in infrastructure threats in 2013, the report said.
The study identifies the following top threats with major impact since 2012:
Drive-by-exploits: Browser-based attacks still remain the most reported threats, and Java remains the most exploited software for this kind of threat.
Code Injection: Attacks are notably popular against web site Content Management Systems (CMSs). Due to their wide use, popular CMSs constitute a considerable attack surface that has drawn the attention of cyber criminals. Cloud service provider networks see use as host tools for automated attacks.
Botnets, Denial of Services, Rogueware/Scareware, Targeted Attack, Identity Theft and Search Engine Poisoning are the other trending threats.
A full ENISA Threat Landscape 2013 report is due by the end of the year.
This short, interim report informs security stakeholders as early as possible about developments in cyber threats, so that they are able to take countermeasures,” said Professor Udo Helmbrecht, the ENISA executive director.