《ENISA:2030年網絡安全領域的潛在威脅預測報告(英文版)(20頁).pdf》由會員分享,可在線閱讀,更多相關《ENISA:2030年網絡安全領域的潛在威脅預測報告(英文版)(20頁).pdf(20頁珍藏版)》請在三個皮匠報告上搜索。
1、FORESIGHT 2030 THREATSFORESIGHT 2030 THREATS1EXECUTIVE DIRECTOR FOREWORDReference to the report page:www.enisa.europa.eu/publications/enisa-foresight-cybersecurity-threats-for-2030The cybersecurity threat landscape is a complex ecosystem of threats,threats actors and attack techniques that are also
2、subject to the influence of world events such as pandemics and geopolitics.The best knowledge,and tools we have at hand today to reduce the impact of cyber threats might not fit tomorrows threat landscape.Can we foresee the full extent of the potential use or abuse of our current technological devel
3、opments?Even if we still cannot predict the future,we have the duty to anticipate emerging trends and patterns.In 2021,ENISA developed acybersecurity foresight methodological frameworkgrounded in foresight research and future studies.The framework was first used in 2022 to devise future scenarios an
4、d identifythreats and challenges likely to emerge by 2030.This methodology was produced in cooperation with the wider cybersecurity community.This booklet summarises upcoming challenges and provides for an assessment of the risks.We are now ready to design the cyber secure future ahead of us.Juhan L
5、epassaarExecutive Director2POTENTIAL THREAT ACTORS State-sponsored groups,criminal organisationsPOTENTIAL METHODS Sabotage,theft,network reconnaissance,malicious code,abuse of information leakagePOTENTIAL IMPACTS Disruption,malfunction,data loss,data leakageSUPPLY CHAIN COMPROMISE OF SOFTWARE DEPEND
6、ENCIES1More integrated components and services from third party suppliers and partners could lead to novel and unforeseen vulnerabilities with compromises on the supplier and customer side.?WHAT IFState-sponsored actors insert abackdoor in awell-known and popular open-source library on online code r
7、epository.They use this to infiltrate information from most major European corporations and use the information to blackmail leaders,espionage,or otherwise initiate disruptions across the EU.FORESIGHT 2030 THREATS3POTENTIAL THREAT ACTORS State-sponsored groups,criminal organisations,hackitvistsPOTEN
8、TIAL METHODS Fraud,unauthorised access,session hijacking,identity theft,abuse of personal dataPOTENTIAL IMPACTS Distrust,disinformation,financial damage,foreign information manipulation and interference(FIMI)ADVANCED DISINFORMATION CAMPAIGNS 2Deepfake attacks can manipulate communities for(geo)polit
9、ical reasons and for monetary gain.?WHAT IFAstate-sponsored actor may impersonate apolitical rival by using deepfakes and spoofing the candidatesdigital identity,significantly impacting election results.4POTENTIAL THREAT ACTORS State-sponsored groups,criminal organisationsPOTENTIAL METHODS Man in th
10、e middle,malicious software,use of rogue certificates,abuse of personal dataPOTENTIAL IMPACTS Privacy breaches,human rights abusesRISE OF DIGITAL SURVEILLANCE AUTHORITARIANISM/LOSS OF PRIVACY3Facial recognition,digital surveillance on internet platforms or digital identities data stores may become a
11、target for criminal groups.?WHAT IFAn authoritarian regime uses their power to retrieve databases of information about individuals who have visited their country,from both public and private entities.They track all those who participated in anti-government protests,put them on awatch list,and subseq
12、uently are able to manipulate those individuals access to national services like voting,visits to their healthcare providers,or access to other online services.FORESIGHT 2030 THREATS5POTENTIAL THREAT ACTORS State-sponsored groups,cyber criminals,hacktivistsPOTENTIAL METHODS Tampering,failure of comm
13、unication links,denial of service,malicious activity,manipulation of information,targeted attacks,brute force,unauthorised physical accessPOTENTIAL IMPACTS Malfunction,failures and outages,physical damageHUMAN ERROR AND EXPLOITED LEGACY SYSTEMS WITHIN CYBER-PHYSICAL ECOSYSTEMS 4The fast adoption of
14、IoT,the need to retrofit legacy systems and the ongoing skill shortage could lead to alack of knowledge,training and understanding of the cyber-physical ecosystem,which can lead to security issues.?WHAT IFManuals for all legacy OT equipment are available online and studied primarily by state-sponsor
15、ed groups.Once avulnerability is found,they target user devices or other IoT products used at the plant.Cyber criminals begin anew form of ransomware in which they bring down important infrastructure and demand payment,given that the operator likely lacks the resources to solve the issue themselves.
