DOCSLIB.ORG

ENISA Threat Landscape

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
ENISA Threat Landscape ENISA Threat Landscape Responding to the Evolving Threat Environment [Deliverable – 2012-09-28] ENISA Threat Landscape I Responding to the Evolving Threat Environment Contributors to this report This report was produced by ENISA using publicly available information on incidents and threats. Authors of this report in alphabetical order are: Louis Marinos, European Network and Information Security Agency and Andreas Sfakianakis, European Network and Information Security Agency The authors would like to thank all ENISA colleagues and external experts who provided information on existing threat resources and have contributed through discussions on the subject matter. II ENISA Threat Landscape Responding to the Evolving Threat Environment About ENISA The European Network and Information Security Agency (ENISA) is a centre of network and information security expertise for the EU, its member states, the private sector and Europe’s citizens. ENISA works with these groups to develop advice and recommendations on good practice in information security. It assists EU member states in implementing relevant EU legislation and works to improve the resilience of Europe’s critical information infrastructure and networks. ENISA seeks to enhance existing expertise in EU member states by supporting the development of cross-border communities committed to improving network and information security throughout the EU. More information about ENISA and its work can be found at www.enisa.europa.eu. Contact details For contacting ENISA for general enquiries on this report, please use the following details: E-mail: [email protected] Internet: http://www.enisa.europa.eu Legal notice Notice must be taken that this publication represents the views and interpretations of the authors and editors, unless stated otherwise. This publication should not be construed to be a legal action of ENISA or the ENISA bodies unless adopted pursuant to the ENISA Regulation (EC) No 460/2004 as lastly amended by Regulation (EU) No 580/2011. This publication does not necessarily represent state-of the-art and ENISA may update it from time to time. Third-party sources are quoted as appropriate. ENISA is not responsible for the content of the external sources including external websites referenced in this publication. This publication is intended for information purposes only. It must be accessible free of charge. Neither ENISA nor any person acting on its behalf is responsible for the use that might be made of the information contained in this publication. Reproduction is authorised provided the source is acknowledged. © European Network and Information Security Agency (ENISA), 2012 ENISA Threat Landscape III Responding to the Evolving Threat Environment Contents 1 Executive Summary ............................................................................................................... 2 2 Introduction .......................................................................................................................... 4 3 Scope and Definitions ........................................................................................................... 6 3.1 Scope .............................................................................................................................. 6 3.1.1 What is threat landscape? ...................................................................................... 6 3.1.2 What are the factors leading to a change of threat landscape? ............................ 6 3.1.3 How many kinds of threat landscapes exist? .......................................................... 7 3.1.4 Threat landscape vs. risk landscape ........................................................................ 7 3.1.5 Objectives of this work ........................................................................................... 8 3.1.6 What is beyond the scope of this report? .............................................................. 9 3.1.7 Processed material ................................................................................................ 10 3.2 Definitions .................................................................................................................... 10 4 Top Threats: The Current Threat Landscape ...................................................................... 13 4.1.1 Drive-by Exploits ................................................................................................... 13 4.1.2 Worms/Trojans ..................................................................................................... 14 4.1.3 Code Injection Attacks .......................................................................................... 14 4.1.4 Exploit Kits ............................................................................................................. 15 4.1.5 Botnets .................................................................................................................. 16 4.1.6 Denial of service .................................................................................................... 17 4.1.7 Phishing ................................................................................................................. 17 4.1.8 Compromising confidential information............................................................... 18 4.1.9 Rogueware/Scareware .......................................................................................... 18 4.1.10 Spam ...................................................................................................................... 19 4.1.11 Targeted Attacks ................................................................................................... 20 4.1.12 Physical Theft/Loss/Damage ................................................................................. 21 4.1.13 Identity Theft......................................................................................................... 21 4.1.14 Abuse of Information Leakage .............................................................................. 22 4.1.15 Search Engine Poisoning ....................................................................................... 23 4.1.16 Rogue certificates.................................................................................................. 23 IV ENISA Threat Landscape Responding to the Evolving Threat Environment 5 Overview of Threat Agents ................................................................................................. 24 6 Threat Trends: The Emerging Threat Landscape ................................................................ 27 6.1 Threat Trends in Mobile Computing ............................................................................ 28 6.2 Threat Trends in Social Technology ............................................................................. 29 6.3 Threat Trends in Critical Infrastructures ...................................................................... 32 6.4 Threat Trends in Trust Infrastructure ........................................................................... 33 6.5 Threat Trends in Cloud Computing .............................................................................. 35 6.6 Threat Trends in Big Data ............................................................................................. 38 7 Concluding remarks ............................................................................................................ 41 Annex .......................................................................................................................................... 43 Drive-by Exploits ..................................................................................................................... 43 Worms/Trojans ....................................................................................................................... 46 Code Injection Attacks ............................................................................................................ 50 Exploit Kits ............................................................................................................................... 55 Botnets .................................................................................................................................... 57 Denial of service ...................................................................................................................... 62 Phishing ................................................................................................................................... 64 Compromising confidential information ................................................................................. 68 Rogueware/Scareware ............................................................................................................ 71 Spam ........................................................................................................................................ 72 Targeted Attacks ..................................................................................................................... 76 Physical Theft/Loss/Damage ................................................................................................... 81 Identity theft ........................................................................................................................... 82 Abuse of information leakage ................................................................................................
