ENISA Cybersecurity Threat Landscape Methodology PDF Download

Author: Eleni Tsekmezoglou
Publisher:
ISBN: 9789292045791
Category :
Languages : en
Pages : 0

View

Book Description
Policy makers, risk managers and information security practitioners need up to date and accurate information on the current threat landscape, supported by threat intelligence. The EU Agency for Cybersecurity (ENISA) Threat Landscape report has been published on an annual basis since 2013. The report uses publicly available data and provides an independent view on observed threats agents, trends and attack vectors. ENISA aims at building on its expertise and enhancing this activity so that its stakeholders receive relevant and timely information for policy-creation, decision-making and applying security measures, as well as in increasing knowledge and information for specialised cybersecurity communities or for establishing a solid understanding of the cybersecurity challenges related to new technologies. The added value of ENISA cyberthreat intelligence efforts lies in offering updated information on the dynamically changing cyberthreat landscape. These efforts support risk mitigation, promote situational awareness and proactively respond to future challenges. Following the revised form of the ENISA Threat Landscape Report 2021, ENISA continues to further improve this flagship initiative. ENISA seeks to provide targeted as well as general reports, recommendations, analyses and other actions on future cybersecurity scenarios and threat landscapes, supported through a clear and publicly available methodology. By establishing the ENISA Cybersecurity Threat Landscape (CTL) methodology, the Agency aims to set a baseline for the transparent and systematic delivery of horizontal, thematic, and sectorial cybersecurity threat landscapes. The following threat landscapes could be considered as examples. Horizontal threat landscapes, such as the overarching ENISA Threat Landscape (ETL), a product which aims to cover holistically a wide-range of sectors and industries. Thematic threat landscapes, such as the ENISA Supply Chain Threat Landscape, a product which focuses on a specific theme, but covers many sectors. Sectorial threat landscape, such as the ENISA 5G Threat Landscape, focuses on a specific sector. A sectorial threat landscape provides more focused information for a particular constituent or target group. Recognising the significance of systematically and methodologically reporting on the threat landscape, ENISA has set up an ad hoc Working Group on Cybersecurity Threat Landscapes (CTL WG) consisting of experts from European and international public and private sector entities. The scope of the CTL WG is to advise ENISA in designing, updating and reviewing the methodology for creating threat landscapes, including the annual ENISA Threat Landscape (ETL) Report. The WG enables ENISA to interact with a broad range of stakeholders for the purpose of collecting input on a number of relevant aspects.

Author: Marianthi Theocharidou
Publisher:
ISBN: 9789292046385
Category :
Languages : en
Pages : 0

View

Book Description
Is is the first ENISA threat landscape report which brings insights into cyber threats targeting the European health sector. The sector was selected due to its criticality and its importance to European citizens and their well-being. In the ENISA Threat Landscape 2022, around 7% of the observed incidents targeted health organisations. Moreover, 32% of the incidents with a significant impact reported under the Network and Information Security Directive in 2022 were incidents in the EU health sector. Additionally, during 12 consecutive years the healthcare industry had the highest average cost of a breach worldwide. In this report, we have analysed cyber incidents targeting the health sector from January 2021 to March 2023. This period is referred to as the 'reporting period' throughout the report. We collected publicly reported cyber incidents affecting various types of organisations related to health. These include: - healthcare providers, such as hospitals, primary care providers, sociosanitary care providers, dental care providers, emergency services, mental health institutions, etc., - EU reference laboratories, entities carrying out research and development activities for medicinal products and, more generally, organisations conducting health related research, - entities manufacturing basic pharmaceutical products and pharmaceutical preparations, and the pharmaceutical industry in general, - entities manufacturing medical devices and biotechnology manufacturers, - health authorities, bodies and agencies nationally and in the EU, - health insurance organisations, - residential treatment facilities and social services providers.

Author: Ifigeneia Lella
Publisher:
ISBN: 9789292045807
Category :
Languages : en
Pages : 0

