ENISA Names Drive-By Exploits as Biggest Emerging Threat of 2012

The agency has published its Cyber Threat Landscape analysis

The European Network and Information Security Agency (ENISA) has released its Cyber Threat Landscape analysis of 2012. The study, based on over 120 threat reports, highlights the top threats and their trends.

According to the report, drive-by exploits – malicious code injects used to exploit web browser vulnerabilities – are the number one threat. Drive-by exploits have been on an upwards trend in many areas, including mobile computing, social technology, critical infrastructure, cloud, and big data.

The second position in the list of top threats is occupied by Worms and Trojans. These malicious elements have also been on the rise in most areas, except for the cloud.

Code injection attacks, the exploit kits used to automate cybercrime, botnets, distributed denial-of-service (DDOS) attacks, phishing, data breaches, scareware and rogueware, and spam complete the top ten.

Targeted attacks, physical theft or damage, identity theft, abuse of information leakage, search engine poisoning and rogue certificates have also been on the rise in many areas.

The report also contains some valuable advice for industry and stakeholders to help them handle the cyber threats that could impact regular users, businesses and the digital economy in general.

The recommendations include the use of common terminology in threat reports, the inclusion of end-user perspective, the development of use cases for the threat landscape, and the collection of security intelligence on incidents.

The industry is also advised to collect and develop better evidence on attack vectors and on the impact reached by attackers, and to maintain more qualitative information about threat agents.

“I am proud that the Agency undertakes this important work to better understand the composition of the current cyber threats. This is the first and most comprehensive Cyber Threat Analysis available to date and a point of reference for all cyber security policy makers, and stakeholders,” Executive Director of ENISA, Professor Udo Helmbrecht, noted.

Hot right now  ·  Latest news