2018 was a busy year for the cybersecurity sector, as independent cyber-criminals and state-sponsored actors alike further advanced their motives and tactics. Legislators in turn have flipped on the GDPR switch to punish organizations with lax security practices, and many still have a ways to go to achieve compliance.
The European Union Agency for Network and Information Security, or ENISA for short, has released its latest Threat Landscape Report analyzing the latest trends relating to cyber threats, and underscoring some best practices looking forward.
The self-designated body, based in Heraklion, the administrative capital of Crete in Greece, has been fully operational since September 1, 2005.
Main cyber threat trends in 2018
According to the agency, phishing has become the primary malware infection vector, a finding backed up by several other studies over the past 12 months. The group’s conclusion that crypto-miners became an important monetization vector reflects results from Bitdefender’s own research in early 2018. A new attack wave that started making headlines in 2017, cryptocurrency mining reached peak momentum last year by employing advanced tools to penetrate large enterprises and SCADA systems. Bitdefender telemetry also showed that cryptomining surpassed ransomware in popularity among cyber-crooks in 2018.
In another trend observed by ENISA, state-sponsored agents are increasingly targeting banks. And the emergence of IoT environments remains a concern due to missing protection mechanisms in low-end IoT devices and services.
“The need for generic IoT protection architectures/good practices remains a pressing issue,” stresses the agency.
The group further notes that cyber threat intelligence needs to respond to increasingly automated attacks by giving attackers a taste of their own medicine, so to speak – by automating their own defenses.
Last, but not least, ENISA observes that a dearth of skills and training leave a big gap in cyber defenses today.
“Public organisations struggle with staff retention due to strong competition with industry in attracting cybersecurity talents,” according to the report.
To these ends, ENISA makes a number of recommendations for policy makers and business organizations (with specific tips for technical departments).
For policy makers
ENISA wants the EU to develop capabilities to address cyber threat intelligence (CTI) knowledge management.
“EU Member States should take measures to increase their independence from currently available CTI sources (mostly from outside the EU) and to enhance the quality of CTI by adding a European context,” it states.
Governments and public administrations should share “baseline CTI”, covering sectorial and low-maturity needs of organisations, and the collection of CTI should be made easier, ENISA continues.
“Coordinated efforts among EU Member States are key in the implementation of proper defence strategies,” it believes.
For the business sector, CTI should be more transparent and immediately available to stakeholders, with a focus on non-technical users. ENISA believes the security industry can help businesses combat advanced cyber-threats by developing solutions using automation and knowledge engineering. These solutions, ENISA hopes, will help organizations mitigate most low-end automated cyber threats, with minimal human intervention.
Supply chain attacks present a grave danger to the business sector as well. ENISA recommends bridging the gap in security knowledge among the services operated and end-users of the service.
For IT reps
Technical departments, for their part, should be tasked with better researching mitigation of risk, while at the same time educate their peers in cyber-security matters.
“The ingestion of CTI knowledge needs to be enlarged to include accurate information on incidents and information from related disciplines,” reads the set of tips for IT departments. “CTI knowledge management needs to be the subject of standardisation efforts, in particular: standard vocabularies, standard attack repositories, automated information collection methods, and knowledge management processes. Research needs to be conducted to better understand attack practices, malware evolution, malicious infrastructure evolution and threat agent profiling.”
The report itself is 130+ pages long and includes a breadth of definitions and acknowledgements useful both to the private sector and the general public. It describes cyber-threats in detail, including specific attack vectors and kill chains, mitigation actions, and presents quite a few statistics. The key attack vectors employed by cyber-criminals today, including phishing, denial of service, spam, and botnets, have entire sections dedicated to their analysis based on data gathered in 2018.