ENISA Threat Landscape Report 2016, who is attacking us, and how?

Pierluigi Paganini February 09, 2017

ENISA has issued the annual ENISA Threat Landscape Report 2016, a document that synthesizes the emerging trends in cyber security

The European Union Agency for Network and Information Security (ENISA) is an EU Agency composed of security experts that work with these states, public organizations and private groups to develop advice and recommendations on good practice in information security.

I’m very proud to be a member of the group that annually publish an interesting report that summarizes top cyber threats identified during the last 12 months.

The new report, titled ENISA Threat Landscape Report 2016, analyzes the huge number of cyber-incidents that made the headlines in 2016, focusing on threat actors and their TTPs (Tactics, techniques, and procedures).

The document is composed of the following sessions:

  • “Cyber Threat Intelligence and ETL” provides an overview of recent developments in cyber-threat intelligence positions the ETL and summarizes some cyber-threat intelligence issues that are seen as emerging.
  • “Top Cyber-Threats,” it provides the results of the yearly threat assessment for the top 15 cyber-threats.
  • “Threat Agents” is an overview of threat actors.
    “Attack Vectors”
  • “Conclusions” and some policy, business and research recommendations.

“ETL 2016 is streamlined towards the top cyber-threats, providing information on threat agents and attack vectors including all the remarkable developments, trends and issues. Moreover, it reports about threat agents their motivations, and how their practices, tools and techniques have advanced.” read an introduction to the report.

The ENISA Threat Landscape Report 2016 is an impressive source of data and references to the events that characterized the threat landscape in 2016.

The vast majority of the attacks was financially and politically motivated, the year 2016 is thus characterized by “the efficiency of cyber-crime monetization.” Crooks have monetized their effort not only with the illegal activities they conducted but also offering their services through the consolidated model of sale known as “crime-as-a-service.”

Fortunately, we are observing an increasing maturity of defenders when dealing cyber threats and a successful effort of international law enforcement agencies that conducted many operations disrupting criminal organizations.

However, attackers are still one step ahead as explained in the report. The advances of defenders have been the result of the superiority of attackers in:

  • Abusing unsecured components to mobilize a very large attack potential. This capacity that has been demonstrated by means of DDoS attacks by infected IoT devices.
  • Successfully launching extortion attacks that have targeted commercial organisations and have achieved very high levels of ransom and high rates of paying victims.
  • Demonstrating very big impact achieved by multi-layered attacks to affect the outcome of democratic processes at the example of the US elections.
  • Operating large malicious infrastructures that are managed efficiently and resiliently to withstand takedowns and allow for quick development and multi-tenancy.

Malware remains the principal cyber-threat in 2016, the number of samples reached ca. 600 million per quarter, mobile malware (reaches a growth of ca. 150%) and ransomware have monopolized the threat landscape. Web based attacks and web application attacks follow malware in the Top 15, no change has been observed respecting 2015.

Web based attacks include malicious URLs, compromised domains, browser exploits and drive-by attacks.

Web based attacks are those that use web components as an attack surface. As web components we understand parts of the web infrastructure, such as web servers, web clients (browsers) content management systems (CMS) and browser extensions” states the report.

The category of web application attacks includes classic techniques like cross-site scripting and SQL-injection (SQLi) that anyway continues to be a privileged attack vector of threat actors.  In the fourth place there are the Botnets, these infrastructures are an essential component for a large number of cyber attacks.

The DDoS attacks reached the fourth place, it is the result of extortion activities and the availability in the criminal underground of DDoS-for-hire services that offer to wannabe hackers all the necessary to launch powerful attack.

ENISA Threat Landscape Report 2016

The report also provides an interesting analysis of top threat actors observed in 2016, Cyber-criminals, insiders, cyber spies, hacktivists, cyber fighters, cyber terrorists and script kiddies operate with different techniques, but in many cases the observed an overlap of their TTPs caused by the evolution of the crime-as-service model.

The ENISA Threat Landscape Report 2016 also associated the various threat to the above threat agents, an interesting exercize that allowed us to better profile the attackers.

ENISA Threat Landscape Report 2016

Based on the material ENISA’s experts collected, the report provided our conclusions for policy makers, businesses, and research.

“As we speak, the cyber-threat landscape is receiving significant high-level attention: it is on the agenda of politicians in the biggest industrial countries. This is a direct consequence of ‘cyber’ becoming mainstream, in affecting people’s opinions and influencing the political environment of modern societies. Besides this, a lot of developments have taken place regarding the tools and tactics used by adversaries, making 2016 another striking sample of the dynamics of cyber-space. ETL 2016 reflects these developments, while providing strategic information about the cyber-threats and their technical evolution during 2016.” Prof. Udo Helmbrecht, Executive Director of ENISA, commented on the project: 

I consider the ENISA Threat Landscape Report 2016  a must reading for the security experts in every industry and executives of any sector, I don’t want tell you more, enjoy it.

The ETL report and related material can be found under the following links:

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Cyber Security, ENISA Threat Landscape Report 2016)



you might also like

leave a comment