Question Details

(solution) Consider the following Case study:

Consider the following Case study: 

And answer the following Questions:

Do not copy from Internet. Only original work needed.

1) Provide a brief overview of the case study.
2) Prepare a diagram for the ENISA security infrastructure.
3) Identify strategies for combatting Insider Threats.
4) Out of the ??Top threats?? which threat would you regard to be the most significant and why?
5) Identify and discuss the key Threat Agents. What could be done to minimize their impact on the system?
6) Provide a brief summary (literature review) of Social Hacking issues.
7) Based on the data provided in Table 2, discuss the trends in threat probability.
8) How could the ETL process be improved? Discuss.
9) Based on Table 10 and your own research, identify and discuss threats that (in your opinion) will be most challenging for ENISA to combat in the year 2016 onwards.
10) To sum up, should ENISA be satisfied with its current state of IT Security? Why? Or Why not?

ENISA Threat Landscape 2014


Overview of current and emerging cyber-threats


December 2014 European Union Agency for Network and Information Security ENISA Threat Landscape 2014


Overview of current and emerging cyber-threats


December 2014 About ENISA


The European Union Agency for Network and Information Security (ENISA) is a centre of network and


information security expertise for the EU, its Member States, the private sector and Europe?s citizens.


ENISA works with these groups to develop advice and recommendations on good practice in


information security. It assists EU Member States in implementing relevant EU legislation and works


to improve the resilience of Europe?s critical information infrastructure and networks. ENISA seeks to


enhance existing expertise in EU Member States by supporting the development of cross-border


communities committed to improving network and information security throughout the EU. More


information about ENISA and its work can be found at Author


Louis Marinos, ENISA


E-mail: [email protected] Contact


For contacting the editors please use [email protected]


For media enquires about this paper, please use [email protected] Acknowledgements


The author would like to thank the members of the ENISA ETL Stakeholder group: Martin Dipo


Zimmermann*, Consulting, DK, Paolo Passeri, Consulting, UK, Pierluigi Paganini, Chief Security


Information Officer, IT, Paul Samwel, Banking, NL, Tom Koehler, Consulting, DE, Stavros Lingris, CERT,


EU, Jart Armin, Worldwide coalitions/Initiatives, International, Klaus Keus, Member State, DE, Neil


Thacker, Consulting, UK, Margrete Raaum, CERT, NO, Shin Adachi, Security Analyst, US, R. Jane Ginn,


Consulting, US, Lance James, Consulting, US. Moreover, we would like to thank Welund Horizon


Limited for granting free access to its cyber risk intelligence portal providing information on cyber


threats and cyber-crime. Thanks go to ENISA colleagues who contributed to this work by commenting


drafts of the report. Special thanks to ENISA colleague Anna Sarri for her support in information




* In memory of Martin Dipo Zimmermann who has left us on 16.12.2014.


Legal notice


Notice must be taken that this publication represents the views and interpretations of the authors and


editors, unless stated otherwise. This publication should not be construed to be a legal action of ENISA or the


ENISA bodies unless adopted pursuant to the Regulation (EU) No 526/2013. This publication does not


necessarily represent state-of the-art and ENISA may update it from time to time.


Third-party sources are quoted as appropriate. ENISA is not responsible for the content of the external


sources including external websites referenced in this publication.


This publication is intended for information purposes only. It must be accessible free of charge. Neither ENISA


nor any person acting on its behalf is responsible for the use that might be made of the information contained


in this publication. Copyright Notice


© European Union Agency for Network and Information Security (ENISA), 2014


Reproduction is authorised provided the source is acknowledged.


ISBN: 978-92-9204-112-0, ISSN: 2363-3050, DOI: 10.2824/061861 Page ii ENISA Threat Landscape 2014


Overview of current and emerging cyber-threats


December 2014 Executive summary


No previous threat landscape document published by ENISA has shown such a wide range of change


as the one of the year 2014. We were able to see impressive changes in top threats, increased


complexity of attacks, successful internationally coordinated operations of law enforcement and


security vendors, but also successful attacks on vital security functions of the internet.


Many of the changes in the top threats can be attributed to successful law enforcement operations


and mobilisation of the cyber-security community: The take down of GameOver Zeus botnet has almost immediately stopped infection campaigns


and Command and Control communication with infected machines.


Last year?s arrest of the developers of Blackhole has shown its effect in 2014 when use of the


exploit kit has been massively reduced.


