Ransomware attacks are at the forefront of the landscape of current threats followed by a massive increase in phishing, malicious bots and exploits

ENISA is a specialised knowledge agency for cybernetic security in Europe that came to being in 2004 with the aim of advising the private sector and member countries on prevention, detection and responding to information security problems by raising awareness about networks.

At the beginning of the year, ENISA published the report on the state of cybernetic threats 2017, its sixth publication in this field. This comes with new changes like the creation of the ETL website; the first event in the field of cybernetic threat intelligence; and the development of the first version of the ‘CTI maturity model’ to identify deficiencies in the current tools for sharing information about threats which still prevail in 2018.

The report states that the current trends are characterised by the complexity and sophistication of cybernetic attacks, the greater anonymity of the attackers, the transformation of malicious infrastructures with multi-purpose functions, the monetising of cybernetic crime as the main factors underlying threatening agents, and the dynamic entrance of cybernetic war in cyberspace.

Ransomware attacks have been at the centre of current threats. This last year roughly 4 million samples of ransomware were detected every day. Moreover, surfers known as Firefox and Chrome are reinforcing their security due to the appearance of 22 million new examples of malware in the first term if 2017. Mac, Linux and Windows are also the objective of ransomware. The latter experienced an increase of 20% in 2017 reaching levels such as 75% of attacks of this nature in July. Most financial malware continues to depend on website-based attacks as they try to detect surfers’ weaknesses.

The ‘WanaCry’ outbreak that took place on 12 may 2017 is an example of how ransomware and denial-of-service attacks (DoS) can be combined. There has been an increase in extortion attempts with DoS attacks where the price of the ransom ranging between entre 5 and 200 bitcoins. Furthermore, they have increased even more since the increase in the value of this virtual currency in June 2017. The sector under most attack has been the gambling sector with 80% of attacks. In the first term of 2017, there was a rise of 69.2% in the use of malicious software and some tools took advantage of phishing in electronic mails to transform devices into bots.

Phishing has increased in volume and sophistication. It is widely used as a first step of a cybernetic attack and uses social engineering to obtain confidential information by using fraudulent means.  According to recent research “an average of 1.385 million phishing websites are created every month”. The Spear-phishing modality is of particular note, via electronic mail against specific persons or companies to obtain money or cybernetic espionage, used in 40%.

Exploit kits are able to identify the surfer’s exploited vulnerabilities or on the website application and exploit them automatically. They have the habit or orientating surfing complements like Java and Adobe Flash. At present, it is the only threat mentioned in the 2017 report that has had a decrease in attacks.

The report concludes that because of new attack practices, new technology will have to develop new controls and key performance indicators (KPI) to minimise the risk to organisms where cybernetic threat intelligence is concerned. Similarly, it points out the importance of the development of technical and legal policies related to this changing phenomenon of cybernetic threats and crime.

_____

Aquest apunt en català / Esta entrada en español / Post en français