430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

Reading the ENISA Threat Landscape 2014 report

The European Union Agency for Network and Information Security has published the annual report on the cyber threat landscape “ENISA Threat Landscape 2014.” The European Union Agency for Network and Information Security (ENISA) has published the annual report on the cyber threat landscape “ENISA Threat Landscape 2014.” This ENISA Threat Landscape 2014 report (ETL 2014) was prepared […]

Reading the ENISA Threat Landscape 2014 report

The European Union Agency for Network and Information Security has published the annual report on the cyber threat landscape “ENISA Threat Landscape 2014.”

The European Union Agency for Network and Information Security (ENISA) has published the annual report on the cyber threat landscape “ENISA Threat Landscape 2014.”

This ENISA Threat Landscape 2014 report (ETL 2014) was prepared by collecting and analyzing threat data of the last 12 months (December 2013 – December 2014).

The document is composed of the following sections:

  • “Purpose, Scope and Method” provides some information regarding the threat analysis process.
  • “ETL 2014: Current Threat Landscape” contains top 15 cyber-threats assessed in 2014 and related information.
  • “Threat Agents” contains the profiling of threat agents.
  • “Attack Vectors” contains information on typical attack scenarios.
  • “The Emerging Threat Landscape” indicates assessedtechnology areas that will impact the
  • “The Emerging Threat Landscape” reports the areas that will impact the threat landscapes in the middle-term.
  • “Food for thought: Lessons Learned and Conclusions”

This year the threat landscape is characterized by significant upheavals, the number of cyber attacks has grown rapidly as well as their complexity despite the excellent action of law enforcement, which influenced the evolution of the criminal ecosystem.

“In the ETL 2014, details of these developments are consolidated by means of top cyber threats and
emerging threat trends in various technological and application areas. References to over 400 relevant
sources on threats will help decision makers, security experts and interested individuals to navigate
through the threat landscape.” reads the ENISA Threat Landscape 2014,

The take down of GameOver Zeus botnet which was conducted by the DoJ and the FBI in a multinational effort has dealt a blow to cyber crime sindacate, the arrest of the author of the popular Blackhole and the seizure of numerous underground black markets on Tor as part of the Onymous Operation, are just a few example of successfully action operated by law enforcement.

2014 was also characterized by significant threats to the overall Internet infrastructure, let’s consider the increase of the DDoS amplification attacks (i.e. NTP-based reflection DDoS attacks) or the numerous flaws affecting popular encryption libraries like the Heartbleed and the Poddle bugs.

2014 is considered the year of data breaches, the number of incidents is dramatically increased, in frequency and severity, exposing hundreds of millions of records of unsuspecting users.

“The massive data breaches that have been identified demonstrate how effectively cyber threat agents abuse security weaknesses of businesses and governments.” states the report.

Analyzing the attacks against websites, experts noticed that SQL injection, which is still one of the most effective attack techniques, is on the decline due to information sharing on the threat.

Privacy is the topic that most of all interested Internet community, netizens fear numerous surveillance program run by governments and have fueled mistrust in the network.

The cyberspace is the new battlefield, a growing number of targeted campaigns were characterized sophisticated attack schemes that benefiting efficient evasion techniques.

ENISA Threat Landscape 2014

The report provides useful information to reduce the surface of attack and exposure to cyber threats. The Agency will continue to collect information on cyber threats and will improve critical operation like information sharing.

This report is a must read for cyber-security specialists and anyone who is interested in the development of cyber threats.

Let me personally thanks for the support all the members of the Threat Landscape Stakeholder Group, in particular the author of the report Louis Marinos, that coordinated us during the last year and that made possible the publishing of a so precious document.

Enjoy the report!

Pierluigi Paganini

(Security Affairs – ENISA Threat Landscape 2014, cyber threats)