Europe’s computer security agency has set out a list of the top threats in the online world, warning that hacking for profit is one of the biggest trends.
“Undoubtedly, optimization of cyber-crime turnover was THE trend observed in 2016. And, as with many of the negative aspects in cyber-space, this trend is here to stay. The development and optimization of badware towards profit will remain the main parameter for attack methods, tools and tactics,” warned the report from the European Union Agency for Network and Information Security (ENISA).
It said criminals had been using unsecured Internet of Things (IoT) devices to launch giant distributed denial of service (DDoS) attacks, and have launched extortion attacks against commercial organisations that have “achieved very high levels of ransom and high rates of paying victims”, and demonstrated the ability to affect the outcome of democratic processes like the US presidential elections.
Executive director of ENISA Udo Helmbrecht said: “As we speak, the cyber-threat landscape is receiving significant high-level attention: it is on the agenda of politicians in the biggest industrial countries. This is a direct consequence of ‘cyber’ becoming mainstream, in affecting people’s opinions and influencing the political environment of modern societies.”
Malware tops ENISA’s lists, with over 600 million samples identified per quarter, and mobile malware, ransomware, and information stealers the main areas of criminal malware innovation.
“Equally impressive was the fact that state-sponsored threat actors have launched malware that has had high efficiency by exploiting quite a few zero-day vulnerabilities,” the report said.
It noted that the average lifespan of malware hashes — the unique identification of a malware variant used by malware detection tools — has shrunk so much that a specific malware variant might exist for just one hour.