The European Union Agency for Cybersecurity, ENISA, has published its 10th annual report on the state of the cybersecurity threat landscape. The report covers the period of April 2021 to July 2022.
The report identifies prime threats, major trends observed with respect to threats, threat actors and attack techniques, and also describes relevant mitigation measures.
Top threats
- Ransomware:
- 60% of affected organisations may have paid ransom demands
- Malware:
- 66 disclosures of zero-day vulnerabilities observed in 2021
- Social engineering:
- Phishing remains a popular technique but we see new forms of phishing arising such as spear-phishing, whaling, smishing and vishing
- Threats against data:
- Increasing in proportionally to the total of data produced
- Threats against availability:
- Largest Denial of Service (DDoS) attack ever was launched in Europe in July 2022;
- Internet: destruction of infrastructure, outages and rerouting of internet traffic.
- Disinformation – misinformation:
- Escalating AI-enabled disinformation, deepfakes and disinformation-as-a-service
- Supply chain targeting:
- Third-party incidents account for 17% of the intrusions in 2021 compared to less than 1% in 2020
Main trends
Zero-day exploits are the new resource used by cunning threat actors to achieve their goals;
A new wave of hacktivism has been observed since the Russia-Ukraine war.
DDoS attacks are getting larger and more complex moving towards mobile networks and Internet of Things (IoT) which are now being used in cyberwarfare.
AI-enabled disinformation and deepfakes. The proliferation of bots modelling personas can easily disrupt the “notice-and-comment” rulemaking process, as well as the community interaction, by flooding government agencies with fake contents and comments.
Read more about it here.