Remember insider threat? Old news now. Focus on malware detection, says EU infosec agency

Insider threats, ransomware and cyber espionage were all in decline in the early part of 2020, according to the EU’s cybersecurity agency – though the risk of an “uncontrolled cyber arms race” among nation states is growing.

The EU Agency for Cybersecurity (known as ENISA) said in its annual report issued today that those three categories of cyber threat were in decline up until April this year when COVID-19-related lockdowns began.

Nonetheless, the agency still warned of the "continuous increasing trend in the advanced adversary capabilities of threat actors," adding: "Remarkably, the latter has come to amplify the impact of the COVID-19 pandemic in cyberspace."

Spanning the financial year 2019-20, ENISA's latest annual report found that the main trend up until spring this year was for attack vectors to be more "personalised" through the use of credential thefts, phishing, "advanced social engineering" and advanced malware obfuscation techniques.

The EU agency warned: "If cybercriminals start combining these advances with artificial intelligence and machine learning, in the future we will see an increase in successful attacks and undetectable campaigns."

It also echoed more recent warnings that nation states are seeking ever greater "cyber capabilities" amid efforts to treat the public internet as a "war domain." Only yesterday the US indicted a group of hackers from a Russian military intelligence unit, charging them with criminal offences in that country.

Over on the business-facing side of ENISA's report, the agency reckoned there was nothing new in the types of threats facing commercial enterprises: business email compromise, malware and business process compromise. It also mentioned deepfakes as a potential avenue for fraudsters to exploit, though so far there has been no evidence of deepfakes being deployed by criminals in the wild.

Of most relevance to infosec professionals was a relatively passionate call for more threat intelligence focused on "service-provisioning infrastructures and offerings", though it cited examples of these as including 5G, ICS and SCADA systems – the first of which is hardly ignored by the wider infosec industry, although it is very fair to say that ICS and SCADA systems remain woefully insecure. ENISA also called for the effective use of threat intelligence to be integrated into future certifications, though it did not go as far as announcing its own home-baked certification.

Happily, despite other sections of the report gazing at AI in horror, ENISA ran a survey during the year which found that human analysts' skills "are most important for successful implementation of cyber threat intelligence… an interesting finding regarding the level of satisfaction is the low rating given to the value of machine learning functions."

EU Agency for Cybersecurity executive director Juhan Lepassaar summed the whole thing up by saying in a canned statement: "Cyber threats are evolving and becoming increasingly complex. This is not new."

The multi-part report can be downloaded from the ENISA website. ®