ENISA Threat Landscape Report 2018 15 Top Cyberthreats and Trends
Total Page:16
File Type:pdf, Size:1020Kb
ENISA Threat Landscape Report 2018 15 Top Cyberthreats and Trends FINAL VERSION 1.0 ETL 2018 JANUARY 2019 www.enisa.europa.eu European Union Agency For Network and Information Security ENISA Threat Landscape Report 2018 ETL 2018 | 1.0 | External | January 2019 About ENISA The European Union Agency for Network and Information Security (ENISA) is a centre of network and information security expertise for the EU, its member states, the private sector and Europe’s citizens. ENISA works with these groups to develop advice and recommendations on good practice in information security. It assists EU member states in implementing relevant EU legislation and works to improve the resilience of Europe’s critical information infrastructure and networks. ENISA seeks to enhance existing expertise in EU member states by supporting the development of cross-border communities committed to improving network and information security throughout the EU. More information about ENISA and its work can be found at www.enisa.europa.eu. Contact For queries on this paper, please use [email protected] For media enquiries about this paper, please use [email protected]. Acknowledgements ENISA would like to thank the members of the ENISA ETL Stakeholder group: Pierluigi Paganini, Chief Security Information Officer, IT, Paul Samwel, Banking, NL, Jason Finlayson, Consulting, IR, Stavros Lingris, CERT-EU, Jart Armin, Worldwide coalitions/Initiatives, International, Thomas Häberlen, Member State, DE, Neil Thacker, Consulting, UK, Shin Adachi, Security Analyst, US, R. Jane Ginn, Consulting, US, Andreas Sfakianakis, Industry, NL. The group has provided valuable input, has supported the ENISA threat analysis and has reviewed ENISA material. Their support is highly appreciated and has definitely contributed to the quality of the material presented in this report. Moreover, we would like to thank CYjAX for granting access pro bono to its cyber risk intelligence portal providing information on cyberthreats and cyber- crime. Legal notice Notice must be taken that this publication represents the views and interpretations of ENISA, unless stated otherwise. This publication should not be construed to be a legal action of ENISA or the ENISA bodies unless adopted pursuant to the Regulation (EU) No 526/2013. This publication does not necessarily represent state-of the-art and ENISA may update it from time to time. Third-party sources are quoted as appropriate. ENISA is not responsible for the content of the external sources including external websites referenced in this publication. This publication is intended for information purposes only. It must be accessible free of charge. Neither ENISA nor any person acting on its behalf is responsible for the use that might be made of the information contained in this publication. Copyright Notice © European Union Agency for Network and Information Security (ENISA), 2019 Reproduction is authorised provided the source is acknowledged. ISBN 978-92-9204-286-8, ISSN 2363-3050, DOI 10.2824/622757 02 ENISA Threat Landscape Report 2018 ETL 2018 | 1.0 | External | January 2019 Table of Contents 1. Introduction 10 Policy context 11 Target audience 12 Structure of the document 13 2. Cyberthreat Intelligence and ETL 14 Cyberthreat Intelligence: State of Play 14 Cyberthreat Intelligence Maturity Model 18 3. Top Cyberthreats 24 Malware 26 3.1.1 Description of the cyberthreat 26 3.1.2 Interesting points 26 3.1.3 Trends and main statistics 29 3.1.4 Top malware families by type 30 3.1.5 Specific attack vectors 31 3.1.6 Specific mitigation actions 31 3.1.7 Kill Chain 32 3.1.8 Authoritative references 32 Web Based Attacks 33 3.2.1 Description of the cyberthreat 33 3.2.2 Interesting points 33 3.2.3 Trends and main statistics 34 3.2.4 Specific attack vectors 35 3.2.5 Specific mitigation actions 36 3.2.6 Kill Chain 36 3.2.7 Authoritative references 36 Web Application Attacks 37 3.3.1 Description of the cyberthreat 37 3.3.2 Interesting points 37 3.3.3 Trends and main statistics 38 3.3.4 Top Web Application Attacks 39 3.3.5 Specific mitigation actions 39 3.3.6 Kill Chain 40 3.3.7 Authoritative references 40 Phishing 40 3.4.1 Description of the cyberthreat 40 3.4.2 Interesting points 40 3.4.3 Trends and main statistics 43 3.4.4 Top Phishing Themes 44 3.4.5 Specific mitigation actions 45 03 ENISA Threat Landscape Report 2018 ETL 2018 | 1.0 | External | January 2019 3.4.6 Kill Chain 46 3.4.7 