Load more

Recommended publications
  • Click Trajectories: End-To-End Analysis of the Spam Value Chain
    Click Trajectories: End-to-End Analysis of the Spam Value Chain ∗ ∗ ∗ ∗ z y Kirill Levchenko Andreas Pitsillidis Neha Chachra Brandon Enright Mark´ Felegyh´ azi´ Chris Grier ∗ ∗ † ∗ ∗ Tristan Halvorson Chris Kanich Christian Kreibich He Liu Damon McCoy † † ∗ ∗ Nicholas Weaver Vern Paxson Geoffrey M. Voelker Stefan Savage ∗ y Department of Computer Science and Engineering Computer Science Division University of California, San Diego University of California, Berkeley z International Computer Science Institute Laboratory of Cryptography and System Security (CrySyS) Berkeley, CA Budapest University of Technology and Economics Abstract—Spam-based advertising is a business. While it it is these very relationships that capture the structural has engendered both widespread antipathy and a multi-billion dependencies—and hence the potential weaknesses—within dollar anti-spam industry, it continues to exist because it fuels a the spam ecosystem’s business processes. Indeed, each profitable enterprise. We lack, however, a solid understanding of this enterprise’s full structure, and thus most anti-spam distinct path through this chain—registrar, name server, interventions focus on only one facet of the overall spam value hosting, affiliate program, payment processing, fulfillment— chain (e.g., spam filtering, URL blacklisting, site takedown). directly reflects an “entrepreneurial activity” by which the In this paper we present a holistic analysis that quantifies perpetrators muster capital investments and business rela- the full set of resources employed to monetize spam email— tionships to create value. Today we lack insight into even including naming, hosting, payment and fulfillment—using extensive measurements of three months of diverse spam data, the most basic characteristics of this activity. How many broad crawling of naming and hosting infrastructures, and organizations are complicit in the spam ecosystem? Which over 100 purchases from spam-advertised sites.
    [Show full text]
  • 3/16/2020 Testout Labsim
    3/16/2020 TestOut LabSim 8.4 Web Application Attacks As you study this section, answer the following questions: What are two ways that drive-by download attacks occur? Which countermeasures can be used to eliminate buffer overflow attacks? How can cross-site scripting (XSS) be used to breach the security of a web user? What is the best method for preventing SQL injection attacks? What are some types of header manipulation? Which mitigation practices help to protect internet-based activities from web application attacks? In this section, you will learn to: Prevent cross-site scripting Key terms for this section include the following: Term Definition Drive-By Download An attack where software or malware is downloaded and installed without explicit consent from the user. Typosquatting/URL Hijacking An attack that occurs when an attacker registers domain names that correlate to common typographical errors made by users when trying to access a legitimate website. Buffer Overflow An attack that exploits an operating system or an application that does not properly enforce boundaries for how much and what type of data can be inputted. An attack that exploits a computational operation by a running process that results in a numeric value that exceeds the maximum size of the integer type used to store it in Integer Overflow memory. Cross-Site Scripting (XSS) An attack that injects scripts into webpages. Cross-Site Request Forgery A type of malicious exploit whereby unauthorized commands are transmitted from the user to a website that currently trusts the user by way of authentication, cookies, etc. (CSRF/XSRF) LDAP Injection An attack that uses LDAP statements with arbitrary commands to exploit web-based applications with access to a directory service.
