We hear all the time about different cyber threats that jeopardize our safety while navigating the online world. Because of this, it can be overwhelming trying to determine which threats are of serious concern and which do not need to be worried about as much. In an attempt to clarify these thoughts, the European Network and Information Security Agency (ENISA), the European Union agency dedicated to preventing and addressing network and information security problems, has released its Current Emerging Threat Landscape list of the top threats in the online world for the year 2016.
While the list of these top fifteen threats of the year can be clarity enough for some tech-savvy users, many people hear the names of these cyber-threats only as buzz words and are unable to clearly define what they mean. Below, we take a closer look at some of the top threats in hopes of making knowledge of them more common.
Malware tops ENISA’s list for yet another year, with over 600 million samples identified per quarter for 2016. Not only have traditional malware attacks grown, but 2016 saw mobile malware reach a growth of nearly 150%. Malware is a broad category of malicious software intended to damage or disable computers and network systems, and is often spread via email, pop-ups, and social media. Some of the most common variants are viruses/worms, Trojans, adware, backdoors, and also included under this broad category are botnets, the fifth most assessed trend of 2016. however, there are millions of malware variants and malware families. How to avoid: There are many ways to avoid this threat, but the primary defenses include running antivirus/anti-malware tools regularly, keeping firewalls up-to-date, use of strong and intricate passwords, and avoiding clicking on suspicious links.
According to ENISA’s report, “Web based attacks are those that use web components as an attack surface…such as web servers, web clients (browsers) content management systems (CMS) and browser extensions.” In particular, threats such as drive-by attacks, redirection, water-holing attacks, web browser and web server exploits, browser extension attacks abusing vulnerabilities and man-in-thebrowser-attacks.” Essentially, these are weaknesses and vulnerabilities within a user’s browser.How to avoid: According to ENIAS, major causes of this type of threat are outdated plug-ins and lackadaisical judgement when it comes to clicking on links. Keep your plug-ins up-to-date, and as with all other cyber-threats, do NOT click on any unfamiliar links. Also, be sure to use a secure browser and be wary of pop-ups.
Within the larger web-based attacks category are web-application attacks. These are attacks on web applications which include email, online retail sales, online auction sites, wikis, instant messaging services, and many others.
Denial of service
Denial of Service (DoS) and Distributed Denial of Service (DDoS) grew significantly over the last year. These attacks are intended to send traffic to certain, targeted website(s) in order to take them down — this used to be more of a form of activism for people to take down corporate sites, however ENISA’s report said that DDoS attacks are now being used for extortion attempts, as part of the trend toward monetising hacking.
The primary difference between DoS and DDoS is that a DoS attack comes from one computer and one Internet connection to flood a target, whereas a DDoS attack uses multiple computers or devices on numerous Internet connections in order to flood the targeted source. This increase in these attacks is due majorly to the innovations created by hackers to use unsecured Internet of Things (IoT) devices (i.e. household items with Internet-connectivity such as DVRs, digital cameras, and home Internet routers) as a part of their attacks. How to avoid: There are a few key ways to secure yourself from this attack: secure your IoT devices with non-default passwords, turn off remote access to devices when not in use, and keep your systems (home and office) up-to-date.
In addition to these top five threats, other threats that saw a rise in number of assessed trends last year include physical manipulation, damage, or loss, exploit kits, data breaches, and information leakage. Though this can be disheartening, spam, identity theft, and cyber espionage, a few of the most detrimental cyber-attacks out there, saw a decrease in their number of instances; phishing, ransomware, and insider threats remained relatively constant from the previous year’s attacks, which isn’t necessarily good news, but it highlights the cybersecurity industry’s shift in focus to combating these common threats.
To quote both Sir Francis Bacon and Schoolhouse Rock, Knowledge is Power. The only way to avoid these threats is to know what you’re up against; educate your family and friends and stay up-to-date on the current online threat landscape by keeping up with Axiom Cyber Solution’s blog where we address the major issues of the cyber world.
Hailey R. Carlson | Axiom Cyber Solutions | 02/24/2017