The European Union Agency for network and Information Security (ENISA) “Threat Landscape 2018”. Cybercrime and state-sponsored hackers have further advanced their motives and tactics. Cryptominers are in the top 15 cyber threats
The 2019 for cyber security will be a hard year. The most important threat agent groups, the cybecrime and state-sponsored malicious hackers have further advanced their motives and tactics. It has been revealed by the European Union Agency for network and Information Security (ENISA) in the “Threat Landscape 2018” report. According to the document, monetisation motives contributed to the appearance of cryptominers in the top 15 cyber threats. But they aren’t the only cyber threat. Mail and phishing messages have become the primary malware infection vector; state-sponsored agents increasingly target banks by using attack-vectors utilised in cybercrime; the emergence of IoT environments will remain a concern due to missing protection mechanisms in low-end IoT devices and services.
ENISA: Public organisations struggle with staff retention due to strong competition with industry in attracting cyber security talents, but there have been advances in defence. Especially by Law enforcement authorities, governments and vendors
According to ENISA, the need for generic IoT protection architectures/good practices remains a pressing issue; cyber threat intelligence needs to respond to increasingly automated attacks through novel approaches to the use of automated tools and skills. Furthermore, EU cyber security experts believe that skills and training are the main focus of defenders. Public organisations struggle with staff retention due to strong competition with industry in attracting cyber security talents. But the good news is that there is also progress on the side of the defense. Law enforcement authorities, governments and vendors were able to further develop active defence practices such as threat agent profiling and the combination of cyber threat intelligence (CTI) and traditional intelligence. This led to a more efficient identification of attack practices and malicious artefacts, leading in turn to more efficient defence techniques and attribution rates.
The EU Agency recommendations to increase cyber security within the European Union
ENISA, analyzed the cybecrime and state-sponsored hackers threats, issued some recommendations on three issues: Policy, Business, and Technical-Reserach-Education. The objective is to increase the cyber security, defences and resilience. In the meantime not penalizing development, growth and competitivity within the European Union.
- The EU should develop capabilities to address CTI knowledge management. EU Member States should take measures to increase their independence from currently available CTI sources (mostly from outside the EU) and to enhance the quality of CTI by adding a European context;
- EU governments and public administrations should share “baseline CTI”, covering sectorial and low-maturity needs of organisations;
- The collection of CTI should be made easier. Coordinated efforts among EU Member States are key in the implementation of proper defence strategies.
- Businesses need to work towards making CTI available to stakeholders, focusing on the ones that lack technical knowledge;
- -The security software industry needs to research and develop solutions using automation and knowledge engineering, helping end-users and organisations mitigating most of the low-end automated cyber threats, with minimum human intervention;
- Businesses need to take into account emerging supply chain threats and risks and bridge the gap in security knowledge among the services operated and end-users of the service.
Technical – Research – Education
- The ingestion of CTI knowledge needs to be enlarged to include accurate information on incidents and information from related disciplines;
- CTI knowledge management needs to be the subject of standardisation efforts, in particular: standard vocabularies, standard attack repositories, automated information collection methods, and knowledge management processes;
- Research needs to be conducted to better understand attack practices, malware evolution, malicious infrastructure evolution and threat agent profiling.