    [Show full text]
  • Lakeridge Health Uses Trend Micro™ Messaging and Web Security for Comprehensive Gateway Web Threat Protection
    Securing Your Web World Lakeridge Health Uses Trend Micro™ Messaging and Web Security for Comprehensive Gateway Web Threat Protection Lakeridge Health (LH) serves a community of more than 500,000 residents within an area of 19,000 square kilometers in Ontario. IT must build in security to protect the mission-critical infrastructure that spans the 25 hospitals, clinics, and administrative sites. A recent escalation in web threats, including web-based phishing and malware as well as the spam emails that deliver links to these threats, called for a combination of Trend Micro messaging and web solutions supported by the Trend Micro Smart Protection Network. ESCALATING WEB THREATS “ Trend Micro messaging and Over the years, LH has tried many web security builds up our alternatives in its search for the best possible security. When web threats began defenses where they can to increase, LH’s user help desk was flooded do the most good—right at with complaints about spyware and other the edge of our network. infections. Unsatisfied with its previously These solutions have proven deployed products and lack of support from the vendor, LH evaluated four other security invaluable for fighting the vendors including Trend Micro. constantly evolving web After identifying Trend Micro as the winner of its security “bake off,” LH deployed multiple threats.” layers of Trend Micro protection. Trend Micro gateway protection blocks web-based threats by introducing messaging and web defense right at the network perimeter: — Peter Hastie, IT Systems Consultant • Trend Micro InterScan™ Messaging Security blocks emails threats, including spam, Lakeridge Health (LH), phishing, and malware, and offers content filtering to enforce compliance and prevent Ontario, Canada data leaks.
    [Show full text]
  • Clickjacking
    Security Now! Transcript of Episode #168 Page 1 of 18 Transcript of Episode #168 ClickJacking Description: Steve and Leo discuss yet another challenge to surfing safely in the web world: Known as "ClickJacking," or more formally as "UI Redressing," this class of newly popular threats tricks web users into performing web-based actions they don't intend by leading them to believe they are doing something else entirely. High quality (64 kbps) mp3 audio file URL: http://media.GRC.com/sn/SN-168.mp3 Quarter size (16 kbps) mp3 audio file URL: http://media.GRC.com/sn/sn-168-lq.mp3 INTRO: Netcasts you love, from people you trust. This is TWiT. Leo Laporte: Bandwidth for Security Now! is provided by AOL Radio at AOL.com/podcasting. This is Security Now! with Steve Gibson, Episode 168 for October 30, 2008: Clickjacking. It's time for Security Now!, the show where we cover everything you'd ever want to know about security. And we do it with a guy who is the king, really, as far as I'm concerned, the man who discovered spyware, named spyware, wrote some of the most used security utilities out there, including ShieldsUP!, Mr. Steve Gibson of GRC.com. Hi, Steve. Steve Gibson: Yes, in fact sometimes we're discussing things that you'd rather wish weren't the case. I mean... Leo: Well, lately it's been kind of bleak because it's like, there's bad stuff, and there doesn't really seem like there's any cure. Steve: Yes, that's true.
