D2.2 Final Report on Cybersecurity Indicators & Open Source Intelligence Methodologies Work Package WP2: Metrics of Cybersecurity Document Dissemination Level P Public x CΟ Confidential, only for members of the Consortium (including the Commission Services) Document Due Date: 28/02/2019 Document Submission Date: 28/02/2019 This work is performed within the SAINT Project – Systemic Analyser in Network Threats – with the support of the European Commission and the Horizon 2020 Program, under Grant Agreement No 740829 D2.2 Final Report on Cybersecurity Indicators & Open Source Intelligence Methodologies Document Information Deliverable number: D2.2 Deliverable title: Final report on Cybersecurity Indicators & Open Source Intelligence Methodologies Deliverable version: 1.0 Work Package number: WP2 Work Package title: Metrics of Cybersecurity Due Date of delivery: 28/02/2019 Actual date of delivery: Dissemination level: Public Editor(s): Jart Armin (CYBE), Bryn Thompson (CYBE) Contributor(s): Yannis Stamatiou (CTI), Edgardo Montes de Oca (MNTMG) Reviewer(s): Olivia Odell (AS), Dimitris , Kavallieros (KEMEA) Ethical advisor(s): Christina Chalanouli (KEMEA), Project name: Systemic Analyser in Network Threats Project Acronym SAINT Project starting date: 1/5/2017 Project duration: 24 months Rights: SAINT Consortium Version History Version Date Beneficiary Description 0.1 21/12/2017 CYBE CTI MI First draft 0.2 28/01/2019 CYBE CTI MI 2nd Draft 0.3 15/02/2019 CYBE CTI MI 3rd Draft 0.4 19/02/2019 CYBE 4th Draft 0.5 21/02/2019 CYBE 5th draft for review. 0.6 25/02/2019 CYBE/AS/KEMEA Final draft 1.0 27/02/2019 CYBE Final 1.1 04/03/2019 CYBE Add missing text on malware & Figure # Copyright SAINT Consortium. All rights reserved. 2 D2.2 Final Report on Cybersecurity Indicators & Open Source Intelligence Methodologies Table of Contents 1 Introduction ............................................................................................................................................... 8 2 Cyber Security Taxonomies and Ontology............................................................................................... 10 2.1 OAT ontology ................................................................................................................................... 12 2.2 OWASP Top 10 – web application risks ........................................................................................... 16 3 SAINT Selection of Cybersecurity Indicators – Phase 1 – (M1 to M6) ..................................................... 18 3.1 ENISA’s Top 15 ................................................................................................................................. 18 4 Final Open Source Cybersecurity Indicator Data Sets with WP2 and WP5 Phase 2 – (M3 – M9) ........... 20 5 Indicators - Econometrics ........................................................................................................................ 28 5.1 Online population experienced cybercrime (EU) ............................................................................ 28 5.2 Time spent / lost per victim of cybercrime ..................................................................................... 29 5.3 Cost of cybercrime (EU) ................................................................................................................... 29 5.4 Cost of a data breach ....................................................................................................................... 30 5.5 Cost to individuals of cybersecurity measures ................................................................................ 30 5.6 Cost to enterprises of cybersecurity measures ............................................................................... 31 5.7 Cost to governments of cybersecurity measures ............................................................................ 32 5.8 Number of individuals working in cybersecurity (2018 EU) ............................................................ 32 5.9 Estimates for cybersecurity personnel needed (by 2020 EU) ......................................................... 33 6 Indicators - Cybercrime Activity .............................................................................................................. 34 6.1 Malware ........................................................................................................................................... 34 6.1.1 Trojans ..................................................................................................................................... 36 6.1.2 Viruses (computer) .................................................................................................................. 36 6.1.3 Worms ..................................................................................................................................... 36 6.2 Web based attacks .......................................................................................................................... 36 6.2.1 RFI (remote file inclusion), ....................................................................................................... 36 6.2.2 LFI (local file inclusion),............................................................................................................ 37 6.2.3 XSA (cross server attack), ........................................................................................................ 37 6.2.4 RCE (remote code execution) .................................................................................................. 37 6.3 Web application attacks .................................................................................................................. 37 6.4 Denial of Service (DoS, DDoS, DrDoS) ............................................................................................. 38 6.5 Botnets ............................................................................................................................................ 41 6.6 Phishing ........................................................................................................................................... 42 6.7 Ransomware .................................................................................................................................... 43 6.8 Exploit kits ....................................................................................................................................... 44 6.8.1 Crimeware ............................................................................................................................... 46 6.8.2 Cybercrime as a service ........................................................................................................... 46 6.9 APT (Advanced Persistent Threats) ................................................................................................. 46 Copyright SAINT Consortium. All rights reserved. 3 D2.2 Final Report on Cybersecurity Indicators & Open Source Intelligence Methodologies 6.10 Data breaches .................................................................................................................................. 48 6.11 Cyber attacks ................................................................................................................................... 49 6.12 Identity theft .................................................................................................................................... 50 6.13 Cyber espionage .............................................................................................................................. 50 6.13.1 RATs (Remote Access Trojan) .................................................................................................. 51 6.13.2 Cyberterrorism ........................................................................................................................ 52 6.13.3 Cyberwarfare ........................................................................................................................... 52 6.14 Intrusion (computer) ....................................................................................................................... 52 6.14.1 Spyware ................................................................................................................................... 53 6.14.2 Malvertising ............................................................................................................................. 53 6.14.3 Clickjacking .............................................................................................................................. 53 6.14.4 Grayware ................................................................................................................................. 53 6.14.5 Backdoors ................................................................................................................................ 54 6.14.6 Adware ..................................................................................................................................... 54 6.15 Cryptovirology ................................................................................................................................. 54 6.16 Malicious software (badware) ......................................................................................................... 55 6.16.1 Rootkits ...................................................................................................................................