The EU’s cyber security agency ENISA has published its Cyber Threat Landscape Analysis of 2012 which puts drive-by-exploits as the top web threat.
The ENISA report is important because it summarizes the findings of 120 security reports from 2011 and 2012 including those from the wider security industry, standardization bodies and independent parties.
According to the agency its report provides an independent overview of threats and threat agents, current top threats and emerging threats trends landscapes.
The report identifies the top ten threats in socially important technology areas such as mobile, social media, critical infrastructure, cloud, and big data. The identified top ten threats are:
- Drive-by exploits (malicious code injections that exploit web browser vulnerabilities)
- Worms/Trojans
- Code injection attacks
- Exploit kits (ready to use software packages to automate cybercrime)
- Botnets (hijacked computers that are remotely controlled)
- (Distributed) Denial of Service attacks (DDoS/DoS)
- Phishing (fraud mails and websites)
- Compromising confidential information (data breaches)
- Rogueware/scareware
- Spam
"I am proud that the Agency undertakes this important work to better understand the composition of the current cyber threats. This is the first and most comprehensive Cyber Threat Analysis available to date and a point of reference for all cyber security policy makers, and stakeholders." said Executive Director of ENISA, Professor Udo Helmbrecht.
In light of the report the agency made a number of recommendations on how the industry could combat cyber crime and threats to business and citizens by collating data. These included better intelligence of incidents including starting points and targets of an attack, shifting security controls to accommodate emerging threat trends, developing better evidence about attack methods to understand attack work flows.