NTP-based reflection within DDoS attacks are declining as a result of a reduction of infected


servers. This in turn was due to awareness raising efforts within the security community.


SQL injection, one of the main tools used to compromise web sites, is on the decline due to a


broader understanding of the issue in the web development community.


Taking off-line Silk Road 2 and another 400 hidden services in the dark net has created a shock in


TOR community, both at the attackers and TOR users ends. But there is a dark side of the threat landscape of 2014: SSL and TLS, the core security protocols of the internet have been under massive stress, after a


number of incidents have unveiled significant flaws in their implementation .


2014 can be called the year of data breach. The massive data breaches that have been identified


demonstrate how effectively cyber threat agents abuse security weaknesses of businesses and




A vulnerability found in the BASH shell may have a long term impact on a large number of


components using older versions, often implemented as embedded software.


Privacy violations, revealed through media reports on surveillance practices have weakened the


trust of users in the internet and e-services in general.


Increased sophistication and advances in targeted campaigns have demonstrated new qualities


of attacks, thus increasing efficiency and evasion through security defences. In the ETL 2014, details of these developments are consolidated by means of top cyber threats and


emerging threat trends in various technological and application areas. References to over 400 relevant


sources on threats will help decision makers, security experts and interested individuals to navigate


through the threat landscape.


Lessons learned and conclusions may be useful for all stakeholders involved in the reduction of


exposure to cyber threats. Opportunities and issues in the areas of policy/business and technology


have been identified to strengthen collectively coordinated actions towards this goal. In the next year,


ENISA will try to capitalize on these conclusions by bringing together expertise to improve information


collection capabilities and to apply lessons learned to various areas of cyber security.


The figure below summarizes the top 15 assessed current cyber-threats and threat trends for


emerging technology areas. More details on the threats, emerging technology areas, threat agents


and attack methods can be found in this report. Page iii ENISA Threat Landscape 2014


Overview of current and emerging cyber-threats


December 2014 Current


Trends Top 10 Threat Trends in Emerging Areas






and CIP Mobile


Computing 2. Web-based


attacks 3. Web application






attacks 4. Botnets 5. Denial of service 6. Spam 7. Phishing 8. Exploit kits 9. Data breaches 10. Physical




/loss 11. Insider threat 12. Information


leakage 13. Identity


theft/fraud 14. Cyber


espionage 15. Ransomware/




Scareware Top Threats 1. Malicious code:


Worms/Trojans Legend: Netw.


Virtualisation Trust


Infrastr. Things Big Data Internet


of Cloud


Computing Trends: Declining, Stable, Increasing


Table 1: Overview of Threats and Emerging Trends of the ENISA Threat Landscape 20141 1 Please note that the ranking of threats in the emerging landscape is different than the one in the current landscape. The


rankings of emerging threat trends can be found in the corresponding section (see chapter 6). Arrows that show a stability Page iv ENISA Threat Landscape 2014


Overview of current and emerging cyber-threats


December 2014 Table of Contents


Executive summary iii 1 Introduction 1 2 Purpose, Scope and Method 5 2.1 Quality of Content of Threat Information 5 2.2 End-user Needs with regard to Threat Information 6 2.3 Typical Practical Use Case for Threat Information 8 2.4 Content of this year?s ETL and Terminology 9 2.5 Used definitions 3 Top Threats: The Current Threat Landscape 10 13 3.1 Malicious Code: Worms/Trojans 14 3.2 Web-based attacks 16 3.3 Web application attacks / Injection attacks 17 3.4 Botnets 18 3.5 Denial of Service 20 3.6 Spam 22 3.7 Phishing 23 3.8 Exploit Kits 25 3.9 Data Breaches 26 3.10 Physical damage/theft/loss 28 3.11 Insider threat 30 3.12 Information leakage 32 3.13 Identity theft/fraud 33 3.14 Cyber espionage 35 in a threat may be increasing in emerging areas. This is because current threat landscape includes all threats independently


