ENISA Threat Landscape 2016
As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year. According to the ENISA Threat Landscape 2016, cyber criminals are no longer content with small-time scams, instead, they are more concerned with “the efficiency of cyber-crime monetization.” These criminals are designing bigger, better attacks, and aiming for larger targets, causing companies billions in losses.
While the number of cyber crimes is on the rise, luckily so is the number of cyber crime fighters. Through proper employee training and a wide range of classes, users around the world have become better at detecting and fighting cyber criminals.
How Defenders are Fighting Back
Fighting back against the rising number of cyber crime is never easy; especially as some victims may not even know they are victims until it’s too late. Learning from the past and applying it to today’s problems, the ENISA Threat Landscape 2016 clearly lays out the strides cyber crime fighters have made in 2016.
Jurisdiction is almost always a problem when it comes to fighting cyber criminals. These hackers can send an email attack from thousands of miles away, making it hard for law enforcement to agree on who should have jurisdiction, the place where the criminal is, or the location where the crime was committed?
In 2016 there was a conscious effort made by law enforcement and other organizations to share jurisdiction, encouraging cross-agency teamwork, and focusing on bringing down cyber criminals worldwide.
Identifying the Bad Guys
The collaboration of law enforcement and other cyber crime fighting organizations has lead to an increase in the weakening of anonymization infrastructures, cyber crime tools, and virtual currencies. These weakening systems have allowed the government and organizations to identify large numbers of cyber criminals, taking more bad guys off the web.
While it may have seemed like a disaster while it was happening, DDoS attacks in 2016 helped to teach researchers more than ever before. By dissecting and analyzing the way these attacks were created and enacted, crime fighters learned how to better avoid and stop these type of attacks before they do serious damage.
Education & Training
The main way the cyber world is fighting back against these criminals is through technical training and cyber crime education. The need for these technological skills has become apparent to most companies and users, leading to more and more users and employees being trained in cyber security, helping to counteract the skill shortage currently seen. These trainings help everyday users learn how to detect and defend against typical business email compromises (BECs), leaving companies more secure than ever before.
Leading Cyber Threats by Cyber Criminals
The ENISA Threat Landscape 2016 report highlighted what they believe to be the biggest cyber security threats facing companies and businesses in 2017. Any company serious about their email security should be aware of the possibility of these attacks and know how to defend against them.
Large Scale Attacks
There is a very high potential of attackers abusing unsecured components to mobilize a large-scale attack. The insufficient security mechanisms in Internet of Things (IoT) devices, has created a massive gap in security; as shown by the major DDoS attack on the Krebs on Security website back in September of last year.
The lax security and vast numbers of these IoT devices offer cyber criminals a playground of options to launch their attacks on.
Instead of targeting induvial users, 2016 was the year of the corporate extortion attacks such as ransomeware and CEO Fraud. Sometimes called Business Email Compromises (BECs), these attacks have seen an increase in both ransom price and the number of ransom payers over the year.
Once information is stolen and encrypted by ransomware or stolen by another type of phishing attack, it can become very difficult and pricey to retrieve that information, if it is released at all. This is why extortion attacks like ransomware are at the top of the ENISA Threat Landscape 2016 report for most dangerous cyber threats.
Impact on Society
During the 2016 U.S Presidential election, it was hard to go a day without reading about emails or private servers and the security risks they raised, it was clear cyber-attacks were on the forefront of the electoral issues.
One of the most interesting threats found by ENISA, is the threat to democracy that these cyber criminal pose. These security attacks can have a big impact on our society, even affecting the outcome of elections, such as in the 2016 U.S Presidental election. The scammers’ use of multi-layered attacks directly interfered with the democratic process and affected the outcome, something that may be replicated in future elections.
Managed efficiently and resiliently, these large malicious infrastructures are a threat for a plethora of reasons. Ensuring they can withstand takedown, these infrastructures allow cyber criminals to develop quickly and quietly while also allowing for multi-tenancy; making them a hotbed for hackers and cyber crime alike.
As 2016 fades into our memories, it will forever be remembered as the year of the cyber criminal. From costing companies billions with phishing, CEO fraud, and ransomware email-borne attacks, to interfering with major elections and world politics, the cyber criminal has become more powerful than ever before. Luckily, the increase in technology skills and other tools cyber crime fighters use, have allowed the good guys to keep up and fight back. With 2017 moving even more towards IOT devices and cloud connectivity, cyber security must be at the forefront of every company and personal user alike.