Question Details

(solution) Consider the following Case study:


Consider the following Case study:

http://www.enisa.europa.eu/activities/risk-management/evolving-threat-environment/enisa-threat-landscape/enisa-threat-landscape-2014 

And answer the following Questions:

Do not copy from Internet. Only original work needed.


1) Provide a brief overview of the case study.
2) Prepare a diagram for the ENISA security infrastructure.
3) Identify strategies for combatting Insider Threats.
4) Out of the ??Top threats?? which threat would you regard to be the most significant and why?
5) Identify and discuss the key Threat Agents. What could be done to minimize their impact on the system?
6) Provide a brief summary (literature review) of Social Hacking issues.
7) Based on the data provided in Table 2, discuss the trends in threat probability.
8) How could the ETL process be improved? Discuss.
9) Based on Table 10 and your own research, identify and discuss threats that (in your opinion) will be most challenging for ENISA to combat in the year 2016 onwards.
10) To sum up, should ENISA be satisfied with its current state of IT Security? Why? Or Why not?


ENISA Threat Landscape 2014

 

Overview of current and emerging cyber-threats

 

December 2014 European Union Agency for Network and Information Security www.enisa.europa.eu ENISA Threat Landscape 2014

 

Overview of current and emerging cyber-threats

 

December 2014 About ENISA

 

The European Union Agency for Network and Information Security (ENISA) is a centre of network and

 

information security expertise for the EU, its Member States, the private sector and Europe?s citizens.

 

ENISA works with these groups to develop advice and recommendations on good practice in

 

information security. It assists EU Member States in implementing relevant EU legislation and works

 

to improve the resilience of Europe?s critical information infrastructure and networks. ENISA seeks to

 

enhance existing expertise in EU Member States by supporting the development of cross-border

 

communities committed to improving network and information security throughout the EU. More

 

information about ENISA and its work can be found at www.enisa.europa.eu. Author

 

Louis Marinos, ENISA

 

E-mail: [email protected] Contact

 

For contacting the editors please use [email protected]

 

For media enquires about this paper, please use [email protected] Acknowledgements

 

The author would like to thank the members of the ENISA ETL Stakeholder group: Martin Dipo

 

Zimmermann*, Consulting, DK, Paolo Passeri, Consulting, UK, Pierluigi Paganini, Chief Security

 

Information Officer, IT, Paul Samwel, Banking, NL, Tom Koehler, Consulting, DE, Stavros Lingris, CERT,

 

EU, Jart Armin, Worldwide coalitions/Initiatives, International, Klaus Keus, Member State, DE, Neil

 

Thacker, Consulting, UK, Margrete Raaum, CERT, NO, Shin Adachi, Security Analyst, US, R. Jane Ginn,

 

Consulting, US, Lance James, Consulting, US. Moreover, we would like to thank Welund Horizon

 

Limited for granting free access to its cyber risk intelligence portal providing information on cyber

 

threats and cyber-crime. Thanks go to ENISA colleagues who contributed to this work by commenting

 

drafts of the report. Special thanks to ENISA colleague Anna Sarri for her support in information

 

analysis.

 

* In memory of Martin Dipo Zimmermann who has left us on 16.12.2014.

 

Legal notice

 

Notice must be taken that this publication represents the views and interpretations of the authors and

 

editors, unless stated otherwise. This publication should not be construed to be a legal action of ENISA or the

 

ENISA bodies unless adopted pursuant to the Regulation (EU) No 526/2013. This publication does not

 

necessarily represent state-of the-art and ENISA may update it from time to time.

 

Third-party sources are quoted as appropriate. ENISA is not responsible for the content of the external

 

sources including external websites referenced in this publication.

 

This publication is intended for information purposes only. It must be accessible free of charge. Neither ENISA

 

nor any person acting on its behalf is responsible for the use that might be made of the information contained

 

in this publication. Copyright Notice

 

© European Union Agency for Network and Information Security (ENISA), 2014

 

Reproduction is authorised provided the source is acknowledged.

