emerging cyber-threats

European Union Agency for Network and Information Security www.enisa.europa.eu
ENISA Threat Landscape 2014
Overview of current and emerging cyber-threats
December 2014
ENISA Threat Landscape 2014
Overview of current and emerging cyber-threats
December 2014
Page ii
The European Union Agency for Network and Information Security (ENISA) is a centre of network and
information security expertise for the EU, its Member States, the private sector and Europe’s citizens.
ENISA works with these groups to develop advice and recommendations on good practice in
information security. It assists EU Member States in implementing relevant EU legislation and works
to improve the resilience of Europe’s critical information infrastructure and networks. ENISA seeks to
enhance existing expertise in EU Member States by supporting the development of cross-border
communities committed to improving network and information security throughout the EU. More
information about ENISA and its work can be found at www.enisa.europa.eu.
Louis Marinos, ENISA
E-mail: Louis.marinos@enisa.europa.eu
For contacting the editors please use resilience@enisa.europa.eu.
For media enquires about this paper, please use press@enisa.europa.eu.
The author would like to thank the members of the ENISA ETL Stakeholder group: Martin Dipo
Zimmermann*, Consulting, DK, Paolo Passeri, Consulting, UK, Pierluigi Paganini, Chief Security
Information Officer, IT, Paul Samwel, Banking, NL, Tom Koehler, Consulting, DE, Stavros Lingris, CERT,
EU, Jart Armin, Worldwide coalitions/Initiatives, International, Klaus Keus, Member State, DE, Neil
Thacker, Consulting, UK, Margrete Raaum, CERT, NO, Shin Adachi, Security Analyst, US, R. Jane Ginn,
Consulting, US, Lance James, Consulting, US. Moreover, we would like to thank Welund Horizon
Limited for granting free access to its cyber risk intelligence portal providing information on cyber
threats and cyber-crime. Thanks go to ENISA colleagues who contributed to this work by commenting
drafts of the report. Special thanks to ENISA colleague Anna Sarri for her support in information
* In memory of Martin Dipo Zimmermann who has left us on 16.12.2014.
Legal notice
Notice must be taken that this publication represents the views and interpretations of the authors and
editors, unless stated otherwise. This publication should not be construed to be a legal action of ENISA or the
ENISA bodies unless adopted pursuant to the Regulation (EU) No 526/2013. This publication does not
necessarily represent state-of the-art and ENISA may update it from time to time.
Third-party sources are quoted as appropriate. ENISA is not responsible for the content of the external
sources including external websites referenced in this publication.
This publication is intended for information purposes only. It must be accessible free of charge. Neither ENISA
nor any person acting on its behalf is responsible for the use that might be made of the information contained
in this publication.
Copyright Notice
© European Union Agency for Network and Information Security (ENISA), 2014
Reproduction is authorised provided the source is acknowledged.
ISBN: 978-92-9204-112-0, ISSN: 2363-3050, DOI: 10.2824/061861
ENISA Threat Landscape 2014
Overview of current and emerging cyber-threats
December 2014
Page iii
Executive summary
No previous threat landscape document published by ENISA has shown such a wide range of change
as the one of the year 2014. We were able to see impressive changes in top threats, increased
complexity of attacks, successful internationally coordinated operations of law enforcement and
security vendors, but also successful attacks on vital security functions of the internet.
Many of the changes in the top threats can be attributed to successful law enforcement operations
and mobilisation of the cyber-security community:

The take down of GameOver Zeus botnet has almost immediately stopped infection campaigns
and Command and Control communication with infected machines.
Last year’s arrest of the developers of Blackhole has shown its effect in 2014 when use of the
exploit kit has been massively reduced.
NTP-based reflection within DDoS attacks are declining as a result of a reduction of infected
servers. This in turn was due to awareness raising efforts within the security community.
SQL injection, one of the main tools used to compromise web sites, is on the decline due to a
broader understanding of the issue in the web development community.
Taking off-line Silk Road 2 and another 400 hidden services in the dark net has created a shock in
TOR community, both at the attackers and TOR users ends.