from particular areas. Page v ENISA Threat Landscape 2014


Overview of current and emerging cyber-threats


December 2014 3.15 Ransomware/Rogueware/Scareware 37 3.16 Visualising changes in the current threat landscape 39 4 Threat Agents 41 4.1 Cyber-opportunity makes the thief 41 4.2 Overview of Threat Agents 42 4.3 Threat Agents and Top Threats 48 5 Attack Vectors 51 5.1 Attack Vectors within threat intelligence 51 5.2 Describing a Cyber-Attack though Attack Information 52 5.3 Targeted attacks 53 5.4 Drive-by-attacks 54 5.5 Strategic web compromise (watering hole attack) 55 5.6 Advanced persistent threat (APT) 56 6 Emerging Threat Landscape 59 6.1 Cyber Physical Systems as an emerging CIP issue 60 6.2 Mobile Computing 63 6.3 Cloud Computing 65 6.4 Trust infrastructures 67 6.5 Big Data 69 6.6 Internet of things/interconnected devices/smart environments 72 6.7 Network Virtualisation and Software Defined Networks 74 Food for Thought: Lessons Learned and Conclusions 79 7


7.1 Lessons learned 79 7.2 Conclusions 81 Page vi ENISA Threat Landscape 2014


Overview of current and emerging cyber-threats


December 2014 1 Introduction This ENISA Threat Landscape report for 2014 (ETL 2014) is the result of threat information collection


and analysis of the last 12 months (December 2013 ? December 2014), referred to in this document


as the reporting period.


The ETL 2014 is a continuation of the reports produced in 2012 and 2013: it follows similar approaches


for the collection, collation and analysis of publicly available information to produce the cyber-threat


assessment. The report contains a description of the methodology followed, together with some


details on use-cases of cyber-threat intelligence. The main contribution of the ETL 2014 lies in the


identification of top cyber threats within the reporting period. Together with the emerging threat


landscape, it makes up the main contribution towards identification of cyber-threats.


As in previous years, the ETL 2014 is based on publicly available material, the availability of which has


grown substantially in the reporting period. Starting from ca. 150 references in 2012, we identified ca.


250 in 2013. In 2014, we identified over 400 sources containing information on cyber threats, whereas


in all years we assume that our information collection detects ca. 60-70% of available material. This


makes the ETL 2014 a unique comprehensive collection of information regarding cyber-security




ENISA has performed information collection by means of internet searches, by using the information


provided by the CERT-EU 2 and by using the web platform of Welund Horizon Ltd through free access


granted to ENISA in the reporting period.


As is explained later in this report, the ETL 2014 has been expanded to include information on attack


vectors, that is schematic representations on the course of attacks, indicating targeted assets and


exploited weaknesses/vulnerabilities. Another new component in the ETL 2014 is the elaboration of


use-cases of threat intelligence: by showing the various activities of threat analysis, we demonstrate


how the information produced can be used within various phases of security management.


Another novelty of the ETL 2014 process is the involvement of stakeholders in the identification of


issues as well as knowledge transfer and information sharing. In 2014, ENISA has established an ETL


stakeholder group consisting of 13 experts from CERTs, vendors, Member States and users. This group


has provided advice on various issues of threat analysis, including stakeholder requirements and stateof-the art developments in the area of threat intelligence.


Lessons learned and conclusions summarize the highlights of this year?s threat assessment exercise


and provide concluding remarks that are relevant for policy makers, businesses and cyber-security


experts. Policy Context


The policy context of the ETL 2014 with regard to relevant EU-regulations is identical to that of 2013


ETL. The Cyber Security Strategy of the EU 3 stresses the importance of threat analysis and emerging


trends in cyber security. The ENISA Threat Landscape is an activity contributing towards the


achievement of objectives formulated in this strategy, in particular by contributing to the


identification of emerging trends in cyber-threats and understanding the evolution of cyber-crime (see


2.4 regarding proposed role of ENISA). 2


3, accessed November 2014., accessed 28 Nov 2013. Page 1 ENISA Threat Landscape 2014


Overview of current and emerging cyber-threats


December 2014 Moreover, the new ENISA regulation4 mentions the need to analyse current and emerging risks (and


their components), stating: ?the Agency, in cooperation with Member States and, as appropriate, with


statistical bodies and others, collects relevant information?. In particular, under Art. 3, Tasks, d), iii),


the new ENISA regulations states that ENISA should ?enable effective responses to current and


emerging network and information security risks and threats?.