 

ISBN: 978-92-9204-112-0, ISSN: 2363-3050, DOI: 10.2824/061861 Page ii ENISA Threat Landscape 2014

 

Overview of current and emerging cyber-threats

 

December 2014 Executive summary

 

No previous threat landscape document published by ENISA has shown such a wide range of change

 

as the one of the year 2014. We were able to see impressive changes in top threats, increased

 

complexity of attacks, successful internationally coordinated operations of law enforcement and

 

security vendors, but also successful attacks on vital security functions of the internet.

 

Many of the changes in the top threats can be attributed to successful law enforcement operations

 

and mobilisation of the cyber-security community: The take down of GameOver Zeus botnet has almost immediately stopped infection campaigns

 

and Command and Control communication with infected machines.

 

Last year?s arrest of the developers of Blackhole has shown its effect in 2014 when use of the

 

exploit kit has been massively reduced.

 

NTP-based reflection within DDoS attacks are declining as a result of a reduction of infected

 

servers. This in turn was due to awareness raising efforts within the security community.

 

SQL injection, one of the main tools used to compromise web sites, is on the decline due to a

 

broader understanding of the issue in the web development community.

 

Taking off-line Silk Road 2 and another 400 hidden services in the dark net has created a shock in

 

TOR community, both at the attackers and TOR users ends. But there is a dark side of the threat landscape of 2014: SSL and TLS, the core security protocols of the internet have been under massive stress, after a

 

number of incidents have unveiled significant flaws in their implementation .

 

2014 can be called the year of data breach. The massive data breaches that have been identified

 

demonstrate how effectively cyber threat agents abuse security weaknesses of businesses and

 

governments.

 

A vulnerability found in the BASH shell may have a long term impact on a large number of

 

components using older versions, often implemented as embedded software.

 

Privacy violations, revealed through media reports on surveillance practices have weakened the

 

trust of users in the internet and e-services in general.

 

Increased sophistication and advances in targeted campaigns have demonstrated new qualities

 

of attacks, thus increasing efficiency and evasion through security defences. In the ETL 2014, details of these developments are consolidated by means of top cyber threats and

 

emerging threat trends in various technological and application areas. References to over 400 relevant

 

sources on threats will help decision makers, security experts and interested individuals to navigate

 

through the threat landscape.

 

Lessons learned and conclusions may be useful for all stakeholders involved in the reduction of

 

exposure to cyber threats. Opportunities and issues in the areas of policy/business and technology

 

have been identified to strengthen collectively coordinated actions towards this goal. In the next year,

 

ENISA will try to capitalize on these conclusions by bringing together expertise to improve information

 

collection capabilities and to apply lessons learned to various areas of cyber security.

 

The figure below summarizes the top 15 assessed current cyber-threats and threat trends for

 

emerging technology areas. More details on the threats, emerging technology areas, threat agents

 

and attack methods can be found in this report. Page iii ENISA Threat Landscape 2014

 

Overview of current and emerging cyber-threats

 

December 2014 Current

 

Trends Top 10 Threat Trends in Emerging Areas

 

CyberPhysical

 

Systems

 

and CIP Mobile

 

Computing 2. Web-based

 

attacks 3. Web application

 

attacks

 

/Injection

 

attacks 4. Botnets 5. Denial of service 6. Spam 7. Phishing 8. Exploit kits 9. Data breaches 10. Physical

 

damage/theft

 

/loss 11. Insider threat 12. Information

 

leakage 13. Identity

 

theft/fraud 14. Cyber

 

espionage 15. Ransomware/

 

Rogueware/

 

Scareware Top Threats 1. Malicious code:

 

Worms/Trojans Legend: Netw.

 

Virtualisation Trust

 

Infrastr. Things Big Data Internet

 

of Cloud

 

Computing Trends: Declining, Stable, Increasing

 

Table 1: Overview of Threats and Emerging Trends of the ENISA Threat Landscape 20141 1 Please note that the ranking of threats in the emerging landscape is different than the one in the current landscape. The

 

rankings of emerging threat trends can be found in the corresponding section (see chapter 6). Arrows that show a stability Page iv ENISA Threat Landscape 2014

 

Overview of current and emerging cyber-threats

 

December 2014 Table of Contents

 

