Top Takeaways From the ENISA Threat Landscape Report
The European Union Agency for Cybersecurity (ENISA) has released the 10th edition of its Threat Landscape Report detailing the top threats and trends observed in Europe between July 2021 and July 2022.
In this blog, we discuss the key cybersecurity trends from the report including the primary threats to organisations and the steps to take to mitigate against them.
Key Cybersecurity Trends
Overall, the report saw a reduction in the number of incidents compared to the previous year. This is partially due to the ongoing handling of the incidents and the open-source information collected by ENISA.
The main threat actors remain the same as the year prior which include state-sponsored, cyber-criminal gangs, hackers-for-hire and hacktivists.
The list below summarises the main trends identified between July 2021 and July 2022:
- Ransomware and threats against availability are the top threats reported.
- Zero-day exploits have been used by malicious actors to achieve their overall goals.
- The most common attack vector is phishing attacks. The increase in attacks is mainly due to advances in attack sophistication, targeted context-based attacks and user fatigue.
- Malware attacks are on the rise again after a decrease in attacks linked to the Covid-19 pandemic.
- DDoS attacks are getting larger and more complex as they are now moving towards mobile networks and IoT in cyber warfare.
- Data compromise is on the increase year on year.
- Extortion techniques are evolving further with the popular use of leak sites.
- The hacker-as-a-service business model has begun to increase in traction.
- Geopolitics continues to have a substantial impact on cyber operations.
- Ransomware groups have been ‘retiring’ and rebranding to avoid law enforcement and sanctions.
Prime Cybersecurity Threats to Organisations
The report recorded several main threats to organisations over the reporting period due to their popularity and the threat impact they had.
Ransomware was once again recorded as the top threat to businesses, with several high-profile and highly publicised incidents occurring throughout the year and more than 10TB of data stolen monthly.
The top ransomware strains used during the Ransomware as a service (RaaS) and extortion attacks include LockBit, Conti and ALPHV (BlackCat). These accounted for more than half of the ransomware victims over the year.
Malware is a fundamental part of malicious actors gaining and maintaining control of an organisation's assets, evading and deceiving defences and carrying out actions after a system or network is compromised. Due to this, a large number of malware incidents were recorded by ENISA.
The main reason behind the increase in attacks was the result of crypto-jacking and IoT (Internet of Things) malware.
The type of malware used depends entirely on the goals of the malicious actor. Typical malware exploits can range from gaining control over networks, systems or data so they are unavailable for access by the compromised business.
3. Supply Chain Attacks
A supply chain attack targets the relationship between organisations and their suppliers.
ENISA has defined a supply chain attack in this instance as a combination of at least two attacks. The first attack specifically targets a supplier to gain access to its assets. This attack then follows on to either target the final customer or another supplier.
Overall, between 39% and 62% of organisations were affected by a third-party cyber security incident. In comparison to 2020 when 1% of attacks were from supply chain attacks, these attacks accounted for 17% of the total in 2021.
The number of supply chain attacks is expected to continue to increase with the growing complexity of organisations' supply chains and the increase in dependency on third parties.
4. Social Engineering
Social engineering encompasses a broad range of activities that attempt to exploit human behaviour to gain access to information or services. This can include phishing, spearphishing, whaling, phishing, smishing, vishing, BEC (business email compromise), fraud and impersonation.
According to the Verizon Data Breach Investigations Report, approximately 82% of breaches involve a human element and no less than 60% of the breaches in Europe, the Middle East and Africa include a social engineering component.
Phishing attacks are the most common social engineering vector. This includes attacks carried out in high volumes which target a broad audience and custom campaigns targeted at specific employees.
5. Threats Against Data
Threats against data include a collection of threats that target data sources intending to gain unauthorised access and disclosure, as well as manipulating data to interfere with the behaviour of an organisation's systems.
The threats are mainly classified as data breaches or data leaks, 80% of which come from outside the targeted organisations and 20% from inside. From this, 90% of these attacks are motivated by financial gain and 10% are due to espionage.
6. Threats Against Availability - DDoS Attacks
Distributed Denial of Service (DDoS) is one of the most critical threats to an organisation's IT systems. The attack targets the system's availability by exhausting its resources, causing a decrease in performance, loss of data and service outages.
The number of DDoS attacks recorded has risen, with the largest ever recorded attack launched in Europe in July 2022.
During the reporting period, Cloudflare recorded one of the largest HTTP attacks targeting a customer in the financial services industry. The attack peaked at 17.2 million rps (requests per second).
DDoS attacks are increasingly moving towards mobile networks and IoT over the past number of years. This is because IoT devices have limited resources which often results in poor cybersecurity protection, while mobile devices are increasing in complexity making the user's shortage in cybersecurity skills increasingly relevant.
7. Disinformation and Misinformation
Disinformation and misinformation campaigns are still on the rise. This is spurred by the increase in the use of social and online media. As the nature of social and online media sites is to attract and generate traffic the information that produces more viewers is usually the one promoted and sometimes without being validated.
How to Mitigate Against Cyber Threats to Your Organisation
Develop a Cybersecurity Strategy
With malicious actors becoming increasingly aggressive and innovative in their attack methods, it is now more critical than ever for organisations to become more proactive in their cybersecurity strategy and increase their overall cybersecurity stance.
To do this, we recommend developing a comprehensive cybersecurity strategy. The strategy is a detailed plan that can help your business reduce the likelihood and impact of cyber-related risks and threats, enabling you to manage cyber attacks and effectively respond to them.
Our blog ‘5 practical cybersecurity tips for SMEs’ is a great starting point in helping organisations increase their cybersecurity posture and enable you to work towards creating an actionable and comprehensive cybersecurity strategy.
Get Our Expert Help
Identifying your cyber security vulnerabilities can be a difficult task to complete without an expert's eye. At Secora Consulting, we offer Configuration Reviews, Vulnerability Assessments and IT Health Checks that can identify vulnerabilities within your business's IT assets to help protect you from unauthorised access and breaches.
We also offer tailored simulated phishing exercises to determine how effectively your organisation can identify and defend against incoming phishing attacks.
If you’re interested in this - or any of our other bespoke cyber security assessments, get in touch.
All of Secora Consulting's assessments are tailored to our client's needs.
Using our experience, we can help you determine which services are right for you.