ENISA Threat Landscape 2016

The ENISA Threat Landscape 2016 is out! This is the annual report published by ENISA that provides useful insights on the cyber threats observed during the past year. Apart from the top cyber threats, the report provides information on threat actors and major attack vectors observed. Finally, the conclusion section provides a collection of issues that will challenge the cyber-security community in the coming months/year in various degrees of intensity.

Some highlights of the report are the following ones:

  • Cyber Threat Intelligence and ETL – “Cyber Threat Intelligence: State-of-play” and the “CTI Big Picture
  • Threat Agents – “Trends” and “Top threat agents and motives
  • Conclusions – “Main cyber-issues ahead” and “Conclusions

Read below the executive summary of the report:

The ENISA Threat Landscape 2016 – the summary of the most prevalent cyber-threats – is sobering: everybody is exposed to cyber-threats, with the main motive being monetization. The year 2016 is thus characterized by “the efficiency of cyber-crime monetization”. Undoubtedly, optimization of cyber-crime turnover was THE trend observed in 2016. And, as with many of the negative aspects in cyber-space, this trend is here to stay. The development and optimization of badware towards profit will remain the main parameter for attack methods, tools and tactics. Attacks including multiple channels and various layers seem to be the “state-of-the-art” for advanced threat agents. While robust, efficiently managed flexible tools continue to be widely available, even to low capability threat agents “as-a-service”.

Fortunately, the maturity of defenders increases too. In 2016, cyber-threat prevention has:

  • Gained routine in disruptions of malicious activities through operations coordinated by law enforcement and including vendors and state actors.
  • Achieved some advantages in attribution through exploitation of weaknesses of anonymization infrastructures, tools and virtual currencies.
  • Gained valuable experience by major attacks in the area of DDoS. This will help towards future mitigation of such attacks that in the past have been considered as disastrous.
  • Cyber-security has gained in importance in the professional education and training market. It is remarkably strengthened in universities and training organisations in an attempt to cover the demand and thus counteract current and future skill shortage.

However, in cyber-space the attackers are one step ahead. The advances of defenders have been the result of superiority of attackers in:

  • Abusing unsecured components to mobilize a very large attack potential. This capacity that has been demonstrated by means of DDoS attacks by infected IoT devices.
  • Successfully launching extortion attacks that have targeted commercial organisations and have achieved very high levels of ransom and high rates of paying victims.
  • Demonstrating very big impact achieved by multi-layered attacks to affect the outcome of democratic processes at the example of the US elections.
  • Operating large malicious infrastructures that are managed efficiently and resiliently to withstand takedowns and allow for quick development and multi-tenancy.

Expectedly, all above issues can be followed by means of the assessment performed within the ENISA Threat Landscape (ETL 2016). In the following report, we give an overview of the top cyber-threats assessed in 2016. By concentrating more on the cyber-threats, ETL 2016 is more streamlined towards the details of cyber threats, while it provides information on threat agents and attack vectors.

Based on this material, we deliver our conclusions for policy makers, businesses and research. They serve as recommendations and are taken into account in the future activities of ENISA and its stakeholders. An overview of identified points is as follows:

Policy conclusions:

  • Organize multi-stakeholders debates in an attempt to establish common denominators for responsibilities, areas of concern, open issues and course of action with regard to cyber-security in general and cyber-threat intelligence in particular.
  • Based on CTI, establish/revive dialogue among all concerned parties on the balance between security, privacy and surveillance requirements, both at national and international levels. The achieved results may not worsen the exposure to related cyber-threats.
  • Develop the engagements in the areas of cyber-security education, training and awareness with regard to good practices, skill development and youth engagements. Main parameter in this engagements should be the dissemination of controls for the mitigation of cyber-threats, as indicated in the findings of this report.

Business conclusions:

  • Use CTI as an active tool to defend assets but also to assess efficiency level of protection measures in place with regard to the cotemporary cyber-threat exposure.
  • Investigate methods to communicate cyber-threat knowledge to the boardrooms and integrated CTI with existing risk management models.
  • Use CTI as a factor to reduce costs of security controls, share information on modus operandi and define active-defence methods.

Research conclusions:

  • Study the dynamics of badware and attack methods over the last years with the aim to proactively prepare for future threats. Use artificial intelligence methods to recognise/discover causal relationships among various elements of CTI.
  • Develop models for active defence, enhance CTI in to include business requirements and elaborate on asset management and security management integration.

In the last chapter, a number of important issues leading to those conclusions are mentioned; this chapter provides more elaborated conclusions. It is proposed to consider these issues and identify their relevance by reflecting them to the own situation.

The figure below summarizes the top 15 cyber-threats and threat trends in comparison to the threat landscape of 2016.


The figure below summarizes the involvement of threat agents in the top cyber-threats.


Prof. Udo Helmbrecht, Executive Director of ENISA, commented on the project: “As we speak, the cyber-threat landscape is receiving significant high-level attention: it is on the agenda of politicians in the biggest industrial countries. This is a direct consequence of ‘cyber’ becoming mainstream, in affecting people’s opinions and influencing the political environment of modern societies. Besides this, a lot of developments have taken place regarding the tools and tactics used by adversaries, making 2016 another striking sample of the dynamics of cyber-space. ETL 2016 reflects these developments, while providing strategic information about the cyber-threats and their technical evolution during 2016.”

The ETL report and related material can be found under the following links:


*In a future article, I will write down my thoughts and comments on some of the points mentioned in the ETL 2016 report.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.