Executive summary iii 1 Introduction 1 2 Purpose, Scope and Method 5 2.1 Quality of Content of Threat Information 5 2.2 End-user Needs with regard to Threat Information 6 2.3 Typical Practical Use Case for Threat Information 8 2.4 Content of this year?s ETL and Terminology 9 2.5 Used definitions 3 Top Threats: The Current Threat Landscape 10 13 3.1 Malicious Code: Worms/Trojans 14 3.2 Web-based attacks 16 3.3 Web application attacks / Injection attacks 17 3.4 Botnets 18 3.5 Denial of Service 20 3.6 Spam 22 3.7 Phishing 23 3.8 Exploit Kits 25 3.9 Data Breaches 26 3.10 Physical damage/theft/loss 28 3.11 Insider threat 30 3.12 Information leakage 32 3.13 Identity theft/fraud 33 3.14 Cyber espionage 35 in a threat may be increasing in emerging areas. This is because current threat landscape includes all threats independently

 

from particular areas. Page v ENISA Threat Landscape 2014

 

Overview of current and emerging cyber-threats

 

December 2014 3.15 Ransomware/Rogueware/Scareware 37 3.16 Visualising changes in the current threat landscape 39 4 Threat Agents 41 4.1 Cyber-opportunity makes the thief 41 4.2 Overview of Threat Agents 42 4.3 Threat Agents and Top Threats 48 5 Attack Vectors 51 5.1 Attack Vectors within threat intelligence 51 5.2 Describing a Cyber-Attack though Attack Information 52 5.3 Targeted attacks 53 5.4 Drive-by-attacks 54 5.5 Strategic web compromise (watering hole attack) 55 5.6 Advanced persistent threat (APT) 56 6 Emerging Threat Landscape 59 6.1 Cyber Physical Systems as an emerging CIP issue 60 6.2 Mobile Computing 63 6.3 Cloud Computing 65 6.4 Trust infrastructures 67 6.5 Big Data 69 6.6 Internet of things/interconnected devices/smart environments 72 6.7 Network Virtualisation and Software Defined Networks 74 Food for Thought: Lessons Learned and Conclusions 79 7

 

7.1 Lessons learned 79 7.2 Conclusions 81 Page vi ENISA Threat Landscape 2014

 

Overview of current and emerging cyber-threats

 

December 2014 1 Introduction This ENISA Threat Landscape report for 2014 (ETL 2014) is the result of threat information collection

 

and analysis of the last 12 months (December 2013 ? December 2014), referred to in this document

 

as the reporting period.

 

The ETL 2014 is a continuation of the reports produced in 2012 and 2013: it follows similar approaches

 

for the collection, collation and analysis of publicly available information to produce the cyber-threat

 

assessment. The report contains a description of the methodology followed, together with some

 

details on use-cases of cyber-threat intelligence. The main contribution of the ETL 2014 lies in the

 

identification of top cyber threats within the reporting period. Together with the emerging threat

 

landscape, it makes up the main contribution towards identification of cyber-threats.

 

As in previous years, the ETL 2014 is based on publicly available material, the availability of which has

 

grown substantially in the reporting period. Starting from ca. 150 references in 2012, we identified ca.

 

250 in 2013. In 2014, we identified over 400 sources containing information on cyber threats, whereas

 

in all years we assume that our information collection detects ca. 60-70% of available material. This

 

makes the ETL 2014 a unique comprehensive collection of information regarding cyber-security

 

threats.

 

ENISA has performed information collection by means of internet searches, by using the information

 

provided by the CERT-EU 2 and by using the web platform of Welund Horizon Ltd through free access

 

granted to ENISA in the reporting period.

 

As is explained later in this report, the ETL 2014 has been expanded to include information on attack

 

vectors, that is schematic representations on the course of attacks, indicating targeted assets and

 

exploited weaknesses/vulnerabilities. Another new component in the ETL 2014 is the elaboration of

 

use-cases of threat intelligence: by showing the various activities of threat analysis, we demonstrate

 

how the information produced can be used within various phases of security management.

