Cyber Black Hats, White Hats Becoming More Savvy, Says EU Cybersecurity Agency

Cyberspace good guys and bad guys have both become more advanced, said the European Union Network and Information Security Agency (ENISA) in a 2015 threat landscape report. While the good guys have shown better cooperation and more orchestrated reactions to cyberthreats, the bad guys "have advanced their malicious tools with obfuscation, stealthiness and striking power," it said. Cloud and mobile computing are the top emerging threats, it said. EU-wide cybersecurity rules are expected to be finalized by summer, said an EU diplomatic source.

Last year saw improved coordinated responses to take down malicious infrastructure, analyze incidents and improve attribution, said ENISA. European governments are more aware of the problem and willing to spend more on defense, it said. They're carrying out exercises together, developing threat assessments and sharing more information, and they're focusing on R&D of protection measures and tools, it said. But "adversaries have achieved considerable advances too," the report said. Cyberthreat agents have launched persistent attacks based on hardware, far below the radar of available defense tools, and have enhanced "cyber-crime-as-a-service" offerings. Criminals have also developed more malware weapons and automated tools to find and exploit vulnerabilities, and broadened their attacks to include routers, firmware and the IoT, ENISA said.

The top threats in 2015 came from malware, Web-based attacks and Web-based application attacks, which showed no change in ranking from 2014, the report said. Botnets and denial-of-service attacks also were unchanged, while physical damage/theft/loss and insider attacks went up. Cyberattacks from phishing, spam and exploit kits, data breaches, information leakage and cyberespionage declined, but identity theft and ransomware activities increased, it said.

The report said emerging cyberthreats are: (1) Cloud computing, which ENISA said it considers a main target of cybercriminals because of the amount of valuable information stored or processed. (2) Mobile computing, whose high innovation potential makes it a favorite target for criminals. (3) Cyber Physical Systems, in which software is used to manage a physical process. (4) The IoT, where interconnected devices deal with physical phenomena such as managing a home environment. (5) Big Data, which can be used to synthesize personal, confidential and security-related information. (6) Network virtualization and software defined networks such as 5G, for which the security challenges are going to be "considerable and of a new quality."

ENISA's analysis of last year's cyber-incidents showed that "in most of the cases even basic security controls are not in place or fail to provide assumed protection," it said. Single users and small and midsized organizations "are in a vicious cycle" in which they lack basic security measures and aren't aware of the dynamics of cyberthreats, it said. Phishing, which is one of the most common ways of installing malware, constantly gains momentum because people aren't being trained to be aware of it, the report said. Cyber-crime-as-a-service is a model that will grow, it said. Much more work is needed to disable the development of the dark net as a place that encourages cyberthreats, it said. The report also backed more thorough threat agent modeling, saying "attribution lags behind and information sharing about threat agents is at a very low maturity."

Cyberthreats are evolving along two extremes, said ENISA. They have "effective simplicity," achieved with a series of low-tech, highly efficient infection methods, but also effective complexity via next-generation malware and attack vectors, it said. Among other recommendations, the agency urged policymakers to foster end-point protection by issuing market guidance based on cyberthreat mitigation techniques; develop end-user training based on the current threat assessment; and publish threat mitigation good practices.

Public authorities should also reengineer available incident and data-breach report systems to capture information about cyberthreats more effectively, and study the feasibility of mobilizing citizens as cyberdefenders of their communities, ENISA said. Authorities should develop threat intelligence for governmental bodies, it said. The report also recommended technology companies look for ways to glean information from the dark net and dark web and come up with better-quality data about threats to share according to the individual needs of target groups.

The EU network and information security directive will boost cybersecurity capabilities in and cooperation among European countries, and require operators of essential services such as search engines and cloud computing to install appropriate security systems and report incidents to national authorities, the European Commission said in December. A compromise text provisionally OK'd by European Parliament and Council negotiators won backing from the Parliament's Internal Market Committee Jan. 14, a news release said. Governments will adopt the text without further discussion, and Parliament must also approve it, said the EU diplomatic source. "We expect the text to be signed and published in the Official Journal by the summer, " she said.