ENISA Threat Landscape Report 2017 15 Top Cyber-Threats and Trends
Total Page:16
File Type:pdf, Size:1020Kb
ENISA Threat Landscape Report 2017 15 Top Cyber-Threats and Trends FINAL VERSION 1.0 ETL 2017 JANUARY 2018 www.enisa.europa.eu European Union Agency For Network and Information Security ENISA Threat Landscape Report 2017 ETL 2017 | 1.0 | HSA | January 2018 About ENISA The European Union Agency for Network and Information Security (ENISA) is a centre of network and information security expertise for the EU, its member states, the private sector and Europe’s citizens. ENISA works with these groups to develop advice and recommendations on good practice in information security. It assists EU member states in implementing relevant EU legislation and works to improve the resilience of Europe’s critical information infrastructure and networks. ENISA seeks to enhance existing expertise in EU member states by supporting the development of cross-border communities committed to improving network and information security throughout the EU. More information about ENISA and its work can be found at www.enisa.europa.eu. Contact For queries on this paper, please use [email protected] For media enquiries about this paper, please use [email protected]. Acknowledgements ENISA would like to thank the members of the ENISA ETL Stakeholder group: Pierluigi Paganini, Chief Security Information Officer, IT, Paul Samwel, Banking, NL, Jason Finlayson, Consulting, IR, Stavros Lingris, CERT, EU, Jart Armin, Worldwide coalitions/Initiatives, International, Thomas Häberlen, Member State, DE, Neil Thacker, Consulting, UK, Shin Adachi, Security Analyst, US, R. Jane Ginn, Consulting, US, Andreas Sfakianakis, Industry, NL. The group has provided valuable input, has supported the ENISA threat analysis and has reviewed ENISA material. Their support is highly appreciated and has definitely contributed to the quality of the material presented in this report. Moreover, we would like to thank CYjAX for granting access pro bono to its cyber risk intelligence portal providing information on cyber threats and cyber- crime. Legal notice Notice must be taken that this publication represents the views and interpretations of ENISA, unless stated otherwise. This publication should not be construed to be a legal action of ENISA or the ENISA bodies unless adopted pursuant to the Regulation (EU) No 526/2013. This publication does not necessarily represent state-of the-art and ENISA may update it from time to time. Third-party sources are quoted as appropriate. ENISA is not responsible for the content of the external sources including external websites referenced in this publication. This publication is intended for information purposes only. It must be accessible free of charge. Neither ENISA nor any person acting on its behalf is responsible for the use that might be made of the information contained in this publication. Copyright Notice © European Union Agency for Network and Information Security (ENISA), 2018 Reproduction is authorised provided the source is acknowledged. ISBN 978-92-9204-250-9, ISSN 2363-3050, DOI 10.2824/967192 02 ENISA Threat Landscape Report 2017 ETL 2017 | 1.0 | HSA | January 2018 Table of Contents Executive Summary 7 1. Introduction 10 Policy context 11 Target audience 12 Structure of the document 12 2. Cyber Threat Intelligence and ETL 14 Cyber Threat Intelligence: State-of-Play 14 CTI Issues: An Overview 16 ENISA approaches to CTI dissemination 19 2.3.1 ETL Web App 19 2.3.2 CTI EU 21 Scope and used definitions 22 3. Top cyber-threats 23 Malware 25 3.1.1 Description of the cyberthreat 25 3.1.2 Interesting points 25 3.1.3 Trends and main statistic numbers 27 3.1.4 Top Malware threats 28 3.1.5 Specific attack vectors 29 3.1.6 Specific mitigation actions 29 3.1.7 Kill Chain 29 3.1.8 Authoritative references 30 Web-based attacks 31 3.2.1 Description of the cyberthreat 31 3.2.2 Interesting points 31 3.2.3 Trends and main statistic numbers 32 3.2.4 Specific attack vectors 33 3.2.5 Specific mitigation vectors 34 3.2.6 Kill Chain 35 3.2.7 Authoritative references 35 Web application attacks 36 3.3.1 Description of the cyberthreat 36 3.3.2 Interesting points 36 3.3.3 Trends and main statistic numbers 37 3.3.4 Top web app attacks 37 3.3.5 Specific mitigation actions 38 3.3.6 Kill Chain 38 03 ENISA Threat Landscape Report 2017 ETL 2017 | 1.0 | HSA | January 2018 3.3.7 Authoritative references 39 Phishing 40 3.4.1 Description of the