 

Another novelty of the ETL 2014 process is the involvement of stakeholders in the identification of

 

issues as well as knowledge transfer and information sharing. In 2014, ENISA has established an ETL

 

stakeholder group consisting of 13 experts from CERTs, vendors, Member States and users. This group

 

has provided advice on various issues of threat analysis, including stakeholder requirements and stateof-the art developments in the area of threat intelligence.

 

Lessons learned and conclusions summarize the highlights of this year?s threat assessment exercise

 

and provide concluding remarks that are relevant for policy makers, businesses and cyber-security

 

experts. Policy Context

 

The policy context of the ETL 2014 with regard to relevant EU-regulations is identical to that of 2013

 

ETL. The Cyber Security Strategy of the EU 3 stresses the importance of threat analysis and emerging

 

trends in cyber security. The ENISA Threat Landscape is an activity contributing towards the

 

achievement of objectives formulated in this strategy, in particular by contributing to the

 

identification of emerging trends in cyber-threats and understanding the evolution of cyber-crime (see

 

2.4 regarding proposed role of ENISA). 2

 

3 http://cert.europa.eu/cert/filteredition/en/CERT-LatestNews.html, accessed November 2014.

 

http://www.ec.europa.eu/digital-agenda/en/news/eu-cybersecurity-plan-protect-open-internet-and-online-freedomand-opportunity-cyber-security, accessed 28 Nov 2013. Page 1 ENISA Threat Landscape 2014

 

Overview of current and emerging cyber-threats

 

December 2014 Moreover, the new ENISA regulation4 mentions the need to analyse current and emerging risks (and

 

their components), stating: ?the Agency, in cooperation with Member States and, as appropriate, with

 

statistical bodies and others, collects relevant information?. In particular, under Art. 3, Tasks, d), iii),

 

the new ENISA regulations states that ENISA should ?enable effective responses to current and

 

emerging network and information security risks and threats?.

 

The ENISA Threat Landscape aims to make a significant contribution to the implementation of the EU

 

Cyber Security Strategy by streamlining and consolidating available information on cyber-threats and

 

their evolution. Target audience

 

The target audience of the ETL 2014 remains very similar to that of previous versions of this report. It

 

mainly targets cyber-security specialists and individuals interested in the development of cyberthreats. More precisely, these are cyber-security specialists working at the strategic, tactical and

 

operational levels of security management. Threat and risk assessments may be the primary concerns

 

of such individuals. They are busy with assessing the ?external environment? and ?internal

 

environments?5 in the framework of threat and risk assessments. In this year?s ETL, we provide a more

 

extensive view on the use-cases of a threat analysis process (see section 2.2). Besides the high level

 

discussions provided within this document, security experts will be in a position to identify detailed

 

issues on the assessed threats by means of numerous references to collected sources. This might make

 

the ETL a useful tool for long term use as it comprises a sort of contextualized ?directory? to cyberthreat sources.

 

As the ETL contains high level information about cyber threats and emerging technology areas, it is a

 

good ?entry point? to the subject of threat intelligence for non-experts. This target group will be

 

interested in the descriptions provided and the consolidated presentations of cyber threats and threat

 

trends. We have experiences, for example, that consolidated material of ETL 2013 has been used

 

within German schoolbooks.

 

The ETL 2014 will be of interest for policy makers: current threats and threat trends may be an

 

important input to policy actions in the area of cyber-security, national cyber-security preparedness

 

and possible coordination and cooperation initiatives among threat collection organisations and other

 

competent bodies.

 

Experience from previous ETL reports shows that media is an important target group of the ETL. The

 

generic cyber-threat descriptions provided can be easily understood by non-security experts. Such

 

descriptions help media to understand the dependencies and developments in that area. An area that

 

enjoys particular media attention, the latest after revelations about state sponsored surveillance

 

activities and related privacy risks for citizens world-wide.

 

Last but not least, by providing tactical and strategic guidance, The ETL 2014 could be used to support

 

executive management decisions and orientation of asset protection policies. This makes the ETL 2014

 

potentially useful for ISMS activities. Structure of this document

 

The structure of the ETL 2014 is as follows: 4

 

5 http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2013:165:0041:0058:EN:PDF, accessed 28 Nov 2013.

