I’m very happy to announce the publication of the annual ENISA Threat Landscape 2015 (ETL 2015), this is the fifth report issued by the European Agency. The ENISA Threat Landscape 2015 summarizes top cyber threats, experts have identified during the last 12 months.
The document synthesizes the emerging trends in cyber security, it is a must reading for the experts in the industry and executives of any sector.
In 2015, we have assisted a greater effort of law enforcement in the fight against criminal organizations that are becoming even more advanced.
The experts at ENISA analyzed the Top 15 cyber-threats, identifying the threat trends, trends of threat agents and trends for emerging technologies, the report also includes for each cyber-threat a list of mitigation controls.
Malware remains the principal cyber-threat in 2015, they have increased in the number of instances detected and the level of sophistication, albeit mobile malware may not have reached expected levels of growth.
Web based attacks and web application attacks are in second and third place, no change has been observed respecting the previous report. Web based attacks include malicious URLs, compromised domains, browser exploits and drive-by attacks.
The category of web application attacks includes classic techniques like cross-site scripting and SQL-injection (SQLi). In the fourth place there are the Botnets, these infrastructures an essential component for a large number of cyber attacks, but in the last year law enforcement has coordinated a significant number of takedowns against many malicious architectures.
In 2015, the number of DDoS attacks continues to increase, the attacks increased with the volume and also their average duration has increased.
Giving a look at the table below, we can verify that in 2015 the spam decreased once again, despite it still represents a valid vector to spread malware malicious links.
“Spam is in a declining trend since some years now, its importance in the malicious arsenal remained at least almost equal: new methods of “weaponization” of this threat make it a serious threat. During the reporting period we have assessed that spam is an effective means for malware distribution. Ca. 6% of overall spam volume included malicious attachments or links” states the ENISA Threat Landscape 2015 report.
The overall situation is very concerning, cyber threats are influencing also new technologies and paradigms, as explained in a specific session of the report entitled “Emerging Threat Landscape.”
The emerging technology areas considered in this ETL are:
For each technology the report provides the Top 10 Emerging threats, but I don’t want to tell you more about the document, I invite you to carefully read the ENISA Threat Landscape 2015.
Udo Helmbrecht, ENISA’s Executive Director provided the following comment on the project:
“Identification of threats and their dynamics in cyber-space is key in understanding asset exposure and risks. It is an important piece of knowledge that allows for understanding protection requirements, raising awareness and allowing for a better, yet more efficient assessment of risks. ENISA continues with providing strategic information in that area through its ENISA Threat Landscape. Together with the thematic landscapes, this work is a unique publicly available source providing both strategic and tactical intelligence on cyber-threats, tailored to the specific needs of a large amount of stakeholders.”
(Security Affairs – Cyber Security, ENISA Threat Landscape 2015)