    [Show full text]
  • Search Engines and Cyber Hygiene Exercise - 11
    IT WORKSHOP LAB MANUAL Search Engines and Cyber Hygiene Exercise - 11 Aim: Working of search engine, Awareness of various threats on Internet, types of attacks and how to overcome. Installation of antivirus software, configuration of personal firewall and Windows update on computers. 11.1 Introduction Search Engine refers to a huge database of internet resources such as web pages, newsgroups, programs, images etc. It helps to locate information on World Wide Web. User can search for any information by passing query in form of keywords or phrase. It then searches for relevant information in its database and return to the user. Fig. 1. Windows explorer 198 Prepared by: APPROVED BY : Ms.K.NIRMALA Dr.K.RAMANI Mr.V.S.V.S.S.S.M.CHAKRADHAR HOD, IT IT WORKSHOP LAB MANUAL Search Engine Components Generally there are three basic components of a search engine as listed below: 1. Web Crawler 2. Database 3. Search Interfaces Web crawler It is also known as spider or bots. It is a software component that traverses the web to gather information. Database All the information on the web is stored in database. It consists of huge web resources. Search Interfaces This component is an interface between user and the database. It helps the user to search through the database. Search Engine Working Web crawler, database and the search interface are the major component of a search engine that actually makes search engine to work. Search engines make use of Boolean expression AND, OR, NOT to restrict and widen the results of a search. Following are the steps that are performed by the search engine: The search engine looks for the keyword in the index for predefined database instead of going directly to the web to search for the keyword.
    [Show full text]
  • A Semi-Automated Security Advisory System to Resist Cyber-Attack in Social Networks
    A Semi-Automated Security Advisory System to Resist Cyber-attack in Social Networks Samar Muslah Albladi and George R S Weir University of Strathclyde, Glasgow G1 1XH, UK {samar.albladi; george.weir}@strath.ac.uk Abstract. Social networking sites often witness various types of social engi- neering (SE) attacks. Yet, limited research has addressed the most severe types of social engineering in social networks (SNs). The present study in- vestigates the extent to which people respond differently to different types of attack in a social network context and how we can segment users based on their vulnerability. In turn, this leads to the prospect of a personalised security advisory system. 316 participants have completed an online-ques- tionnaire that includes a scenario-based experiment. The study result re- veals that people respond to cyber-attacks differently based on their de- mographics. Furthermore, people’s competence, social network experience, and their limited connections with strangers in social networks can decrease their likelihood of falling victim to some types of attacks more than others. Keywords: Advisory System, Social Engineering, Social Networks. 1 Introduction Individuals and organisations are becoming increasingly dependent on working with computers, accessing the World Wide Web and, more importantly, sharing data through virtual communication. This makes cyber-security one of today’s greatest issues. Pro- tecting people and organisations from being targeted by cybercriminals is becoming a priority for industry and academia [1]. This is due to the huge potential damage that could be associated with losing valuable data and documents in such attacks. Previous research focuses on identifying factors that influence people’s vulnerability to cyber-attack [2] as the human has been characterised as the weakest link in infor- mation security research.
    [Show full text]
  • Financial Fraud and Internet Banking: Threats and Countermeasures
    Report Financial Fraud and Internet Banking: Threats and Countermeasures By François Paget, McAfee® Avert® Labs Report Financial Fraud and Internet Banking: Threats and Countermeasures Table of Contents Some Figures 3 U.S. Federal Trade Commission Statistics 3 CyberSource 4 Internet Crime Complaint Center 4 In Europe 5 The Many Faces of Fraud 6 Small- and large-scale identity theft 7 Carding and skimming 8 Phishing and pharming 8 Crimeware 9 Money laundering 10 Mules 10 Virtual casinos 11 Pump and dump 12 Nigerian advance fee fraud (419 fraud) 12 Auctions 14 Online shopping 16 Anonymous payment methods 17 Protective Measures 18 Scoring 18 Europay, MasterCard, and Visa (EMV) standard 18 PCI-DSS 19 Secure Sockets Layer (SSL) and Transport Secured Layer (TLS) protocols 19 SSL extended validation 20 3-D Secure technology 21 Strong authentication and one-time password devices 22 Knowledge-based authentication 23 Email authentication 23 Conclusion 24 About McAfee, Inc. 26 Report Financial Fraud and Internet Banking: Threats and Countermeasures Financial fraud has many faces. Whether it involves swindling, debit or credit card fraud, real estate fraud, drug trafficking, identity theft, deceptive telemarketing, or money laundering, the goal of cybercriminals is to make as much money as possible within a short time and to do so inconspicuously. This paper will introduce you to an array of threats facing banks and their customers. It includes some statistics and descriptions of solutions that should give readers—whether they are responsible for security in a financial organization or a customer—an overview of the current situation. Some Figures U.S.
