The European Agency for Cybersecurity, ENISA, releases a report each year on the state of the cybersecurity environment entitled the ENISA Threat Landscape (ETL) report.
This week, it released the 11th edition of the report mapping the key developments, threats and risks that loom large for the global cybersecurity landscape. The report is based on the analysis of events and threats between the periods of July 2022 and July 2023.
Some of the key aspects of the threat landscape that the report seeks to capture include:
The findings of the ENISA report are based on publicly available sources of information which are referenced throughout the document. The idea of releasing this report annually is to offer strategic intelligence and situational awareness to the cybersecurity community.
It also aims to empower strategic decision-makers with cohesive Open Source Intelligence to better prioritise threats and risks.
ENISA documented approximately 2,580 cyber incidents in the period between July 2022 and June 2023. Notably, this figure incorporates 220 incidents that specifically targeted two or more European Union Member States. Among the sectors most frequently targeted were public administrations, accounting for 19% of attacks, and health, with 8% of incidents.
Significantly, due to interdependencies, these attacks often triggered a cascading effect, impacting multiple sectors simultaneously. Manufacturing, transport, and finance sectors collectively accounted for 6% of all cyber incidents.
ENISA categorised threats into 8 groups and mapped their impact and frequency to study how critical each was. Below are the top cybersecurity threats as per the ETL report:
Ransomware remains a top threat, comprising 34% of all threats in the European Union, followed by Distributed Denial of Service (DDoS) attacks at 28%. Ransomware targeted various sectors, with manufacturing (14%) and health (13%) being the most affected, followed by public administration (11%) and services (9%).
DDoS attacks predominantly targeted public administration (34%), followed by the transport sector (17%) and banking/finance (9%). Threats impacting the availability of the internet primarily affected digital infrastructure (28%) and digital service providers (10%).
Supply chain attacks were identified as a substantial concern for the upcoming elections, with 21% affecting public administration and 16% affecting digital service providers. Exploitation of vulnerabilities is associated with events involving digital service providers (25%), digital infrastructures (23%), and public administration (15%).
The report provides an overview of evolving trends in threat actor activities, techniques and motivations.
State-nexus actors: The ongoing war influenced the threat landscape, leading to a rise in hacktivism and emergence of new groups. These include cybercriminals, state-nexus actors, and hacktivists, whose actions are influenced by geopolitical events. State-nexus actors have increasingly turned their attention to key personnel such as politicians, government officials, journalists, and activists. Their methods often involve traditional spear-phishing emails and social network exploitation.
Threat Actor Techniques: The report highlights a concerning trend in state-nexus actors adopting tactics typically associated with criminal campaigns, sometimes collaborating with cybercriminals. Techniques employed by state-nexus actors and cyber criminals largely included targeted malvertising leading to trojanized versions of legitimate applications. Additionally, threat actors manipulate operating system boot processes to disable security mechanisms. They also exploit configuration errors in security products to disable antivirus protection or facilitate lateral movement.
Cybercriminals are leveraging cloud infrastructure to cause harm by abusing cloud misconfigurations. This extends to both an organisation's systems, storage, and networks in the cloud and the management consoles of cloud infrastructures.
Threat Actor Motivations: The report identifies financial gain and disruption as the primary motivations behind most threats. While ransomware attacks are primarily financially motivated, they often have a disruptive effect. Disruption emerges as the second most common motive after financial gain, especially in DDoS attacks and information manipulation campaigns.
The report pays significant attention to the rising threat of Information Manipulation due to the rise in use of Artificial Intelligence tools and advances in social engineering.
30% of social engineering attacks targeted the general public, while 18% were directed at public administrations. Similarly, information manipulation campaigns were predominantly aimed at individuals (47%) and public administration (29%), with defence (9%) and media/entertainment (8%) also coming under fire.
Such information manipulation campaigns are identified as a significant threat to the electoral process and the upcoming 2024 European Union elections in particular. The report aims to highlight the immediate need for advanced vigilance against the use of AI for perpetuating misinformation.
Artificial intelligence and Large Language Models (LLMs) require advanced caution. Concerns regarding the potential misuse of technologies like deepfakes and AI-powered chatbots for social engineering attacks, phishing attempts, information manipulation, and cybercrime reached an all-time high further underscoring the critical importance of LLM data security.
Older techniques, such as search engine optimization (SEO) poisoning and malvertising, continue to be efficient and have seen a resurgence of interest among cybercriminals.
The ENISA Threat Landscape report serves as a critical tool for decision-makers, policy-makers, and security specialists in defining strategies to safeguard citizens, organisations, and cyberspace.
You can view the report here.
If the findings of the report and the marked rise in the incidence of cyber crime has you concerned for the cyber health of your business, don’t hesitate to reach out to our expert Cybersecurity Consultants.
At a fraction of the cost of hiring full-time staff or a traditional consultancy, our virtual cyber assistants can help you evaluate your current cybersecurity posture and adopt the essential next steps to improve your cyber health and cyber resilience. Give us a call today, share your concerns and learn how we can help.