How geopolitical turmoil changed the cybersecurity threat landscape
ENISA, EU’s Agency for Cybersecurity, released its annual Threat Landscape report, covering the period from July 2021 up to July 2022.
Cybersecurity threat landscape in 2022
With more than 10 terabytes of data stolen monthly, ransomware still fares as one of the prime threats in the new report with phishing now identified as the most common initial vector of such attacks. The other threats to rank highest along ransomware are attacks against availability also called Distributed Denial of Service (DDoS) attacks.
However, the geopolitical situations particularly the Russian invasion of Ukraine have acted as a game changer over the reporting period for the global cyber domain. While we still observe an increase of the number of threats, we also see a wider range of vectors emerge such as zero-day exploits and AI-enabled disinformation and deepfakes. As a result, more malicious and widespread attacks emerge having more damaging impact.
EU Agency for Cybersecurity Executive Director, Juhan Lepassaar stated that “Today’s global context is inevitably driving major changes in the cybersecurity threat landscape. The new paradigm is shaped by the growing range of threat actors. We enter a phase which will need appropriate mitigation strategies to protect all our critical sectors, our industry partners and therefore all EU citizens.”
Prominent threat actors remain the same
State sponsored, cybercrime, hacker-for-hire actors and hacktivists remain the prominent threat actors during the reporting period of July 2021 to July 2022.
Based on the analysis of the proximity of cyber threats in relation to the European Union (EU), the number of incidents remains high over the reporting period in the NEAR category. This category includes affected networks, systems, controlled and assured within EU borders. It also covers the affected population within the borders of the EU.
Threat analysis across sectors
Added last year, the threat distribution across sectors is an important aspect of the report as it gives context to the threats identified. This analysis shows that no sector is spared. It also reveals nearly 50% of threats target the following categories; public administration and governments (24%), digital service providers (13%) and the general public (12%) while the other half is shared by all other sectors of the economy.
Top threats still standing their grounds
ENISA sorted threats into 8 groups. Frequency and impact determine how prominent all of these threats still are.
- Ransomware: 60% of affected organizations may have paid ransom demands
- Malware: 66 disclosures of zero-day vulnerabilities observed in 2021
- Social engineering: Phishing remains a popular technique but we see new forms of phishing arising such as spear-phishing, whaling, smishing and vishing
- Threats against data: Increasing in proportionally to the total of data produced
- Disinformation – misinformation: Escalating AI-enabled disinformation, deepfakes and disinformation-as-a-service
- Supply chain targeting: Third-party incidents account for 17% of the intrusions in 2021 compared to less than 1% in 2020
- Threats against availability:
- Largest denial of service (DDoS) attack ever was launched in Europe in July 2022
- Internet: destruction of infrastructure, outages and rerouting of internet traffic.
Contextual trends emerging
- Zero-day exploits are the new resource used by cunning threat actors to achieve their goals.
- A new wave of hacktivism has been observed since the Russia-Ukraine war.
- DDoS attacks are getting larger and more complex moving towards mobile networks and Internet of Things (IoT) which are now being used in cyberwarfare.
- AI-enabled disinformation and deepfakes. The proliferation of bots modelling personas can easily disrupt the “notice-and-comment” rule-making process, as well as the community interaction, by flooding government agencies with fake contents and comments.
Shifting motivation and digital impact are driving new trends
An impact assessment of threats reveals 5 types of impact; damages of reputational, digital, economical, physical or social nature. Although for most incidents the impact really remains unknown because victims fail to disclose information or the information remains incomplete.
Prime threats were analysed in terms of motivation. The study reveals that ransomware is purely motivated by financial gains. However, motivation for state sponsored groups can be drawn from geopolitics with threats such as espionage and disruptions. Ideology may also be the motor behind cyber operations by hacktivists.