In my view, the comprehensive approach used to create this PDF document makes it worth taking the time and energy to read throught the entire document in detail. The extensive coverage of topics includes definitions and activity in these areas of: “Drive-by exploits: Worms/Trojans , Code Injection Attacks, Exploit Kits, Botnets, Denial of service, Phishing, Compromising confidential information, Rogueware/Scareware, Spam, Targeted Attacks, Physical Theft/Loss/Damage, Identity Theft, Abuse of Information Leakage, Search Engine Poisoning, Rogue certificates.”
After coverage of these threats, the EU report covers major threat trends, including:
“The Emerging Threat Landscape
- Threat Trends in Mobile Computing
- Threat Trends in Social Technology
- Threat Trends in Critical Infrastructures
- Threat Trends in Trust Infrastructure
- Threat Trends in Cloud Computing
- Threat Trends in Big Data”
The coverage of each area includes specific topics and whether activity is up, sideways or down. One such area is “Trust Infrastructure,” which many in the U.S. cover under the “Trusted Identities in Cyberspace.”
Emerging Threat: Trust Infrastructure |
Threat Trend |
1. Denial of service (an effective technique to attack trust infrastructure components and achieve impact by blocking access to relevant components, e.g., handshaking with SSL servers65) |
Up |
2. Rogue certificates (compromising trust relationships will be key in generating fake trust within components of trust infrastructure but also other systems using them) |
Up |
3. Compromising confidential information (data breaches will have an impact in trust infrastructures, e.g., by providing valuable information to launch an attack) |
Sideways |
4. Targeted attacks (spearphishing and APTs will remain a significant concern in this area) |
Sideways |
“Among the programs under way, the administration is launching an initiative to use commercial cloud services to authenticate third-party credentials for accessing government sites, called the Federal Cloud Credential Exchange. The U.S. Postal Service will be operating an FCCX pilot.”
Again, I urge readers to take the time to read this latest European report and William Jackson’s GCN blog. It is clear that these cyber attacks against critical infrastructure are a continuing (and growing) global problem. It is good to see the comprehensive report coming from Europe.
What are your thoughts on the trends identified in this report?