With over 10 terabytes of data stolen each month, ransomware remains one of the top threats in the new report, with phishing emerging as the most common initial vector of such attacks. Other threats that rank high alongside ransomware are attacks on availability, also known as Distributed Denial of Service (DDoS) attacks.
However, geopolitical situations, particularly Russia's invasion of Ukraine, have acted as a game changer for the global cyber domain during the reporting period. While the number of threats continues to rise, we are also seeing a wider range of vectors emerge, such as zero-day exploits and AI-enabled disinformation, and deepfakes. As a result, more malicious and widespread attacks with greater destructive potential emerge.
EU Agency for Cybersecurity Executive Director, Juhan Lepassaar stated that “Today’s global context is inevitably driving major changes in the cybersecurity threat landscape. The new paradigm is shaped by the growing range of threat actors. We enter a phase which will need appropriate mitigation strategies to protect all our critical sectors, our industry partners, and therefore all EU citizens.”
During the reporting period of July 2021 to July 2022, the most prominent threat actors were state-sponsored, cybercrime, hacker-for-hire actors, and hacktivists.
Based on an analysis of the proximity of cyber threats to the European Union (EU), the number of incidents in the NEAR category has remained high over the reporting period. This category includes affected networks, systems, and networks that are controlled and ensured within EU borders. It also includes the affected population within the EU's borders.
Threat assessment across industries
The threat distribution across sectors, which was added last year, is an important aspect of the report because it contextualizes the threats identified. This analysis shows that no industry is immune. It also reveals nearly 50% of threats target the following categories; public administration and governments (24%), digital service providers (13%), and the general public (12%) while the other half is shared by all other sectors of the economy.
ENISA classified threats into eight categories. The frequency and severity of these threats determine how prominent they remain.
- Ransomware: 60% of affected organizations may have paid ransom demands
- Malware: 66 disclosures of zero-day vulnerabilities observed in 2021
- Social engineering: Phishing remains a popular technique but we see new forms of phishing arising such as spear-phishing, whaling, smashing, and vishing
- Threats against data: Increasing in proportionally to the total of data produced
- Disinformation – misinformation: Escalating AI-enabled disinformation, deepfakes, and disinformation-as-a-service
- Supply chain targeting: Third-party incidents account for 17% of the intrusions in 2021 compared to less than 1% in 2020
Emerging contextual trends:
- Cunning threat actors are turning to zero-day exploits to accomplish their goals.
- Since the Russia-Ukraine war, a new wave of hacktivism has emerged.
- DDoS attacks are becoming more sophisticated as they migrate to mobile networks and the Internet of Things (IoT), which are now being used in cyber warfare.
- Deepfakes and disinformation powered by AI By flooding government agencies with fake content and comments, the proliferation of bots modeling personas can easily disrupt the "notice-and-comment" rule-making process as well as community interaction.
- Threats against availability: The largest denial of service (DDoS) attack ever was launched in Europe in July 2022
- Internet: the destruction of infrastructure, outages, and rerouting of internet traffic.
A threat impact assessment reveals five types of impact: reputational, digital, economic, physical, and social damage. Although the impact of most incidents is unknown because victims fail to disclose information or the information is incomplete.
The motivation of the top threats was examined. According to the findings, ransomware is solely motivated by monetary gain. Geopolitics, with threats such as espionage and disruptions, can provide motivation for state-sponsored groups. Ideology may also be the driving force behind hacktivist cyber operations.