Authoritative references 46 Denial of Service 47 3.5.1 Description of the cyberthreat 47 3.5.2 Interesting points 47 3.5.3 Trends and main statistics 49 3.5.4 Top 5 DDoS attacks 51 3.5.5 Specific attack vectors 51 3.5.6 Specific mitigation actions 52 3.5.7 Kill Chain 53 3.5.8 Authoritative references 53 Spam 54 3.6.1 Description of the cyberthreat 54 3.6.2 Interesting points 54 3.6.3 Trends and main statistics 56 3.6.4 Top Spam sources 57 3.6.5 Specific mitigation actions 57 3.6.6 Kill Chain 58 3.6.7 Authoritative references 58 Botnets 59 3.7.1 Description of the cyberthreat 59 3.7.2 Interesting points 59 3.7.3 Trends and main statistics 61 3.7.4 Top Botnet Attacks 62 3.7.5 Specific attack vectors 62 3.7.6 Specific mitigation actions 62 3.7.7 Kill Chain 63 3.7.8 Authoritative references 63 Data Breaches 64 3.8.1 Description of the cyberthreat 64 3.8.2 Interesting points 64 3.8.3 Trends and main statistics 65 3.8.4 Top Data Breaches 66 3.8.5 Specific attack vectors 67 3.8.6 Specific mitigation actions 67 3.8.7 Kill Chain 68 3.8.8 Authoritative references 68 Insider threat 69 3.9.1 Description of the cyberthreat 69 3.9.2 Interesting points 69 3.9.3 Trends and main statistics 69 3.9.4 Top IT and other assets vulnerable to insider attacks 70 3.9.5 Specific attack vectors 71 3.9.6 Specific mitigation actions 72 3.9.7 Kill Chain 73 3.9.8 Authoritative references 73 04 ENISA Threat Landscape Report 2018 ETL 2018 | 1.0 | External | January 2019 Physical manipulation/damage/theft/loss 74 3.10.1 Description of the cyberthreat 74 3.10.2 Interesting points 74 3.10.3 Trends and main statistics 76 3.10.4 Specific mitigation actions 77 3.10.5 Kill Chain 77 3.10.6 Authoritative references 78 Information Leakage 79 3.11.1 Description of the cyberthreat 79 3.11.2 Interesting points 80 3.11.3 Trends and main statistics 81 3.11.4 Top data leaks incidents 82 3.11.5 Specific attack vectors 83 3.11.6 Specific mitigation actions 83 3.11.7 Kill Chain 84 3.11.8 Authoritative references 84 Identity Theft 85 3.12.1 Description of the cyberthreat 85 3.12.2 Interesting points 86 3.12.3 Trends and main statistics 87 3.12.4 Top identity theft threats 88 3.12.5 Specific attack vectors 89 3.12.6 Specific mitigation actions 90 3.12.7 Kill Chain 91 3.12.8 Authoritative references 91 Cryptojacking 92 3.13.1 Description of the cyberthreat 92 3.13.2 Interesting points 92 3.13.3 Trends and main statistics 96 3.13.4 Top 5 cryptojacking threats 97 3.13.5 Specific attack vectors 97 3.13.6 Specific mitigation actions 99 3.13.7 Kill Chain 99 3.13.8 Authoritative references 99 Ransomware 100 3.14.1 Description of the cybe-threat 100 3.14.2 Interesting points 100 3.14.3 Trends and main statistics 101 3.14.4 Top ransomware threats 103 3.14.5 Specific attack vectors 105 3.14.6 Specific mitigation actions 105 3.14.7 Kill Chain 106 3.14.8 Authoritative references 106 Cyber Espionage 107 3.15.1 Description of the cyberthreat 107 3.15.2 Interesting points 107 05 ENISA Threat Landscape Report 2018 ETL 2018 | 1.0 | External | January 2019 3.15.3 Trends and main statistics 109 3.15.4 Top cyberespionage attacks 110 3.15.5 Specific attack vectors 113 3.15.6 Specific mitigation actions 113 3.15.7 Kill Chain 113 3.15.8 Authoritative references 114 Visualising changes in the current threat landscape 115 4. Threat Agents 116 Threat agents and trends 116 Top threat agents and motives 118 Threat Agents and top threats 123 5. Attack Vectors 125 Attack vectors taxonomy for this year’s threat landscape 125 Misinformation/Disinformation 126 Web and browser based attack vectors 128 Fileless or memory-based attacks 129 Multi-staged and modular threats 130 6. Conclusions 133 Main CTI-related cyber-issues ahead 133 Conclusions and recommendations for this year’s ETL report. 136 06 ENISA Threat Landscape Report 2018 ETL 2018 | 1.0 | External | January 2019 Executive Summary 2018 was a year that has brought significant changes in the cyberthreat landscape. Those changes had as source discrete developments in motives and tactics of the most important threat agent groups, namely cyber-criminals and state-sponsored actors. Monetization motives have contributed to the appearance of crypto-miners in the top 15 threats. State-sponsored activities have led to the assumption that there is a shift towards reducing the use of complex malicious software and infrastructures and going towards low profile social engineering attacks. These developments are the subject of this threat landscape report. Developments have been achieved from the side of defenders too.