Understanding the threats we face is crucial to protecting against them. Industry research and reports are invaluable to this understanding, providing insights to inform mitigation efforts.
Few cybersecurity reports are as valuable or comprehensive as the annual ENISA Threat Landscape Report (ETL). Now in its 20th year and published by the European Union Agency for Cybersecurity (ENISA), the ETL covers data from June 2023 to July 2024, revealing the key trends shaping the cyber threat landscape in Europe and beyond.
So, without further ado, let's dive in.
Geopolitics Drives Cyber Threats
Geopolitical tumult has plagued recent years, with conflict in the Middle East, Eastern Europe, and Africa making daily news headlines. Cybercriminals thrive in chaos, and according to the ETL, the increasingly tense geopolitical landscape is driving cyber threats.
In particular, the latter part of 2023 and early part of 2024 saw a sharp increase in cyberattacks, primarily driven by geopolitical goals surrounding the conflict in Ukraine and European elections. Such events have driven a spike in hacktivist activity, whereby attackers with political goals target critical sectors, including public administration, finance, and transport.
Prime Threats Include Usual Suspects
According to the ETL, the top threats of the moment – determined by both the findings in the 2024 report and their prominence over the past few years – are:
Ransomware
Ransomware attacks have been a major threat for many years now, and they don't appear to be going away anytime soon. Throughout the ETL's reporting period, there was a significant increase in ransomware-related incidents, with numbers stabilizing at around 1000 claims per quarter in Q2 2024. They ranked as one of the two top threats.
These attacks are also growing more sophisticated. Attackers often employ double-extortion tactics, with ransomware groups like LockBit dominating the threat landscape using these methods. Moreover, ransomware groups are often motivated by disruptive and financial goals – likely for geopolitical reasons – with a rising number of attacks designed to interfere with operations rather than just to extort money.
Malware
The ETL confirms what we all already knew – malware continues evolving. Information-stealing malware strains like RedLine, Raccoon Stealer, and Vidar are on the rise, targeting credentials and cryptocurrency wallets in particular. Moreover, Malware-as-a-Service operations facilitate increased malware attacks, allowing even unsophisticated cybercriminals to launch attacks with minimal expertise.
The increased prevalence of mobile malware was another key theme of the ETL, with attackers increasingly targeting mobile devices to exploit personal data.
The ETL also notes that although law enforcement efforts have impacted curbing malware, threat actors are constantly evolving their methods – such as with fileless malware and leveraging zero-day vulnerabilities – to avoid detection and carry out their crimes.
Social Engineering
Despite widespread efforts to educate users on identifying potential social engineering scams, cybercriminals continue to favor this attack technique. The ETL identifies phishing as one of the most common initial attack vectors and notes that attackers use open-source information gathering (OSINT) to inform their efforts and personalize messages.
Perhaps unsurprisingly, the ETL also reveals that attackers use AI – particularly generative AI – to craft more convincing phishing scams. Notable examples include using FraudGPT – a tool that creates content to facilitate cyberattacks – and deepfake audio used in vishing schemes.
Threats Against Data
Threats against data continue to plague the EU, with operational and financial costs increasing significantly throughout the ETL's reporting period. ENISA argues that cloud computing is driving many of the threats to data, with data breaches involving cloud data becoming increasingly prevalent mainly due to weak configurations or shared responsibility models.
Threats Against Availability: Denial of Service
Threats against availability (DDoS and DoS) ranked alongside ransomware as one of the top threats of the ETL's reporting period. The report identifies a sharp increase in these attacks, particularly those targeting critical infrastructure organizations.
ENISA posits that "cyber warfare" tactics drive the increase in these attacks, with nation-state actors or politically motivated groups deploying them to disrupt adversary countries. Moreover, Ransom Denial of Service (RDoS), where attackers threaten to launch a DDoS attack unless a ransom is paid, increased during this period.
Information Manipulation and Interference
One of the perhaps less obvious prime threats listed in the ETL 2024 is information manipulation and interference. These threats are, again, linked to geopolitical tumult involving misinformation, disinformation, and influence operations aimed at shaping public opinion or destabilizing political entities.
One particular trend is that localized targeting, whereby threat actors tailor their campaigns to specific regions or demographics to maximize impact, is rising. Attackers are increasingly manipulating search engine results, using fake websites, and using AI to generate spoof content to blur the lines between legitimate and malicious content, giving new meaning to the era of "fake news."
What Can We Learn From the ETL?
The ETL recommends a multi-faceted approach that includes strengthening legal frameworks, enhancing law enforcement capabilities, and promoting international cooperation to combat these threats. Organizations are encouraged to adopt a proactive stance on cybersecurity, focusing on secure-by-design principles, regular vulnerability assessments, and improving user awareness about social engineering tactics.
This blog is, of course, merely a brief overview of an over 130-page document. The full report provides much more profound insights. If this blog has piqued your interest, you should check out the ETL 2024.
Editor's Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire.