ENISA Threat Landscape 2014

ENISA published the third yearly report in sequence Threat Landscape 2014 (ETL 2014), consolidating and analyzing the top cyber threats and the evolution, encountered in 2014. ENISA Threat Landscape 2014, an activity contributing towards achieving the objectives formulated in the Cyber Security Strategy for the EU, stresses the importance of threat analysis and the identification of emerging trends in cyber security.

No previous threat landscape document published by ENISA has shown such a wide range of change as the one of the year 2014. We were able to see impressive changes in top threats, increased complexity of attacks, successful internationally coordinated operations of law enforcement and security vendors, but also successful attacks on vital security functions of the internet.

Many of the changes in the top threats can be attributed to successful law enforcement operations and mobilization of the cyber-security community:

• The take down of GameOver Zeus botnet has almost immediately stopped infection campaigns and Command and Control communication with infected machines.
• Last year’s arrest of the developers of Blackhole has shown its effect in 2014 when use of the exploit kit has been massively reduced.
• NTP-based reflection within DDoS attacks are declining as a result of a reduction of infected servers. This in turn was due to awareness raising efforts within the security community.
• SQL injection, one of the main tools used to compromise web sites, is on the decline due to a broader understanding of the issue in the web development community.
• Taking off-line Silk Road 2 and another 400 hidden services in the dark net has created a shock in TOR community, both at the attackers and TOR users ends.

But there is a dark side of the threat landscape of 2014:

• SSL and TLS, the core security protocols of the internet have been under massive stress, after a number of incidents have unveiled significant flaws in their implementation.
• 2014 can be called the year of data breach. The massive data breaches that have been identified demonstrate how effectively cyber threat agents abuse security weaknesses of businesses and governments.
• A vulnerability found in the BASH shell may have a long term impact on a large number of components using older versions, often implemented as embedded software.
• Privacy violations, revealed through media reports on surveillance practices have weakened the trust of users in the internet and e-services in general.
• Increased sophistication and advances in targeted campaigns have demonstrated new qualities of attacks, thus increasing efficiency and evasion through security defences.

In the ETL 2014, details of these developments are consolidated by means of top cyber threats and emerging threat trends in various technological and application areas. References to over 400 relevant sources on threats will help decision makers, security experts and interested individuals to navigate through the threat landscape.