No good news from ENISA Threat Landscape Mid year 2013

Sep 26, 2013, 11:00 am EST

ENISA Threat Landscape Mid year 2013 presents top cyber threats, anticipating its interim Threat Landscape 2013 report. The study reveals concerning trends.

ENISA published a new report titled ENISA Threat Landscape Mid year 2013 that provides an interesting update for the list of top cyber threats.

The scope of the ENISA Threat Landscape Mid year 2013 is to give an overview on the trends for cyber threats to give possibility to improve our assessment capabilities according actual scenario and to respond to the evolution of menaces.

It is critical for the security community to flag interesting changed and new developments, alerting the public as early as possible about incoming cyber threats.

Enisa Threat

The ENISA Threat Landscape Mid year 2013 analyses 50 reports, and identifies the trend for main threats to:

  • infrastructure
  • mobile devices
  • social media
  • cloud services

The document highlight that cybercrime increasingly using sophisticated techniques for the attacks, the hackers are improving methods to be non-traceable and to make more resistant their malicious structures to take down operated by law enforcement.

Cybercriminals are even more adopting peer-to-peer protocols for their botnets, last malware in order of time is Mavade that according security experts is responsible for the spike in Tor traffic.

Technologies such as mobile and social networking are increasingly threatened by cybercriminals that are “adapting” traditional threats, such as drive-by-exploit and malware, in these new contexts.

“The proliferation of mobile devices will lead to an amplification of abuse based on knowledge/attack vectors targeting to social media.” states the report.

The document highlights the organizational capacity of cybercrime ecosystem that increased its offer for hacking services and malware development, the black market has also increased the adoption of virtual currency schema to protect anonymity of its transactions.

Anonymous payment services are completing an offer able to respond to needs of cybercrime ecosystem that is opening up new avenues for cyber-fraud and criminal activity.

As reported in the above table the ENISA Threat Landscape Mid year 2013 identifies the following top threats with major impact since 2012.

Drive-by-exploits: browser-based attacks still remain the most reported threats, and Java remains the most exploited software for this kind of threat.


Sophisticated malware are used by cyber criminals and governments for various purposes such as offensive attacks, cyber espionage and for realization of sophisticated cyber scams. Cybercrime makes extensive use of malware especially for the realization of bank frauds, the situation regarding the use of mobile platforms and social networks is concerning, these platforms are exploited to spread on large-scale malicious agents.

Code Injection: attacks are notably popular against web site Content Management Systems (CMSs). Due to their wide use, popular CMSs constitute a considerable attack surface that has drawn the attention of cyber-criminals. Cloud service provider networks are increasingly used to host tools for automated attacks.

As reported in the ENISA Threat Landscape Mid year 2013 BotnetsDenial of Services, Rogueware/Scareware, Targeted Attack, Identity Theft and Search Engine Poisoning still represents serious menaces to the IT community, the unique cyber threat down is spam as expected.

Analyze these threats separately is reductive, another concerning trend reported by the study is a real possibility of large impact events when attackers combine various techniques of attack … and let me add that this most common scenario as described also in last “ENISA Threat Landscape 2012” report

(Source: CDM, Pierluigi Paganini, Editor and Chief )

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase