Good guys, bad guys square off in cyber security race

While the top cyber threats faced by businesses remain essentially unchanged, businesses dealing with these threats and their cyber criminal adversaries are both making progress — for better and for worse — the European Union Agency for Network and Information Security says in a report.

“Cyber-space stakeholders have gone through varying degrees of further maturity,” says Brussels-based ENISA in its 88-page report, “ENISA Threat Landscape 2015,” issued Tuesday.

“While the friendly agents — the good guys — have demonstrated increased cooperation and orchestrated reaction to cyber threats, hostile agents — the bad guys — have advanced their malicious tools with obfuscation, stealthiness and striking power,” says the report.

Improvements on the defenders' side include performing orchestrated actions to take down malicious infrastructure, strengthening government awareness, performing exercises and focusing on research and development.

Meanwhile, “seemingly, cyber-threat agents have had the tranquility and resources to implement a series of advancements in malicious practices,” says the report.

These include performing persistent attacks based on hardware, offering inexpensive “crime services,” the highly efficient development of malware weaponization and automated tools, campaigning with “highly profitable” malicious infrastructure and malware to breach data and hold end-user devices to ransom, and broadening the “attack surface” to include routers, firmware and the Internet of Things.

The report says the top five threats in 2015 were the same as in 2014: malware, Web-based attacks, Web application attacks, botnets and denial of service.

The only change is that botnets and denial of service switched rankings between 2014 and 2015, it says.