View

Book Description
The threat of ransomware has consistently ranked at the top in the ENISA Threat Landscape for the past few years and, in particular, in 2021 it was assessed as being the prime cybersecurity threat across the EU. Motivated mainly by greed for money, the ransomware business model has grown exponentially in the last decade and it is projected to cost more than 10 trillion USD by 2025. The evolution of the business model to a more specialised and organised distribution of labour through a cybercrime-as-a-service model has turned ransomware into a commodity. Nowadays, it seems simpler for anyone with basic technical skills to quickly perform ransomware attacks. The introduction of cryptocurrency, the fact that affected companies actually do pay the ransom, and the more efficient division of work, have greatly fuelled the growth of ransomware, generating a catastrophic global effect. Even though ransomware is not new, technologies evolve and with them so do attacks and vulnerabilities, thus pressurising organisations to be always prepared for a ransomware attack. In many cases, staying in business requires difficult decisions, such as paying or not paying the ransom6, since this money ends up fuelling ransomware activities. This is despite year-long and consistent recommendation not to pay ransom demands and to contact the relevant cybersecurity authorities to assist in handling such incidents. This report brings new insights into the ransomware threat landscape through a careful study of 623 ransomware incidents from May 2021 to June 2022. The incidents were analysed in-depth to identify their core elements, providing answers to some important questions such as how do the attacks happen, are ransom demands being paid and which sectors are the most affected. The report focuses on ransomware incidents and not on the threat actors or tools, aiming to analyse ransomware attacks that actually happened as opposed to what could happen based on ransomware capabilities. This ransomware threat landscape has been developed on the basis of the recently published ENISA Cybersecurity Threat Landscape Methodology. The report starts by clearly defining what ransomware is since it has proven to be an elusive concept spanning various dimensions and including different stages. The definition is followed by a novel description of the types of ransomware that breaks the traditional classification and instead focuses on the four actions performed by ransomware, i.e. Lock, Encrypt, Delete, Steal (LEDS), and the assets at which these actions are aimed. By defining the types of ransomware, it is then possible to study the life cycle of ransomware and its business models. This characterisation of ransomware leads into the core of this report which is the deep analysis of 623 incidents and its summary in precise statistics. The report ends by highlighting recommendations for readers and key conclusions.

Author: Ifigeneia Lella
Publisher:
ISBN: 9789292045098
Category :
Languages : en
Pages :

View

Book Description
Supply chain attacks have been a security concern for many years, but the community seems to have been facing a greater number of more organized attacks since early 2020. It may be that, due to the more robust security protection that organizations have put in place, attackers successfully shifted towards suppliers. They managed to have significant impacts in terms of the downtime of systems, monetary losses and reputational damages, to name but a few. The importance of supply chains is attributed to the fact that successful attacks may impact a large amount number of customers who make use of the affected supplier. Therefore, the cascading effects from a single attack may have a widely propagated impact. This report aims at mapping and studying the supply chain attacks that were discovered from January 2020 to early July 2021. Based on the trends and patterns observed, supply chain attacks increased in number and sophistication in the year 2020 and this trend is continuing in 2021, posing an increasing risk for organizations. It is estimated that there will be four times more supply chain attacks in 2021 than in 2020. With half of the attacks being attributed to Advanced Persistence Threat (APT) actors, their complexity and resources greatly exceed the more common non-targeted attacks, and, therefore, there is an increasing need for new protective methods that incorporate suppliers in order to guarantee that organizations remain secure. This report presents the Agency's Threat Landscape concerning supply chain attacks, produced with the support of the Ad-Hoc Working Group on Cyber Threat Landscapes.

Author: Marianthi Theocharidou
Publisher:
ISBN: 9789292046248
Category :
Languages : en
Pages : 0

View

Book Description
This is the first analysis conducted by the European Union Agency for Cybersecurity (ENISA) of the cyber threat landscape of the transport sector in the EU. The report aims to bring new insights into the reality of the transport sector by mapping and studying cyber incidents from January 2021 to October 2022. It identifies prime threats, actors and trends based on the analysis of cyberattacks targeting aviation, maritime, railway and road transport over a period of almost 2 years.

Author: Marco Barros Lourenço
Publisher:
ISBN: 9789292044459
Category :
Languages : en
Pages :

View

Book Description
This report is an update of the ENISA 5G Threat Landscape, published in its first edition in 2019. This document is a major update of the previous edition. It encompasses all novelties introduced, it captures developments in the 5G architecture and it summarizes information found in standardisation documents related to 5G. Moreover, the vulnerability and threat assessments found in this document introduce a significant advancement to the previous edition, by providing more comprehensive information about the exposure of assets of the updated 5G architecture. Beyond these changes, some additional elements have been taken into account. Firstly, implementation/migration options of a gradual migration to 5G from 4G have been taken into account. Secondly, security issues of operational processes have been considered. These two changes enlarge the scope of the assessment and include important parts for the enhancement of operational security. For all these elements, this report provides a vulnerability analysis, indicating how these vulnerabilities can be exploited through cyberthreats and how this exploitation can be mitigated through security controls. The assessed vulnerabilities are consolidated from various sources, including main 5G standardisation documents and telecommunication best practices (3GPP, ITU, ETSI, ISO, NIST and GSMA). A consolidation and mapping of cyberthreats used in these standards has also been performed. Clearly, the complexity of 5G infrastructure and the dependencies of assets, controls and threats is reflected in the complexity of the produced information. ENISA would like to develop a tool-based version of this information, so that users of the material can better navigate this complex information in a more efficient way than the static, highly interlinked tables presented in this report. This task will be accounted for in the near future. The performed assessments in this report are based on specifications of 5G infrastructure, thus potentially having a certain "distance" from actual implementations. Moreover, assessed vulnerabilities have been extrapolated from experiences of weaknesses of technical implementations of similar non-5G components. As such, they comprise rather hypothetical assumptions that are to be validated on the basis of implementations. ENISA states in this document the importance of bridging the gap between functional specifications and implemented functions. As 5G implementation are proceeding, it is important to develop ways to check the compliance of implementations towards the specified content and feedback information to the specification efforts. Initially, the creation of implementation guidelines may be a useful tool to assess the quality of implementations. In addition, security assurance methods may be a good way to support developers and/or entities that will test the compliance of implemented 5G functions.