16、6POTENTIAL THREAT ACTORS Cybercrime actors,hackers-for-hirePOTENTIAL METHODS Denial of service,interception of information,social engineering,unauthorised activities,data breachPOTENTIAL IMPACTS Financial damage,privacy breachesTARGETED ATTACKS(E.G.RANSOMWARE)ENHANCED BY SMART DEVICE DATA 5Through d
17、ata obtained from internet-connected smart devices,attackers can access information for tailored and more sophisticated attacks.?WHAT IFCybercriminals may use the increased amount of available data from smart devices and analyse it with AI to create behavioral models of their victims for spear phish
18、ing campaigns or stalking.FORESIGHT 2030 THREATS7POTENTIAL THREAT ACTORS State-sponsored actors,cybercrime actors,hackers-for-hirePOTENTIAL METHODS Unauthorised use of IPR protected resources,targeted attacks,fraud,sabotage,information leakage,session hijacking,malicious softwarePOTENTIAL IMPACTS Da
19、mage,outages,malfunctionsLACK OF ANALYSIS AND CONTROL OF SPACE-BASED INFRASTRUCTURE AND OBJECTS 6Due to the intersections between private and public infrastructure in space,the security of these new infrastructures and technologies need to be investigated as alack of understanding,analysis and contr
20、ol of space-based infrastructure can make it vulnerable to attacks and outages.?WHAT IFState-sponsored attackers access space infrastructure,build up their capabilities and knowledge of the technology,and secure their presence to execute attacks.Their aim may be to create infrastructure malfunctions
21、 as astatecraft tool to sabotage other governments or commercial space operations and systems during geopolitical conflicts.8POTENTIAL THREAT ACTORS State-sponsored actors,hackers-for-hire,cyber criminalsPOTENTIAL METHODS Unauthorised access,social engineering,abuse of personal data,remote command e
22、xecution,malicious activityPOTENTIAL IMPACTS Privacy breaches,outages,failures/malfunctionsRISE OF ADVANCED HYBRID THREATS7Physical or offline attacks are evolving and becoming often combined with cyberattacks due to the increase of smart devices,cloud usage,online identities and social platforms.?W
23、HAT IFHackers are hired by acorporation to investigate the new technology being developed by acompetitor.In their quest,they are able to retrieve metadata,view code,and set up amachine learning algorithm that continuously collects changes to the code and then continuously accesses user account to pr
24、event monitoring systems from recognising that the attacker is in the network.In parallel they obfuscate the activity by spreading fake news about insider trading and industrial espionage from athird competitor by dropping fake evidence of physical intrusion.FORESIGHT 2030 THREATS9POTENTIAL THREAT A
25、CTORS Cybercrime actors,hackers-for-hire,state-sponsored actorsPOTENTIAL METHODS Spear phishing attacks,social engineeringPOTENTIAL IMPACTS Financial damage,outagesSKILL SHORTAGES 8Lack of capacities and competencies could see cybercriminal groups target organisations with the largest skills gap and
26、 the least maturity.?WHAT IFThe skill shortage leads to an increase of online job advertisements that tell attackers the technologies that each organisation is using and the approximate number of empty positions.Astate-sponsored actor may use this to their advantage as apart of alarger campaign to t
27、amper with critical infrastructure in another country.10POTENTIAL THREAT ACTORS State-sponsored actors,hackers-for-hirePOTENTIAL METHODS Fraud,theft,corruption,terrorist attack,network traffic manipulation,manipulation of hardware or software,abuse of authorisationsPOTENTIAL IMPACTS Outages,damage/l
28、oss,unavailable critical infrastructureCROSS-BORDER ICT SERVICE PROVIDERS AS ASINGLE POINT OF FAILURE 9ICT sector connecting critical services such as transport,electric grids and industry that provide services across borders are likely be to targeted by techniques such as backdoors,physical manipul
29、ation,and denials of service and weaponised during afuture potential conflict.?WHAT IFAstate-sponsored actor aims to temporarily cripple aregion during an active conflict by installing malware that disrupts all critical functions of the ICT provider.Without operational cities,roadways,and communicat
30、ion channels,the region is essentially crippled without the ability for civilians to go about their daily lives and the responsible parties limited in their ability to maintain defense monitoring systems and to collaborate to develop response options and methods for bringing the necessary systems ba
31、ck online.FORESIGHT 2030 THREATS11POTENTIAL THREAT ACTORS State-sponsored actors,cyber criminals,hackers-for-hirePOTENTIAL METHODS Spoofing,denial of service,malicious code,unauthorised access,targeted attacks,misuse of information,man in the middle attackPOTENTIAL IMPACTS Biased decision-making,pri
32、vacy violations,foreign information manipulation and interference(FIMI)ARTIFICIAL INTELLIGENCE ABUSE10Manipulation of AI algorithms and training data can be used to enhance nefarious activities such as the creation of disinformation and fake content,bias exploitation,collecting biometrics and other
33、sensitive data,military robots and data poisoning.?WHAT IFAstate-sponsored actor wants to sow discord in apopulation before an election and manipulates the learning data of alaw enforcement algorithm to target specific populations,causing widespread protests and violence.They are also able to deduct
34、 information about the political opponents themselves by using an AI analysis of the individuals whereabouts,health history,and voting history the correlation of such personal data will likely only be feasible with the use of AI tools.122030 TOP THREATS CONTINUEDINCREASED DIGITAL CURRENCY-ENABLED CY
35、BERCRIMEBy 2030,digital currency-enabled cybercrime will increase rapidly.Cryptocurrencies,and the broad market adoption of them,already have enabled organised crime to expand their reach.Because digital currencies will be very commonly used as an investment asset and means of payment in European ma
36、rkets,organised crime may be able to expand their targets.This means that cybercrime groups offering professional services(cyber-attacks)will be better funded because of an increase in the efficiency and effectiveness of their efforts.EXPLOITATION OF E-HEALTH(AND GENETIC)DATAThe amount of genetic an
37、d health data increases tremendously by 2030 and is in the hands of many stakeholders in the public and private sectors.Vulnerabilities in e-health devices and databases containing very sensitive and/or genetic information may be exploited or used by criminals to target individuals or by governments
38、 to control populations,e.g.,using diseases and genetic diversity as areason for discriminating against individuals.Genetic data may further be abused to aid law enforcement activities like predictive policing or to support amore regimented social credit system.1112FORESIGHT 2030 THREATS13TAMPERING
39、WITH DEEPFAKE VERIFICATION SOFTWARE SUPPLY CHAINBy 2030,deepfake technology will be widely used.It may be used as a form of harassment,evidence tampering,and provoking social unrest.Although there will likely be a rapid influx of verification software that analyses videos and voice to verify the ide
40、ntity of individuals,the urgent market demand leads to programmers cutting corners.This software will be highly targeted by anyone wishing to use deepfakes for illegal or unethical purposes.ATTACKS USING QUANTUM COMPUTINGIn 2030 quantum computing resources will be made more widely available,allowing
41、 threat actors to use quantum computing to attack existing deployments of public key cryptography.Likewise,there is a risk that threat actors collect sensitive encrypted data now,aiming to decrypt it once quantum computing is accessible.This is especially relevant for current digital IDs that use as
42、ymmetric cryptography to authenticate.131414EXPLOITATION OF UNPATCHED AND OUT-OF-DATE SYSTEMS WITHIN THE OVERWHELMED CROSS-SECTOR TECH ECOSYSTEM Everything-as-a-service leads to a multitude of tools and services that require frequent updates and maintenance by both consumers and providers.This combi
43、ned with the skill shortage presents a difficult to manage surface of vulnerabilities that can be exploited by threat actors.Furthermore,the complexity of the supply chain fosters confusion on where responsibilities for security lie.For governments,this creates more backdoors for espionage while cyb
