Vulnerabilities / Threats
1/8/2013
10:27 AM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

ENISA: Drive-By Attacks Biggest Threat Of 2012

Report provides an independent overview of observed threats and threat agents

The EU’s cyber security agency ENISA has published the first and most comprehensive Cyber Threat Landscape analysis of 2012, summarising over 120 threat reports. The report identifies and lists the top threats and their trends, and concludes that drive-by exploits have become the top web threat.

The ENISA Threat Landscape report summarises 120 recent reports from 2011 and 2012 from the security industry, networks of excellence, standardisation bodies and other independent parties, making the report the world’s most comprehensive synthesis presently available. The report provides an independent overview of observed threats and threat agents together with the current top threats, and emerging threats trends landscapes. Moreover, the Threat Landscape report analyses the “cyber enemy”; identifying and also listing the top ten (out of a total of sixteen) threats in emerging technology areas. The areas considered are Mobile Computing, Social Media/Technology, Critical Infrastructure, Trust Infrastructures, Cloud, and Big Data. The identified top ten threats are:

Drive-by exploits (malicious code injects to exploit web browser vulnerabilities) Worms/trojans Code injection attacks Exploit kits (ready to use software package to automate cybercrime) Botnets (hijacked computers that are remotely controlled) (Distributed) Denial of Service attacks (DDoS/DoS) Phishing (fraud mails and websites) Compromising confidential information (data breaches) Rogueware/scareware Spam

Finally, the Agency makes a number of conclusions for industry and stakeholders on how to better fight cyber threats to business, citizens and the digital economy at large:

Use a common terminology within threat reports Include the end-user perspective Develop use cases for threat landscapes Collect security intelligence of incidents including starting point and target of an attack Perform a shift in security controls to accommodate emerging threat trends Collect and develop better evidence about attack vectors (methods) so as to understand attack workflows Collect and develop better evidence on the impact reached by attackers Collect and maintain more qualitative information about threat agents

The Executive Director of ENISA, Professor Udo Helmbrecht stated:

“ I am proud that the Agency undertakes this important work to better understand the composition of the current cyber threats. This is the first and most comprehensive Cyber Threat Analysis available to date and a point of reference for all cyber security policy makers, and stakeholders.”

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.