 

http://www.enisa.europa.eu/activities/risk-management/current-risk/risk-management-inventory/rm-process/rmprocess/crm-strategy/scope-framework, accessed 30 Oct 2013. Page 2 ENISA Threat Landscape 2014

 

Overview of current and emerging cyber-threats

 

December 2014 Chapter 2 ?Purpose, Scope and Method? provides some information regarding the threat analysis

 

process as it is being performed within the ETL 2014. Moreover, it refers to the information flow

 

between threat analysis and relevant stakeholders, while it gives some information on use-cases for

 

threat intelligence and used definitions.

 

Chapter 3 ?ETL 2014: Current Threat Landscape? is the heart of the ETL 2014 as it contains top 15

 

cyber-threats assessed in 2014. It provides detailed information on the threat with references to all

 

relevant resources found, trends assessed and the role of each threat within the kill-chain.

 

Chapter 4 ?Threat Agents? is an overview of threat agents with short profiles and references to

 

developments that have been observed for every threat agent group in the reporting period.

 

Chapter 5 ?Attack Vectors? contains some new content that has been adopted in this year?s ETL. It

 

provides information on typical attack scenarios, steps and deployed cyber-threats and is supposed to

 

complement the presented material by giving some initial information on the ?How? of a cyber-attack.

 

Chapter 6 ?The Emerging Threat Landscape? indicates assessed technology areas that will impact the

 

threat landscapes in the middle-term. Ongoing developments in those areas will influence the ways

 

attackers will try to achieve their aims, but also the way defences are going to be implemented.

 

Chapter 7 ?Food for thought: Lessons Learned and Conclusions? is a summary of interesting issues

 

encountered within the threat analysis and provides the conclusions of this year?s ETL.

 

As was the case in ETL 2013, the present document has been developed in a modular way. The

 

chapters are as independent as possible to each other, thus allowing for an isolation of the addressed

 

issues so that readers can concentrate on the topic of interest. This approach also allows for

 

independent updates of the content, when deemed necessary (i.e. in cases of publication of additional

 

threat assessment summaries within a year). Page 3 ENISA Threat Landscape 2014

 

Overview of current and emerging cyber-threats

 

December 2014 ETL 2013: Purpose, Scope and Method Page 4 ENISA Threat Landscape 2014

 

Overview of current and emerging cyber-threats

 

December 2014 2 Purpose, Scope and Method Worldwide, the cyber threat landscape ? and threat analysis in general ? has been assigned a central

 

role in practical Security Incident and Event Management (SIEM6). This is the case both in the relevant

 

vendor market and within end-user organisations. A plethora of related services and good practices

 

are available that are based on threat intelligence. They consist mainly of collection, aggregation and

 

correlation of data. It has been recognised that information on cyber-threats should be THE parameter

 

to actively adapt security protection practices towards a more agile management of security controls.

 

Following these trends, in this year?s ETL we have optimized threat collection and analysis practices,

 

whilst at the same time better reflecting on the practical applicability of threat information in

 

Information Security Management Systems (ISMS) and SIEM.

 

The purpose and positioning of the ENISA Threat Landscape (ETL) has been documented in ENISA?s

 

2013 deliverable (ETL 20137) and is still valid. Yet, based on advancements observed in the reporting

 

period, a more detailed view on the purpose and potential use of the delivered information is provided

 

in this chapter. This is done by paying attention to stakeholder requirements with regard to threat

 

information/threat intelligence. These requirements have been assessed within the ENISA Threat

 

Landscape Stakeholder Group (ETL SG), established in 2014 in order to advise ENISA on relevant

 

matters.

 

In the rest of this chapter we discuss several important aspects of threat landscape such as: Quality and content of threat information;

 

End-user needs with regard to threat information;

 

Typical practical use case for threat information and,

 

Content of this year?s ETL and terminology. 2.1 Quality of Content of Threat Information

 

Numerous organisations create, assess and analyse information regarding cyber threats. Typically,

 

such information may have varying levels of detail, structure and abstraction level. The differences

 

are motivated by the purpose of the delivered information and the input data used to create it. In

 

particular, the following types of threat information can be found:

 

Strategic (S): this is usually the highest level information about threats. Such information is used within

 

forecasts of the threat landscape and emerging technological trends in order to prepare organisations

 

by means of assessments, prospective measures and security investments, as well as adaptation of

 

existing cyber security strategies. These are typical ISMS activities and stakeholders interested in this

 

level of information are mostly CISOs and CIOs.

 

Tactical (T): tactical threat information consists of condensed information describing threats and their

 

components, such as threat agents, threat trends, emerging trends for various technological areas,

 

risks to various assets, risk mitigation practices, etc. This information is important for stakeholders

 

engaged in long-term maintenance of security infrastructures, mostly within security management

 

activities. Hence, tactical threat information is also relevant to ISMS.

 

Operational (O): this is the most basic information about existing threats. It covers detailed technical

 

information about threats, incidents, vulnerabilities, etc., and usually derived from detections at the 6

 

7 http://en.wikipedia.org/wiki/Security_information_and_event_management, accessed November 2014.

 

http://www.enisa.europa.eu/activities/risk-management/evolving-threat-environment/enisa-threat-landscape-2013overview-of-current-and-emerging-cyber-threats/at_download/fullReport, accessed 30 Sept 2014. Page 5 ENISA Threat Landscape 2014

 

Overview of current and emerging cyber-threats

 

December 2014 level of technical artefacts. It includes identification of cyber threats (e.g.. MD5 hash or Indicators of

 

Compromise (IOC) 8 ), its elements (vulnerability abuses, threat agents, attack vectors) and

 

corresponding countermeasures (technical controls for the elimination/reduction of threat or threat

 

exposure). This information is crucial for the day-to-day operation and maintenance of infrastructure

 

on the technical level and comprises the main input to SIEM. This area is strongly supported by many

 

standards and tools available on the market (both open source like MISP 9 or commercial like Threat

 

Connect®10) which facilitate automatic (at least on some level) gathering and sharing information.

 

The diagram known as Pyramid of Pain 11 illustrates how to measure the trouble generated to

 

adversaries by using threat intelligence. Taking this approach as a basis, one can argue that while

 

operational information is related to the bottom layers of the pyramid, tactical information refers

 

rather to the top levels. Whereas both tactical and strategic information constitute the transition from

 

threat intelligence and SIEM to ISMS.

 

ETL contains mainly strategic and tactical information about cyber threats. Information collection,

 

aggregation and analysis, however, is often based on all types of information found in the public

 

domain. Operational information is used mainly as trigger to recognise/understand the whereabouts

 

of cyber threats which are then consolidated by means of tactical and strategic issues. The main focus

 

of ETL is on tactical and strategic guidance, this makes it more relevant to asset protection policies

 

and practices. 2.2 End-user Needs with regard to Threat Information

 

It is important to analyse, understand and address end-user needs in the provision of cyber threat

 

information. Given the novelty of (dynamic) threat analysis processes in SIEM and ISMS, the

 

identification of possible use-cases that might suit end-user needs is at an early stage.

 

In the reporting period, ENI...

 


Solution details:

Pay using PayPal (No PayPal account Required) or your credit card . All your purchases are securely protected by .
SiteLock

About this Question

STATUS

Answered

QUALITY

Approved

DATE ANSWERED

Sep 13, 2020

EXPERT

Tutor

ANSWER RATING

GET INSTANT HELP/h4>

We have top-notch tutors who can do your essay/homework for you at a reasonable cost and then you can simply use that essay as a template to build your own arguments.

You can also use these solutions:

  • As a reference for in-depth understanding of the subject.
  • As a source of ideas / reasoning for your own research (if properly referenced)
  • For editing and paraphrasing (check your institution's definition of plagiarism and recommended paraphrase).
This we believe is a better way of understanding a problem and makes use of the efficiency of time of the student.

NEW ASSIGNMENT HELP?

Order New Solution. Quick Turnaround

Click on the button below in order to Order for a New, Original and High-Quality Essay Solutions. New orders are original solutions and precise to your writing instruction requirements. Place a New Order using the button below.

WE GUARANTEE, THAT YOUR PAPER WILL BE WRITTEN FROM SCRATCH AND WITHIN A DEADLINE.

Order Now