    [Show full text]
  • The Four Rules of Complete Web Protection
    The four rules of complete web protection By Chris McCormack, Product Marketing Manager As an IT manager you’ve always known the web is a dangerous place. But with infections growing and the demands on your time and budget rising, it’s time to revisit your strategy. This whitepaper discusses the major web threats and provides four rules to help you stay protected. When you follow them, these rules will also save you time and money. The four rules of complete web protection Why the web is a scary place Your users are working on the web more than ever, reaping its benefits for increased mobility and easy access to the tools they need. But the web is also a dangerous place. Cybercriminals constantly launch attacks designed to penetrate your digital defenses and steal sensitive data. During the first half of 2011, we saw an average of 19,000 new malicious URLs every day at SophosLabs—that's one every 4.5 seconds. In a recent study of 50 organizations, 64% of those companies were victim to a web-based attack during a four week period.1 And web-based attacks are the second most costly type of attack, topped only by denial of service attacks.2 This type of cybercrime exposes you to enormous risks, including financial losses, regulatory and compliance issues, data breach liabilities, damage to brand and reputation, and loss of customer confidence. In this whitepaper we’ll discuss the types of threats and explain how these four rules can help you build a better web protection strategy.
    [Show full text]
  • Zerohack Zer0pwn Youranonnews Yevgeniy Anikin Yes Men
    Zerohack Zer0Pwn YourAnonNews Yevgeniy Anikin Yes Men YamaTough Xtreme x-Leader xenu xen0nymous www.oem.com.mx www.nytimes.com/pages/world/asia/index.html www.informador.com.mx www.futuregov.asia www.cronica.com.mx www.asiapacificsecuritymagazine.com Worm Wolfy Withdrawal* WillyFoReal Wikileaks IRC 88.80.16.13/9999 IRC Channel WikiLeaks WiiSpellWhy whitekidney Wells Fargo weed WallRoad w0rmware Vulnerability Vladislav Khorokhorin Visa Inc. Virus Virgin Islands "Viewpointe Archive Services, LLC" Versability Verizon Venezuela Vegas Vatican City USB US Trust US Bankcorp Uruguay Uran0n unusedcrayon United Kingdom UnicormCr3w unfittoprint unelected.org UndisclosedAnon Ukraine UGNazi ua_musti_1905 U.S. Bankcorp TYLER Turkey trosec113 Trojan Horse Trojan Trivette TriCk Tribalzer0 Transnistria transaction Traitor traffic court Tradecraft Trade Secrets "Total System Services, Inc." Topiary Top Secret Tom Stracener TibitXimer Thumb Drive Thomson Reuters TheWikiBoat thepeoplescause the_infecti0n The Unknowns The UnderTaker The Syrian electronic army The Jokerhack Thailand ThaCosmo th3j35t3r testeux1 TEST Telecomix TehWongZ Teddy Bigglesworth TeaMp0isoN TeamHav0k Team Ghost Shell Team Digi7al tdl4 taxes TARP tango down Tampa Tammy Shapiro Taiwan Tabu T0x1c t0wN T.A.R.P. Syrian Electronic Army syndiv Symantec Corporation Switzerland Swingers Club SWIFT Sweden Swan SwaggSec Swagg Security "SunGard Data Systems, Inc." Stuxnet Stringer Streamroller Stole* Sterlok SteelAnne st0rm SQLi Spyware Spying Spydevilz Spy Camera Sposed Spook Spoofing Splendide
    [Show full text]
  • Downloading and Running
    City Research Online City, University of London Institutional Repository Citation: Meng, X. (2018). An integrated networkbased mobile botnet detection system. (Unpublished Doctoral thesis, City, Universtiy of London) This is the accepted version of the paper. This version of the publication may differ from the final published version. Permanent repository link: https://openaccess.city.ac.uk/id/eprint/19840/ Link to published version: Copyright: City Research Online aims to make research outputs of City, University of London available to a wider audience. Copyright and Moral Rights remain with the author(s) and/or copyright holders. URLs from City Research Online may be freely distributed and linked to. Reuse: Copies of full items can be used for personal research or study, educational, or not-for-profit purposes without prior permission or charge. Provided that the authors, title and full bibliographic details are credited, a hyperlink and/or URL is given for the original metadata page and the content is not changed in any way. City Research Online: http://openaccess.city.ac.uk/ [email protected] AN INTEGRATED NETWORK- BASED MOBILE BOTNET DETECTION SYSTEM Xin Meng Department of Computer Science City, University of London This dissertation is submitted for the degree of Doctor of Philosophy City University London June 2017 Declaration I hereby declare that except where specific reference is made to the work of others, the contents of this dissertation are original and have not been submitted in whole or in part for consideration for any other degree or qualification in this, or any other University. This dissertation is the result of my own work and includes nothing which is the outcome of work done in collaboration, except where specifically indicated in the text.
