2016 Cyber Threat Summary
ENISA has just released their 2016 Threat Landscape report illustrating the top cyber threats encountered in 2016.
This report can be found at
The report identifies the main threats with Malware again topping the list of threats
Malware has been top of all cyber threat reports for several years, 2016 was nothing new, Enisa’s report details a growth of 150% in mobile malware as well an increase in the ever growing threat of Ransomware and Information Stealing. The report specifies that “Trojans, PUPs (Potentially Unwanted Programs), Droppers, Ransomware, Command and Control (C&C), key-logger/phishing based key-loggers, backdoor, information exfiltration, DDoS malware, and RAT are the main categories of malware that have prevailed the internet in the reporting period”(ENISA, 2017)
The report also indicates that the most common method of infection is again via Email attachment, then Web drive-by and then an E-mail with malicious URL. Emphasizing the need for end user awareness training which can significantly reduce the potential infection of malware.
Malware are constantly evolving with more and more methods of evasion from Antivirus applications, the report highlights the following methods of evasion: checking for running antivirus process and attempting to terminate, checking for Virtual and Test Environments by API calls etc.
The percentage and types of malware found are as follows “60% Trojans, ca. 16% Viruses, ca. 11% Worms, ca. 4% PUPs and ca. 2% Adware/Spyware”
The report outlines an increasing problem with regards to Malware as a Service (MaaS) where it states that “The existence of such infrastructures – consisting often of various massive components like botnets, exploit kits, malware configurators and source code – reveal complexity from end users who can rent them for a few thousand dollars per month to launch for example ransomware attacks with ca. 100.000 US $ monthly revenues. This will be a booming business for the years to come but also a target for law enforcement agencies”
This report is a must read for all IT personal and not just Security administrators and specialists.
ENISA. (2017). ENISA Threat Landscape Report 2016. Retrieved from https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2016