Reading the ENISA Threat Landscape 2014 report

The European Union Agency for Network and Information Security has published the annual report on the cyber threat landscape “ENISA Threat Landscape 2014.”

The European Union Agency for Network and Information Security (ENISA) has published the annual report on the cyber threat landscape “ENISA Threat Landscape 2014.”

This ENISA Threat Landscape 2014 report (ETL 2014) was prepared by collecting and analyzing threat data of the last 12 months (December 2013 – December 2014).

The document is composed of the following sections:

  • “Purpose, Scope and Method” provides some information regarding the threat analysis process.
  • “ETL 2014: Current Threat Landscape” contains top 15 cyber-threats assessed in 2014 and related information.
  • “Threat Agents” contains the profiling of threat agents.
  • “Attack Vectors” contains information on typical attack scenarios.
  • “The Emerging Threat Landscape” indicates assessedtechnology areas that will impact the
  • “The Emerging Threat Landscape” reports the areas that will impact the threat landscapes in the middle-term.
  • “Food for thought: Lessons Learned and Conclusions”

This year the threat landscape is characterized by significant upheavals, the number of cyber attacks has grown rapidly as well as their complexity despite the excellent action of law enforcement, which influenced the evolution of the criminal ecosystem.

“In the ETL 2014, details of these developments are consolidated by means of top cyber threats and
emerging threat trends in various technological and application areas. References to over 400 relevant
sources on threats will help decision makers, security experts and interested individuals to navigate
through the threat landscape.” reads the ENISA Threat Landscape 2014,

The take down of GameOver Zeus botnet which was conducted by the DoJ and the FBI in a multinational effort has dealt a blow to cyber crime sindacate, the arrest of the author of the popular Blackhole and the seizure of numerous underground black markets on Tor as part of the Onymous Operation, are just a few example of successfully action operated by law enforcement.

2014 was also characterized by significant threats to the overall Internet infrastructure, let’s consider the increase of the DDoS amplification attacks (i.e. NTP-based reflection DDoS attacks) or the numerous flaws affecting popular encryption libraries like the Heartbleed and the Poddle bugs.

2014 is considered the year of data breaches, the number of incidents is dramatically increased, in frequency and severity, exposing hundreds of millions of records of unsuspecting users.

“The massive data breaches that have been identified demonstrate how effectively cyber threat agents abuse security weaknesses of businesses and governments.” states the report.

Analyzing the attacks against websites, experts noticed that SQL injection, which is still one of the most effective attack techniques, is on the decline due to information sharing on the threat.

Privacy is the topic that most of all interested Internet community, netizens fear numerous surveillance program run by governments and have fueled mistrust in the network.

The cyberspace is the new battlefield, a growing number of targeted campaigns were characterized sophisticated attack schemes that benefiting efficient evasion techniques.


The report provides useful information to reduce the surface of attack and exposure to cyber threats. The Agency will continue to collect information on cyber threats and will improve critical operation like information sharing.

This report is a must read for cyber-security specialists and anyone who is interested in the development of cyber threats.

Let me personally thanks for the support all the members of the Threat Landscape Stakeholder Group, in particular the author of the report Louis Marinos, that coordinated us during the last year and that made possible the publishing of a so precious document.

Enjoy the report!

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2021

We are in our 9th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.