The ENISA Threat Landscape aims to make a significant contribution to the implementation of the EU


Cyber Security Strategy by streamlining and consolidating available information on cyber-threats and


their evolution. Target audience


The target audience of the ETL 2014 remains very similar to that of previous versions of this report. It


mainly targets cyber-security specialists and individuals interested in the development of cyberthreats. More precisely, these are cyber-security specialists working at the strategic, tactical and


operational levels of security management. Threat and risk assessments may be the primary concerns


of such individuals. They are busy with assessing the ?external environment? and ?internal


environments?5 in the framework of threat and risk assessments. In this year?s ETL, we provide a more


extensive view on the use-cases of a threat analysis process (see section 2.2). Besides the high level


discussions provided within this document, security experts will be in a position to identify detailed


issues on the assessed threats by means of numerous references to collected sources. This might make


the ETL a useful tool for long term use as it comprises a sort of contextualized ?directory? to cyberthreat sources.


As the ETL contains high level information about cyber threats and emerging technology areas, it is a


good ?entry point? to the subject of threat intelligence for non-experts. This target group will be


interested in the descriptions provided and the consolidated presentations of cyber threats and threat


trends. We have experiences, for example, that consolidated material of ETL 2013 has been used


within German schoolbooks.


The ETL 2014 will be of interest for policy makers: current threats and threat trends may be an


important input to policy actions in the area of cyber-security, national cyber-security preparedness


and possible coordination and cooperation initiatives among threat collection organisations and other


competent bodies.


Experience from previous ETL reports shows that media is an important target group of the ETL. The


generic cyber-threat descriptions provided can be easily understood by non-security experts. Such


descriptions help media to understand the dependencies and developments in that area. An area that


enjoys particular media attention, the latest after revelations about state sponsored surveillance


activities and related privacy risks for citizens world-wide.


Last but not least, by providing tactical and strategic guidance, The ETL 2014 could be used to support


executive management decisions and orientation of asset protection policies. This makes the ETL 2014


potentially useful for ISMS activities. Structure of this document


The structure of the ETL 2014 is as follows: 4


5, accessed 28 Nov 2013., accessed 30 Oct 2013. Page 2 ENISA Threat Landscape 2014


Overview of current and emerging cyber-threats


December 2014 Chapter 2 ?Purpose, Scope and Method? provides some information regarding the threat analysis


process as it is being performed within the ETL 2014. Moreover, it refers to the information flow


between threat analysis and relevant stakeholders, while it gives some information on use-cases for


threat intelligence and used definitions.


Chapter 3 ?ETL 2014: Current Threat Landscape? is the heart of the ETL 2014 as it contains top 15


cyber-threats assessed in 2014. It provides detailed information on the threat with references to all


relevant resources found, trends assessed and the role of each threat within the kill-chain.


Chapter 4 ?Threat Agents? is an overview of threat agents with short profiles and references to


developments that have been observed for every threat agent group in the reporting period.


Chapter 5 ?Attack Vectors? contains some new content that has been adopted in this year?s ETL. It


provides information on typical attack scenarios, steps and deployed cyber-threats and is supposed to


complement the presented material by giving some initial information on the ?How? of a cyber-attack.


Chapter 6 ?The Emerging Threat Landscape? indicates assessed technology areas that will impact the


threat landscapes in the middle-term. Ongoing developments in those areas will influence the ways


attackers will try to achieve their aims, but also the way defences are going to be implemented.


Chapter 7 ?Food for thought: Lessons Learned and Conclusions? is a summary of interesting issues


encountered within the threat analysis and provides the conclusions of this year?s ETL.


As was the case in ETL 2013, the present document has been developed in a modular way. The


chapters are as independent as possible to each other, thus allowing for an isolation of the addressed


issues so that readers can concentrate on the topic of interest. This approach also allows for


independent updates of the content, when deemed necessary (i.e. in cases of publication of additional


threat assessment summaries within a year). Page 3 ENISA Threat Landscape 2014


Overview of current and emerging cyber-threats


December 2014 ETL 2013: Purpose, Scope and Method Page 4 ENISA Threat Landscape 2014


Overview of current and emerging cyber-threats


December 2014 2 Purpose, Scope and Method Worldwide, the cyber threat landscape ? and threat analysis in general ? has been assigned a central


role in practical Security Incident and Event Management (SIEM6). This is the case both in the relevant


vendor market and within end-user organisations. A plethora of related services and good practices


are available that are based on threat intelligence. They consist mainly of collection, aggregation and


correlation of data. It has been recognised that information on cyber-threats should be THE parameter


to actively adapt security protection practices towards a more agile management of security controls.


Following these trends, in this year?s ETL we have optimized threat collection and analysis practices,


whilst at the same time better reflecting on the practical applicability of threat information in


Information Security Management Systems (ISMS) and SIEM.


The purpose and positioning of the ENISA Threat Landscape (ETL) has been documented in ENISA?s


2013 deliverable (ETL 20137) and is still valid. Yet, based on advancements observed in the reporting


period, a more detailed view on the purpose and potential use of the delivered information is provided


in this chapter. This is done by paying attention to stakeholder requirements with regard to threat


information/threat intelligence. These requirements have been assessed within the ENISA Threat


Landscape Stakeholder Group (ETL SG), established in 2014 in order to advise ENISA on relevant




In the rest of this chapter we discuss several important aspects of threat landscape such as: Quality and content of threat information;


End-user needs with regard to threat information;


Typical practical use case for threat information and,


Content of this year?s ETL and terminology. 2.1 Quality of Content of Threat Information


Numerous organisations create, assess and analyse information regarding cyber threats. Typically,


such information may have varying levels of detail, structure and abstraction level. The differences


are motivated by the purpose of the delivered information and the input data used to create it. In


particular, the following types of threat information can be found:


Strategic (S): this is usually the highest level information about threats. Such information is used within


forecasts of the threat landscape and emerging technological trends in order to prepare organisations


by means of assessments, prospective measures and security investments, as well as adaptation of


existing cyber security strategies. These are typical ISMS activities and stakeholders interested in this


level of information are mostly CISOs and CIOs.


Tactical (T): tactical threat information consists of condensed information describing threats and their


components, such as threat agents, threat trends, emerging trends for various technological areas,


risks to various assets, risk mitigation practices, etc. This information is important for stakeholders


engaged in long-term maintenance of security infrastructures, mostly within security management


activities. Hence, tactical threat information is also relevant to ISMS.


Operational (O): this is the most basic information about existing threats. It covers detailed technical


information about threats, incidents, vulnerabilities, etc., and usually derived from detections at the 6


7, accessed November 2014., accessed 30 Sept 2014. Page 5 ENISA Threat Landscape 2014


Overview of current and emerging cyber-threats


December 2014 level of technical artefacts. It includes identification of cyber threats (e.g.. MD5 hash or Indicators of


Compromise (IOC) 8 ), its elements (vulnerability abuses, threat agents, attack vectors) and


corresponding countermeasures (technical controls for the elimination/reduction of threat or threat


exposure). This information is crucial for the day-to-day operation and maintenance of infrastructure


on the technical level and comprises the main input to SIEM. This area is strongly supported by many


standards and tools available on the market (both open source like MISP 9 or commercial like Threat


Connect®10) which facilitate automatic (at least on some level) gathering and sharing information.


The diagram known as Pyramid of Pain 11 illustrates how to measure the trouble generated to


adversaries by using threat intelligence. Taking this approach as a basis, one can argue that while


operational information is related to the bottom layers of the pyramid, tactical information refers


rather to the top levels. Whereas both tactical and strategic information constitute the transition from


threat intelligence and SIEM to ISMS.


ETL contains mainly strategic and tactical information about cyber threats. Information collection,


aggregation and analysis, however, is often based on all types of information found in the public


domain. Operational information is used mainly as trigger to recognise/understand the whereabouts


of cyber threats which are then consolidated by means of tactical and strategic issues. The main focus


of ETL is on tactical and strategic guidance, this makes it more relevant to asset protection policies


and practices. 2.2 End-user Needs with regard to Threat Information


It is important to analyse, understand and address end-user needs in the provision of cyber threat


information. Given the novelty of (dynamic) threat analysis processes in SIEM and ISMS, the


identification of possible use-cases that might suit end-user needs is at an early stage.


In the reporting period, ENI...


Solution details:

Pay using PayPal (No PayPal account Required) or your credit card . All your purchases are securely protected by .

About this Question






Sep 13, 2020





We have top-notch tutors who can do your essay/homework for you at a reasonable cost and then you can simply use that essay as a template to build your own arguments.

You can also use these solutions:

  • As a reference for in-depth understanding of the subject.
  • As a source of ideas / reasoning for your own research (if properly referenced)
  • For editing and paraphrasing (check your institution's definition of plagiarism and recommended paraphrase).
This we believe is a better way of understanding a problem and makes use of the efficiency of time of the student.


Order New Solution. Quick Turnaround

Click on the button below in order to Order for a New, Original and High-Quality Essay Solutions. New orders are original solutions and precise to your writing instruction requirements. Place a New Order using the button below.


Order Now