ENISA, the EU Agency for Cybersecurity, has released its annual threat landscape report, covering the period July 2021-July 2022.
Cybersecurity Threat Landscape in 2022
With more than 10 terabytes of data stolen each month, ransomware is still considered a top threat in the new report, with phishing now identified as the most common initial vector of such attacks. The other threats ranked highest along with ransomware are attacks against availability, also known as Distributed Denial of Service (DDoS) attacks.
However, geopolitical situations, notably the Russian invasion of Ukraine, have changed over the reporting period for global cyber. While we’re still seeing an increase in the number of threats, we’re also seeing a broader range of vectors emerge, such as: B. Zero-day exploits and AI-powered disinformation and deepfakes. As a result, more malicious and widespread attacks with more damaging effects are emerging.
EU Cybersecurity Agency Executive Director Juhan Lepassaar said: “Today’s global context is inevitably leading to major changes in the cybersecurity threat landscape. The new paradigm is shaped by the growing spectrum of threat actors. We are entering a phase where appropriate mitigation strategies are required to protect all our critical sectors, our industrial partners and therefore all EU citizens.”
Prominent threat actors remain the same
State-sponsored cybercrime, hacker-for-hire actors, and hacktivists remain the top threat actors over the July 2021-July 2022 reporting period.
Based on the analysis of the proximity of cyber threats related to the European Union (EU), the number of incidents in the NEAR category remains high during the reporting period. This category includes affected networks, systems controlled and secured within EU borders. It also covers the affected population within the borders of the EU.
Threat analysis across sectors
The threat distribution across sectors, added last year, is an important aspect of the report as it shows the connection to the identified threats. This analysis shows that no sector is spared. It also shows that almost 50% of threats target the following categories; public administration and governments (24%), digital service providers (13%) and the general public (12%), while the other half is shared by all other economic sectors.
Top threats still hold their own
ENISA has divided threats into 8 groups. Frequency and impact determine how prominent all these threats still are.
- ransomware: 60% of affected organizations may have paid ransom demands
- malware: 66 zero-day vulnerability disclosures observed in 2021
- Social Development: Phishing is still a popular technique, but we are seeing new forms of phishing such as spear phishing, whaling, smishing and vishing
- threats to data: Increases in proportion to the total data generated
- Disinformation – Misinformation: Escalating AI-powered disinformation, deepfakes and disinformation-as-a-service
- Supply Chain Targeting: Third-party incidents account for 17% of attacks in 2021, compared to less than 1% in 2020
- Threats to Availability:
- The largest denial of service (DDoS) attack of all time was launched in Europe in July 2022
- Internet: Infrastructure destruction, outages and redirection of Internet traffic.
Contextual trends emerge
- Zero-Day Exploits are the new resource used by cunning threat actors to achieve their goals.
- A new wave of hacktivism has been observed since the Russia-Ukraine war.
- DDoS attacks are getting bigger and more complex moving towards mobile networks and Internet of Things (IoT) which are now being used in cyber warfare.
- AI-powered disinformation and deepfakes. The proliferation of bots that model personas can easily disrupt the notice-and-comment governance process and community interaction by flooding government agencies with fake content and comments.
Shifting motivation and digital impact are driving new trends
A threat impact assessment shows 5 types of impacts; Reputational damage, digital, economic, physical or social damage. However, in most incidents, the impact remains truly unknown because the victims do not disclose information or the information remains incomplete.
Main threats were analyzed in terms of motivation. The study shows that ransomware is solely motivated by financial gain. However, motivation for state-sponsored groups can be drawn from geopolitics with threats such as espionage and disruption. Ideology can also be the engine behind hacktivists’ cyber operations.