The Inquirer-Home

Drive-by exploits are the top web security threat, says ENISA

Identifies chief security vulnerabilities in its first Cyber Threat Landscape report
Tue Jan 08 2013, 13:30
European network and Information Security Agency logo

DRIVE-BY EXPLOITS have become the top web security threat to worry about, according to EU cyber security group, the European Network and Information Security Agency (ENISA), which released its Cyber Threat Landscape report today.

ENISA warned that drive-by exploits - which refer to the injection of malicious code by the HTML of websites that exploit vulnerabilities in web browsers - are being increasingly used by attackers to target web browser plugins such as Java, Adobe Reader and Adobe Flash.

"The attacks are almost exclusively launched through compromised legitimate websites which are used by attackers to host malicious links and actual malicious code," ENISA said in its report. "These attacks target software residing in internet users and infects them automatically when visiting a drive-by download website, without any user interaction."

More worryingly for mobile users, ENISA used the example of how the first drive-by threat for Android was spotted in May 2012, to add further support as to why drive-by attacks are the top security threat, because, apart from PCs, drive-by attacks are now a mobile threat as well.

"Most of drive-by attacks detected originate from cyber criminals who have adopted this exploitation technique and use it widely via exploit kits, such as Blackhole22," ENISA's report noted.

ENISA's report lists the top threats and their trends, summarising over 120 threat reports from the security industry in 2011 and 2012 from networks of excellence, standardisation bodies and other independent parties.

Second place in the Cyber Threat Landscape report were worms and trojans, programs that have the ability to replicate and re-distribute themselves by exploiting vulnerabilities in their target software systems with the aim to steal user data and credentials.

ENISA said worms and trojans made it into second place due to their widespread use by cyber criminals for moneymaking.

"Trojans are the most reported type of malicious code. Although a relatively small amount of computer systems were infected by worms, massive worm epidemics observed in the past have been replaced by an increasing number of targeted trojans," ENISA's report stated.

"Trojan Autorun and Conficker worms are still two of the top threats worldwide. These two pieces of malware are more than four years old and, even though the vulnerabilities that allow them to infect systems have been addressed, they still claim victims."

ENISA maintained that social networks and mobile devices are also appealing for distribution by malware authors, for example, the Koobface23 worm that targeted and infected users of major social networking websites, as well as SMS trojans.

The third top threat found by ENISA was the increasing use of Code Injection Attacks, including attack techniques against web applications such as SQL injection, cross-site scripting, cross-site request forgery, and Remote File Inclusion.

Cyber criminals use such attacks to extract data, steal credentials, take control of the targeted webserver or promote their malicious activities by exploiting vulnerabilities of web applications.

The report found that this was the third top threat in 2011 and 2012 because the most common attack vector against web applications is SQL injection.

"SQL injection attacks are popular among hacktivist groups, such as Anonymous, hacker groups, such as LulzSec and cyber criminals, such as mass SQL Injection campaigns like LizaMoon25," ENISA's report stated.

"The most critical vulnerability for traditional and Web 2.0 applications is cross-site scripting. However, the resulting risk is lower than SQL injection since attackers do not appear to leverage them as much in money making scenarios."

ENISA added that SQL Injection is also the top attack method for entertainment, retail, technology, media and education websites.

Ranked fourth in ENISA's top security threat report were Exploit kits - known as ready to use software package to automate cybercrime - followed by Botnets, which refers to hijacked computers that are remotely controlled, in fifth place and Distributed Denial of Service attacks (DDOS) in sixth place.

Phishing, data breaches, scareware, and spam were the seventh, eighth, ninth and tenth most prominent security threats recorded, respectively, by ENISA in its report.

As a remedy for these threats, ENISA listed a number of techniques that the security industry should follow to better fight cyber threats in the digital economy. These included collecting security intelligence on incidents including starting point and target of an attack, performing a shift in security controls to accommodate emerging threat trends, and collecting and developing better evidence on the impact achieved by attackers. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Existing User
Please fill in the field below to receive your profile link.
Sign-up for the INQBot weekly newsletter
Click here
INQ Poll

Microsoft Windows 10 poll

Which feature of Windows 10 are you most excited about?