“Adversaries have achieved considerable advances too. No Snowden or Heartbleed-like events have been reported. Instead, cyber-threats have undergone significant evolution and just as in 2014, significant breaches have covered front pages of media. And exactly this is an alerting fact: seemingly, cyber-threat agents have had the tranquillity and resources to implement a series of advancements in malicious practices. In particular:
- Performing persistent attacks based on hardware, far below the “radar” of available defence tools and methods.
- Achieving enhancements in the provision of “cyber-crime-as-a-service”, tool developments for non-experts and affiliate programmes.
- Highly efficient development of malware weaponization and automated tools to detect and exploit vulnerabilities.
- Campaigning with highly profitable malicious infrastructures and malware to breach data and hold end-user devices to ransom.
- Broadening of the attack surface to include routers, firmware and internet of things.”