The 10th ENISA Threat Landscape
I’m proud to announce the release of the 10th edition of the ENISA Threat Landscape (ETL) on the state of the cybersecurity threat landscape.
The Europen Agency for cybersecurity ENISA releases its ENISA Threat Landscape 2022 (ETL) report, which is the annual analysis of the state of the cybersecurity threat landscape.
This is the 10th edition of the annual report and analyzes events that took place between July 2021 and July 2022.
The report highlights the impact of the geopolitical context on thethreat landscape, during the above period ENISA experts observed the rise in malicious activities associated with cyberwarfare and hacktivism.
The geopolitical situations, particularly the ongoing Russian invasion of Ukraine, caused a significant increase in the number of state-sponsored attacks with cyberespionage, sabotage, and misinformation purposes. Another alarming trend that emerged from the report is the increase in the number of threats, the experts observed a proliferation of zero-day exploits and AI-enabled disinformation and deepfakes.
Ransomware continues to be one of the most dangerous threats for organizations worldwide, more than 10 terabytes of data are stolen monthly. According to the report, phishing campaigns are not identified as the most common initial vector of such ransomware attacks.
Below is the list of the top threats during the reporting period of the ETL 2022:
60% of affected organisations may have paid ransom demands
66 disclosures of zero-day vulnerabilities observed in 2021
Phishing remains a popular technique but we see new forms of phishing arising such as spear-phishing, whaling, smishing and vishing
Threats against data:
Increasing in proportionally to the total of data produced
Threats against availability:
Largest Denial of Service (DDoS) attack ever was launched in Europe in July 2022;
Internet: destruction of infrastructure, outages and rerouting of internet traffic.
Disinformation – misinformation:
Escalating AI-enabled disinformation, deepfakes and disinformation-as-a-service
Supply chain targeting:
Third-party incidents account for 17% of the intrusions in 2021 compared to less than 1% in 2020
“Today’s global context is inevitably driving major changes in the cybersecurity threat landscape. The new paradigm is shaped by the growing range of threat actors. We enter a phase which will need appropriate mitigation strategies to protect all our critical sectors, our industry partners and therefore all EU citizens.” said EU Agency for Cybersecurity Executive Director, Juhan Lepassaar.
For each of the identified threats, the report proposed attack techniques, notable incidents and trends, the document also includes mitigation measures.
Below are the categories of threat actors analyzed in the report:
- State-sponsored actors
- Cybercrime actors
- Hacker-for-hire actors
The ENISA Threat Landscape 2022 includes an impact assessment of cyber threats that reveals 5 types of impact:
- damages of reputational
- social nature.
“The ETL report maps the cyber threat landscape to help decision-makers, policy-makers and security specialists define strategies to defend citizens, organisations and cyberspace. This work is part of the EU Agency for Cybersecurity’s annual work programme to provide strategic intelligence to its stakeholders.” states the announcement. “The report’s content is gathered from open sources such as media articles, expert opinions, intelligence reports, incident analysis and security research reports; as well as through interviews with members of the ENISA Cyber Threat Landscapes Working Group (CTL working group).”
The post The 10th edition of the ENISA Threat Landscape (ETL) report is out! appeared first on Security Affairs.