cyberthreat 40 3.4.2 Interesting points 40 3.4.3 Trends and main statistic numbers 42 3.4.4 Top 10 Most-Clicked General Email Subject Lines 43 3.4.5 Specific mitigation actions 43 3.4.6 Kill Chain 44 3.4.7 Authoritative references 44 Spam 45 3.5.1 Description of the threat 45 3.5.2 Interesting points 45 3.5.3 Trends and main statistic numbers 46 3.5.4 Top Spam sources 47 3.5.5 Specific mitigation actions 47 3.5.6 Kill Chain 48 3.5.7 Authoritative references 48 Denial of Service 49 3.6.1 Description of the threat 49 3.6.2 Interesting points 49 3.6.3 Trends and main statistic numbers 51 3.6.4 Top 5 most dangerous DDoS attacks 52 3.6.5 Specific attack vectors 52 3.6.6 Specific mitigation actions 53 3.6.7 Kill Chain 54 3.6.8 Authoritative references 54 Ransomware 55 3.7.1 Description of the threat 55 3.7.2 Interesting points 55 3.7.3 Trends and main statistic numbers 56 3.7.4 Top 5 ransomware threats239 57 3.7.5 Specific attack vectors 58 3.7.6 Specific mitigation actions 58 3.7.7 Kill Chain 59 3.7.8 Authoritative references 59 Botnets 60 3.8.1 Description of the threat 60 3.8.2 Interesting points 60 3.8.3 Trends and main statistic numbers 61 3.8.4 Top botnets attacks 62 3.8.5 Specific attack vectors 62 3.8.6 Specific mitigation actions 62 3.8.7 Kill Chain 63 3.8.8 Authoritative references 63 Insider threat 64 04 ENISA Threat Landscape Report 2017 ETL 2017 | 1.0 | HSA | January 2018 3.9.1 Description of the cyberthreat 64 3.9.2 Interesting points 64 3.9.3 Trends and main statistic numbers,,368 65 3.9.4 Top IT assets vulnerable to insider attacks 65 3.9.5 Specific attack vectors 66 3.9.6 Specific mitigation actions 66 3.9.7 Kill Chain 67 3.9.8 Authoritative references 67 Physical manipulation/damage/theft/loss 68 3.10.1 Description of the cyberthreat 68 3.10.2 Interesting points 68 3.10.3 Trends and main statistic numbers 69 3.10.4 Specific mitigation actions 69 3.10.5 Kill Chain 70 3.10.6 Authoritative references 70 Data Breaches 71 3.11.1 Description of the cyberthreat 71 3.11.2 Interesting points 71 3.11.3 Trends and main statistic numbers 71 3.11.4 Top Data breaches 72 3.11.5 Specific attack vectors 73 3.11.6 Specific mitigation actions 73 3.11.7 Kill Chain 74 3.11.8 Authoritative references 74 Identity Theft 75 3.12.1 Description of the cyberthreat 75 3.12.2 Interesting points 75 3.12.3 Trends and main statistic numbers 76 3.12.4 Top 5 identity theft threat 76 3.12.5 Specific attack vectors 77 3.12.6 Specific mitigation actions 77 3.12.7 Kill Chain: 78 3.12.8 Authoritative references 78 Information leakage 79 3.13.1 Description of the cyberthreat 79 3.13.2 Interesting points 79 3.13.3 Trends and main statistic numbers 79 3.13.4 Top data leaks threats 80 3.13.5 Specific attack vectors 80 3.13.6 Specific mitigation actions 80 3.13.7 Kill Chain 81 3.13.8 Authoritative references 81 Exploit kits 82 3.14.1 Description of the cyberthreat 82 3.14.2 Interesting points 82 3.14.3 Trends and main statistic numbers 83 05 ENISA Threat Landscape Report 2017 ETL 2017 | 1.0 | HSA | January 2018 3.14.4 Top 10 exploit kit threats 84 3.14.5 Specific attack vectors 85 3.14.6 Specific mitigation actions 85 3.14.7 Kill Chain 86 3.14.8 Authoritative references 86 Cyber-Espionage 87 3.15.1 Description of the cyberthreat 87 3.15.2 Interesting points, 87 3.15.3 Trends and main statistic numbers 88 3.15.4 Top cyber espionage attacks 88 3.15.5 Specific attack vectors 89 3.15.6 Specific mitigation actions 89 3.15.7 Kill Chain 89 3.15.8 Authoritative references 89 Visualising changes in the current threat landscape 90 4. Threat Agents 91 Threat agents and trends 91 Top threat agents and motives 93 Threat Agents and top threats 97 5. Attack Vectors 99 Introduction 99 Attack vectors taxonomy 99 Attacking the human element 100 Web and browser based attack vectors 101 Internet exposed assets 102 Exploitation of vulnerabilities/misconfigurations and cryptographic/network/ security protocol flaws 103 Supply-chain attacks 103 Aftermath of this year’s ransomware attacks 104 6. Conclusions 107 Main cyber-issues ahead 107 Conclusions 111 06 ENISA Threat Landscape Report 2017 ETL 2017 | 1.0 | HSA | January 2018 Executive Summary 2017 was the year in which incidents in the cyberthreat landscape have led to the definitive recognition of some omnipresent facts. We have gained unwavering evidence regarding monetization methods, attacks to democracies, cyber-war, transformation of malicious infrastructures and the dynamics within threat agent groups.