44、er-criminals can exploit the unpatched and outdated services for financial gains.This is especially true when critical infrastructure is in the hands of the private sector or when national security data is reliant on singular private entities.AI DISRUPTING/ENHANCING CYBER ATTACKSEscalation as a resu
45、lt of AI-based tools.Attackers will use AI-based technologies to launch attacks.In order to defend against those attacks and even to launch counter measures,there must also be defensive AI-based weapons.Behaviour of the AI in these cases is difficult to test,measure and control if speed of response
46、is valued.1516FORESIGHT 2030 THREATS15MALWARE INSERTION TO DISRUPT FOOD PRODUCTION SUPPLY CHAINEDue to increased automatisation and digitalization of food production,food supply chains can be disrupted by a range of threat actors with medium-high resources.Denial of service attacks on packaging plan
47、ts,for example,can prevent continued food operations;processed food manufacturing tools may be manipulated to change the compounds in the food itself.Attacks like these can lead to a food shortage,economic disruptions,and in the worst case,poisoning.TECHNOLOGICAL INCOMPATIBILITY OF BLOCKCHAIN TECHNO
48、LOGIESUntil 2030,several regionally based blockchain technologies are created by different groups of governments to create an international gold standard.This is driven by a societal lack of trust in blockchain that has accumulated over the last years.Each technology group aims to gain a competitive
49、 advantage.This gives rise to a period of technological incompatibility of blockchain technology which leads to failures,malfunctions,data loss and the exploitation of vulnerabilities at the interfaces of the different blockchains.This creates challenges for ecosystem management and data protection,
50、furthers distrust,and negatively affects trade and GDP growth.171816DISRUPTIONS IN PUBLIC BLOCKCHAINSBlockchain has been implemented in nearly all aspects of society in 2030.Unfortunately,security expertise in the area of blockchain did not advance significantly,creating a slew of vulnerabilities th
51、at may be exploited in the future.Locally unavailable blockchain technology will,for example,prevent access to voting,legal transactions,and even security systems.Another possible attack vector is exploited by partitioning the bitcoin network by hijacking IP address prefixes.This can cause,for examp
52、le,duplicated spending and thus economic damage.PHYSICAL IMPACT OF NATURAL/ENVIRONMENTAL DISRUPTIONS ON CRITICAL DIGITAL INFRASTRUCTUREThe increased severity and frequency of environmental disasters causes several regional outages.Redundant back-up sites that maintain the availability of critical in
53、frastructure will also be affected.MANIPULATION OF SYSTEMS NECESSARY FOR EMERGENCY RESPONSEManipulation of sensors with connections to emergency services may overload services like ambulances,police,firefighters,etc.For example,call centres may be overloaded with inauthentic calls or fire alarms may
54、 be manipulated to injure specific individuals or to obscure emergency response teams ability to locate the issue.Similarly,mass panics that overload emergency systems may also be provoked through the use of social media.192021https:/www.enisa.europa.eu/topics/foresightENISAEuropean Union Agency for
55、 CybersecurityAthens Offi ceAgamemnonos 14Chalandri 15231,Attiki,GreeceHeraklion Offi ce95 Nikolaou Plastira700 13 Vassilika Vouton,Heraklion,GreeceBrussels Offi ceRue de la Loi 1071049 Brussels,Belgiumenisa.europa.euABOUT ENISA The European Union Agency for Cybersecurity,ENISA,is the Unions agency
56、dedicated to achieving a high common level of cybersecurity across Europe.Established in 2004 and strengthened by the EU Cybersecurity Act,the European Union Agency for Cybersecurity contributes to EU cyber policy,enhances the trustworthiness of ICT products,services and processes with cybersecurity
57、 certifi cation schemes,cooperates with Member States and EU bodies,and helps Europe prepare for the cyber challenges of tomorrow.Through knowledge sharing,capacity building and awareness raising,the Agency works together with its key stakeholders to strengthen trust in the connected economy,to boost resilience of the Unions infrastructure and,ultimately,to keep Europes society and citizens digitally secure.More information about ENISA and its work can be found here:www.enisa.europa.eu.