But there is a dark side of the threat landscape of 2014:

SSL and TLS, the core security protocols of the internet have been under massive stress, after a
number of incidents have unveiled significant flaws in their implementation .
2014 can be called the year of data breach. The massive data breaches that have been identified
demonstrate how effectively cyber threat agents abuse security weaknesses of businesses and
A vulnerability found in the BASH shell may have a long term impact on a large number of
components using older versions, often implemented as embedded software.
Privacy violations, revealed through media reports on surveillance practices have weakened the
trust of users in the internet and e-services in general.
Increased sophistication and advances in targeted campaigns have demonstrated new qualities

of attacks, thus increasing efficiency and evasion through security defences.
In the ETL 2014, details of these developments are consolidated by means of top cyber threats and
emerging threat trends in various technological and application areas. References to over 400 relevant
sources on threats will help decision makers, security experts and interested individuals to navigate
through the threat landscape.
Lessons learned and conclusions may be useful for all stakeholders involved in the reduction of
exposure to cyber threats. Opportunities and issues in the areas of policy/business and technology
have been identified to strengthen collectively coordinated actions towards this goal. In the next year,
ENISA will try to capitalize on these conclusions by bringing together expertise to improve information
collection capabilities and to apply lessons learned to various areas of cyber security.
The figure below summarizes the top 15 assessed current cyber-threats and threat trends for
emerging technology areas. More details on the threats, emerging technology areas, threat agents
and attack methods can be found in this report.
ENISA Threat Landscape 2014
Overview of current and emerging cyber-threats
December 2014
Page iv

Top Threats Current
Top 10 Threat Trends in Emerging Areas
and CIP
Big Data Internet
1. Malicious code:
2. Web-based
3. Web application
4. Botnets
5. Denial of service
6. Spam
7. Phishing
8. Exploit kits
9. Data breaches
10. Physical
11. Insider threat
12. Information
13. Identity
14. Cyber
15. Ransomware/

Legend: Trends:  Declining,  Stable,  Increasing
Table 1: Overview of Threats and Emerging Trends of the ENISA Threat Landscape 20141
1 Please note that the ranking of threats in the emerging landscape is different than the one in the current landscape. The
rankings of emerging threat trends can be found in the corresponding section (see chapter 6). Arrows that show a stability
ENISA Threat Landscape 2014
Overview of current and emerging cyber-threats
December 2014
Page v
Table of Contents
Executive summary iii
1 Introduction 1
2 Purpose, Scope and Method 5
2.1 Quality of Content of Threat Information 5
2.2 End-user Needs with regard to Threat Information 6
2.3 Typical Practical Use Case for Threat Information 8
2.4 Content of this year’s ETL and Terminology 9
2.5 Used definitions 10
3 Top Threats: The Current Threat Landscape 13
3.1 Malicious Code: Worms/Trojans 14
3.2 Web-based attacks 16
3.3 Web application attacks / Injection attacks 17
3.4 Botnets 18
3.5 Denial of Service 20
3.6 Spam 22
3.7 Phishing 23
3.8 Exploit Kits 25
3.9 Data Breaches 26
3.10 Physical damage/theft/loss 28
3.11 Insider threat 30
3.12 Information leakage 32
3.13 Identity theft/fraud 33
3.14 Cyber espionage 35
in a threat may be increasing in emerging areas. This is because current threat landscape includes all threats independently
from particular areas.
ENISA Threat Landscape 2014
Overview of current and emerging cyber-threats
December 2014
Page vi
3.15 Ransomware/Rogueware/Scareware 37
3.16 Visualising changes in the current threat landscape 39
4 Threat Agents 41
4.1 Cyber-opportunity makes the thief 41
4.2 Overview of Threat Agents 42
4.3 Threat Agents and Top Threats 48
5 Attack Vectors 51
5.1 Attack Vectors within threat intelligence 51
5.2 Describing a Cyber-Attack though Attack Information 52
5.3 Targeted attacks 53
5.4 Drive-by-attacks 54