Drive-by attacks, Trojans and code injection the biggest threats, says ENISA
- — 09 January, 2013 14:34
Cybercriminals will are turning their attention to mobile platforms, cloud computing, social media, critical and trust infrastructure and even big data, according to European Security Agency ENISA's annual and now rather depressing summary of security industry opinion.
ENISA (European Network and Information Security Agency) pulled together its trends using data collected from 120 security industry reports from 2011-2012, concluding that almost every serious form of threat is increasing and evolving.
The nugget of good news is that a few threats such as search engine poisoning and spam appear to have stabilised. The bad news is that this is the only good news.
During the period, drive-by downloads targeting browsers from compromised websites running exploit kits such as the infamous Black Hole were the top threat, an attack design that moved to target mobile users (read: Android users) during the last year.
In second place were a clutch of sophisticated of Trojans, distributed increasingly via social media and to a much smaller extent to mobile platforms, mainly Android.
Third on the list of usual suspects was code injection, specifically SQL injection and cross-site scripting designed to steal credentials such as logins.
Standing back, a lot of these individual threats can be bundled into one larger trend, that of malware-as-a service (MaaS), by no means a new phenomenon but one that gathered pace in 2012.
Beyond this top three lay a sea of DDoS attacks systems, rogue software, not to mention those old favourites, botnets and phishing websites; targeted attacks and security breaches remain an ever-present worry.
Oddly, the report reckons that the threat from ramsonware (software that demands payments from victims) is 'stable' which flies in the face of more recent evidence that this type of attack has exploded insignificance.
What might have caused ENISA to downplay that threat is that because its assessment is based on an historical analysis of security reports - few security vendors paid much attention to ransomware until later in the year - this and so this phenomenon has probably been under-reported.
ENISA's recommendations sounds like a bit of a cry in the dark, including that the industry needed to find a way of "Collect and develop better evidence about impact achieved by adversaries," that is share information on which attacks have worked and why.
But that is an impossible goal as long as organisations are not required to publish detailed analyses of real-world attacks let alone in many cases even mention that they have happened.
The Agency would also like to see organisations adopt a common terminology to describe and discuss threats; today's vocabulary remains expert-driven, fragmented and often confusing to outsiders.