ENISA, the European Network and Information Security Agency, today named drive-by exploits as the biggest, most increasing threat of the moment in the Internet landscape, amongst a sea of other all-too-familiar issues like worms, phishing and botnets. Spam, one of the oldest and most annoying aspects of being online, is the only threat that is on the wane, according to ENISA’s Threat Landscape report out today.
In a year that saw DDoS attacks from Anonymous (or those claiming to be with the group), defacements of high-profile websites, and many other security breaches, ENISA’s extensive report goes through the most common and most dangerous tactics used by malicious hackers to worm their way into your data, giving examples of how they have been used, and some suggestions for how to deal with them.
Drive-by exploits, as background, are when someone has injected malicious code into the HTML code of a website. That code in turn affects users’ browsers, plug-ins and operating systems when they visit the site, and can be used to then glean other information. The sites themselves may be unknowingly hosting the malicious code.
By nature, these are stealthy vulnerabilities, but occasionally high-profile instances of them come to light. Drive-by exploits is something that Google points out can be a reason for why it chooses occasionally to block certain sites through its browser and searches. This is something that appears to have come up the other week, when Google suddenly started blocking Twitpic and pages that pointed to it. Google never commented on the situation, but sources close to the matter tell me that the warning was not in error, and not a false positive as some guessed. Given that Twitpic was surprised by Google’s block the other week, a drive-by vulnerability, unbeknownst to Twitpic, could may well have been the reason behind it.
It’s not just websites that are feeling the affects of drive-by exploits. ENISA notes that the first drive-by for Android was discovered in May 2012, and that in fact mobile platforms (led by Android) are one of the biggest targets for these. In fact, between mobile, social technology, critical infrastructure, trust infrastructure, cloud and big data, ENISA says that trust infrastructure — “any information system that provides strong authentication and aims at establishing a trusted, secure connection between two end points” — is the only one not threatened by drive-by exploits. That would make sense since that is the only one of the group that does not involve public internet usage of any kind.
Here is Enisa’s full list top ten emerging threats, and how they are faring across all the different mediums. Under that, I’ve included a closer look at threats for mobile in particular, since it is the fastest-growing, most dynamic, and possibly least understood/controlled of all of these different areas at the moment.
The full report is an eye-watering 96 pages long and has the details for all the other categories. It’s embedded it below; for those interested in more detail, it is a great reference in that it provides extensive examples of how each of these threats has been appearing and developing over the last year. The report also offers some guidelines for how organizations and individuals can best tackle the threats.View this document on Scribd