The European Network and Information Security Agency
(“ENISA”) has published its first independent overview of how the cyberthreat
landscape has evolved over the past few years. The report identifies the most
common and dangerous cyberthreats, the methods used by malicious users and
potential avoidance measures for web users. ENISA’s findings have ramifications
from both an EU and global perspective as the threats revealed have no
geographic boundaries.
According to the report, “drive-by exploits” are the greatest
and most increasing threat to the internet landscape. Drive-by exploits involve
injecting malicious code into a website that automatically infects a user’s
computer when he or she visits that website. These can then be used to obtain
personal information. The websites themselves may also be unknowingly hosting
malicious code. This form of cyberattack is on the rise and is even being
formulated for mobile devices.
The second biggest cyberthreat identified by ENISA are
Trojans (which contain backdoor capabilities) and Worm malware programs (which
can self-replicate and redistribute themselves with devastating effect). Worms
and Trojans are used by cybercriminals to pull off sophisticated cyberscams
involving theft of user credentials and personal data and by governments for
cyberespionage.
Code injection is the third top threat - in recent years an
increasing amount of attacks and data breaches have been conducted against web
applications using well-known attack techniques such as SQL injection (“SQLi”)
and cross-site scripting (“XSS”). These threats, which are popular amongst
hacktivist groups, attempt to extract data, steal credentials and take control
of the targeted webserver.
Other cyberthreats include exploit kits, botnets,
denial-of-service attacks, phishing and spam. ENISA emphasises that it is not
just cybercriminals acting as the threat agents but also corporations
attempting to gain competitive advantage, disgruntled employees, and terrorists
who have expanded their activities into cyberspace.
In an era where social media has flourished, the
report highlights the vulnerability of technologies such as cloud computing and
big data sets, where the concentration of vast amounts of data in a few logical
locations makes an attractive target for threat agents. ENISA suggests that
many threats can be contained if sufficient risk management is undertaken and
appropriate security measures are implemented.
This actually makes sense. All securities are just some kind of a joke, they don’t really work, in on way or another, hackers will find ways to pass these securities, its kind of a cycle. They invent a virus to hack, we invent a security to prevent it then the cycle begins
ReplyDelete