    [Show full text]
  • Clickjacking: Attacks and Defenses
    Clickjacking: Attacks and Defenses Lin-Shung Huang Alex Moshchuk Helen J. Wang Carnegie Mellon University Microsoft Research Microsoft Research [email protected] [email protected] [email protected] Stuart Schechter Collin Jackson Microsoft Research Carnegie Mellon University [email protected] [email protected] Abstract such as a “claim your free iPad” button. Hence, when Clickjacking attacks are an emerging threat on the web. the user “claims” a free iPad, a story appears in the user’s In this paper, we design new clickjacking attack variants Facebook friends’ news feed stating that she “likes” the using existing techniques and demonstrate that existing attacker web site. For ease of exposition, our description clickjacking defenses are insufficient. Our attacks show will be in the context of web browsers. Nevertheless, the that clickjacking can cause severe damages, including concepts and techniques described are generally applica- compromising a user’s private webcam, email or other ble to all client operating systems where display is shared private data, and web surfing anonymity. by mutually distrusting principals. We observe the root cause of clickjacking is that an Several clickjacking defenses have been proposed and attacker application presents a sensitive UI element of a deployed for web browsers, but all have shortcomings. target application out of context to a user (such as hiding Today’s most widely deployed defenses rely on frame- the sensitive UI by making it transparent), and hence the busting [21, 37], which disallows a sensitive page from user is tricked to act out of context. To address this root being framed (i.e., embedded within another web page).
    [Show full text]
  • ESET THREAT REPORT Q3 2020 | 2 ESET Researchers Reveal That Bugs Similar to Krøøk Affect More Chip Brands Than Previously Thought
    THREAT REPORT Q3 2020 WeLiveSecurity.com @ESETresearch ESET GitHub Contents Foreword Welcome to the Q3 2020 issue of the ESET Threat Report! 3 FEATURED STORY As the world braces for a pandemic-ridden winter, COVID-19 appears to be losing steam at least in the cybercrime arena. With coronavirus-related lures played out, crooks seem to 5 NEWS FROM THE LAB have gone “back to basics” in Q3 2020. An area where the effects of the pandemic persist, however, is remote work with its many security challenges. 9 APT GROUP ACTIVITY This is especially true for attacks targeting Remote Desktop Protocol (RDP), which grew throughout all H1. In Q3, RDP attack attempts climbed by a further 37% in terms of unique 13 STATISTICS & TRENDS clients targeted — likely a result of the growing number of poorly secured systems connected to the internet during the pandemic, and possibly other criminals taking inspiration from 14 Top 10 malware detections ransomware gangs in targeting RDP. 15 Downloaders The ransomware scene, closely tracked by ESET specialists, saw a first this quarter — an attack investigated as a homicide after the death of a patient at a ransomware-struck 17 Banking malware hospital. Another surprising twist was the revival of cryptominers, which had been declining for seven consecutive quarters. There was a lot more happening in Q3: Emotet returning 18 Ransomware to the scene, Android banking malware surging, new waves of emails impersonating major delivery and logistics companies…. 20 Cryptominers This quarter’s research findings were equally as rich, with ESET researchers: uncovering 21 Spyware & backdoors more Wi-Fi chips vulnerable to KrØØk-like bugs, exposing Mac malware bundled with a cryptocurrency trading application, discovering CDRThief targeting Linux VoIP softswitches, 22 Exploits and delving into KryptoCibule, a triple threat in regard to cryptocurrencies.
    [Show full text]