Author: Marco Lourenço
Publisher:
ISBN: 9789292043063
Category :
Languages : en
Pages :

View

Book Description
This report draws an initial threat landscape and presents an overview of the challenges in the security of 5G networks. Its added value lays with the creation of a comprehensive 5G architecture, the identification of important assets (asset diagram), the assessment of threats affecting 5G (threat taxonomy), the identification of asset exposure (threats - assets mapping) and an initial assessment of threat agent motives. The content of this Threat Landscape is fully aligned with the EU-Wide Coordinated Risk Assessment of 5G networks security. The EU-wide Coordinated Risk Assessment, published on the 9th of October 2019 by the European Commission, which built on the methodological approach developed for the threat landscape, presents in Section 2(D) ten high-level risk scenarios based on the information provided by Member States within National Risk Assessments.

Author: Ifigeneia Lella
Publisher:
ISBN: 9789292045883
Category :
Languages : en
Pages : 0

View

Book Description
This is the tenth edition of the ENISA Threat Landscape (ETL) report, an annual report on the status of the cybersecurity threat landscape. It identifies the top threats, major trends observed with respect to threats, threat actors and attack techniques, as well as impact and motivation analysis. It also describes relevant mitigation measures. This year's work has again been supported by ENISA's ad hoc Working Group on Cybersecurity Threat Landscapes (CTL).

Author:
Publisher:
ISBN: 9789292046064
Category :
Languages : en
Pages : 0

View

Book Description
The EU Agency for Cybersecurity (ENISA) and the European External Action Service (EEAS) have joined forces to study and analyse the threat landscape concerning Foreign Information Manipulation and Interference (FIMI) and disinformation. A dedicated analytical framework is put forward, consistent with the ENISA Threat Landscape (ETL) methodology, with the aim of analysing both FIMI and cybersecurity aspects of disinformation. The concept of Foreign Information Manipulation and Interference (FIMI) has been proposed by the EEAS, as a response to the call of the European Democracy Action Plan for a further refinement of the definitions around disinformation. Although disinformation is a prominent part of FIMI, FIMI puts emphasis on manipulative behaviour, as opposed to the truthfulness of the content being delivered. Several strategic documents, such as the Strategic Compass for Security and Defence and the July 2022 Council Conclusions on FIMI, refer to the importance of countering FIMI as well as hybrid and cyber threats. Accordingly, in light of broader hybrid threats that cross different domains, one of the main motivations behind this report is to identify ways to bring the cybersecurity and counter-FIMI communities closer together. The ambition is to provide an input to the on-going and ever-pressing discussion on the nature and dynamics of information manipulation and interference, including disinformation, and on how to collectively respond to this phenomenon. The report proposes and tests an analytical approach describing FIMI and manipulation of information, as well as the underlying cybersecurity elements, by combing practices from both domains: - For cybersecurity: The open methodological framework used by ENISA's annual report on the state of the cybersecurity threat landscape, the ENISA Threat Landscape Reports3 - For FIMI: The open-source DISARM framework used to capture FIMI/disinformation By testing the framework on a limited set of events, the report serves as a proof of concept for the interoperability of the frameworks.

Author: Ifigeneia Lella
Publisher:
ISBN: 9789292045364
Category :
Languages : en
Pages :

View

Book Description
This is the ninth edition of the ENISA Threat Landscape (ETL) report, an annual report on the status of the cybersecurity threat landscape that identifies prime threats, major trends observed with respect to threats, threat actors and attack techniques, and also describes relevant mitigation measures. In the process of constantly improving our methodology for the development of threat landscapes, this year's work has been supported by a newly formatted ENISA ad hoc Working Group on Cybersecurity Threat Landscapes (CTL). The time span of the ETL 2021 report is April 2020 to July 2021 and is referred to as the "reporting period" throughout the report. During the reporting period, the prime threats identified include: - Ransomware - Malware - Cryptojacking - E-mail related threats - Threats against data - Threats against availability and integrity - Disinformation - misinformation - Non-malicious threats - Supply-chain attacks.