Thu. Dec 1st, 2022
    en flag
    nl flag
    et flag
    fi flag
    fr flag
    de flag
    he flag
    ja flag
    lv flag
    pl flag
    pt flag
    es flag
    uk flag

    Content Assessment: Geopolitical Shakedowns? The Annual ENISA Threat Landscape Report - 10th Edition

    Information - 95%
    Insight - 96%
    Relevance - 93%
    Objectivity - 92%
    Authority - 94%

    94%

    Excellent

    A short percentage-based assessment of the qualitative benefit of the recent post highlighting the recently published annual threat landscape report by the European Union Agency for Cybersecurity.

    Editor’s Note: The European Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe. In November of 2022, ENISA published the tenth edition of the ENISA Threat Landscape (ETL) report. The report maps the cyber threat landscape to help decision-makers, policy-makers, and security specialists define strategies to defend citizens, organizations, and cyberspace. This work is part of the EU Agency for Cybersecurity’s annual work program to provide strategic intelligence to its stakeholders. This new report may benefit cybersecurity, information governance, and legal discovery professionals operating in the eDiscovery ecosystem as they consider cyber discovery through the lens of increasing cyber threats.


    Press Announcement And Report*

    Volatile Geopolitics Shake the Trends of the 2022 Cybersecurity Threat Landscape

    With the geopolitical context giving rise to cyberwarfare and hacktivism, alarming cyber operations and malignant cyberattacks have altered the trends of the 10th edition of the Threat Landscape report released today by the European Union Agency for Cybersecurity (ENISA).

    The ENISA Threat Landscape 2022 (ETL) report is the annual report of the EU Agency for Cybersecurity on the state of the cybersecurity threat landscape. The 10th edition covers a period of reporting starting from July 2021 up to July 2022.

    With more than 10 terabytes of data stolen monthly, ransomware still fares as one of the prime threats in the new report with phishing now identified as the most common initial vector of such attacks. The other threats to rank highest along ransomware are attacks against availability also called Distributed Denial of Service (DDoS) attacks.

    However, the geopolitical situations, particularly the Russian invasion of Ukraine, have acted as a game changer over the reporting period for the global cyber domain. While we still observe an increase in the number of threats, we also see a wider range of vectors emerge, such as zero-day exploits and AI-enabled disinformation and deepfakes. As a result, more malicious and widespread attacks emerge having more damaging impact.

    EU Agency for Cybersecurity Executive Director, Juhan Lepassaar stated that “Today’s global context is inevitably driving major changes in the cybersecurity threat landscape. The new paradigm is shaped by the growing range of threat actors. We enter a phase which will need appropriate mitigation strategies to protect all our critical sectors, our industry partners and therefore all EU citizens.”

    Prominent threat actors remain the same

    State sponsored, cybercrime, hacker-for-hire actors and hacktivists remain the prominent threat actors during the reporting period of July 2021 to July 2022.

    Based on the analysis of the proximity of cyber threats in relation to the European Union (EU), the number of incidents remains high over the reporting period in the NEAR category. This category includes affected networks, systems, controlled and assured within EU borders. It also covers the affected population within the borders of the EU.

    Threat analysis across sectors

    Added last year, the threat distribution across sectors is an important aspect of the report as it gives context to the threats identified. This analysis shows that no sector is spared. It also reveals nearly 50% of threats target the following categories; public administration and governments (24%), digital service providers (13%) and the general public (12%) while the other half is shared by all other sectors of the economy.

    Top threats still standing their grounds

    ENISA sorted threats into 8 groups. Frequency and impact determine how prominent all of these threats still are.

    • Ransomware: 60% of affected organisations may have paid ransom demands
    • Malware: 66 disclosures of zero-day vulnerabilities observed in 2021
    • Social engineering: Phishing remains a popular technique but we see new forms of phishing arising such as spear-phishing, whaling, smishing and vishing
    • Threats against data: Increasing in proportionally to the total of data produced
    • Threats against availability: Largest Denial of Service (DDoS) attack ever was launched in Europe in July 2022; Internet: destruction of infrastructure, outages and rerouting of internet traffic.
    • Disinformation – misinformation: Escalating AI-enabled disinformation, deepfakes and disinformation-as-a-service
    • Supply chain targeting: Third-party incidents account for 17% of the intrusions in 2021 compared to less than 1% in 2020

    Contextual trends emerging

    • Zero-day exploits are the new resource used by cunning threat actors to achieve their goals;
    • A new wave of hacktivism has been observed since the Russia-Ukraine war.
    • DDoS attacks are getting larger and more complex moving towards mobile networks and Internet of Things (IoT) which are now being used in cyberwarfare.
    • AI-enabled disinformation and deepfakes. The proliferation of bots modelling personas can easily disrupt the “notice-and-comment” rulemaking process, as well as the community interaction, by flooding government agencies with fake contents and comments.

    Shifting motivation and digital impact are driving new trends

    An impact assessment of threats reveals 5 types of impact; damages of reputational, digital, economical, physical or social nature. Although for most incidents the impact really remains unknown because victims fail to disclose information or the information remains incomplete.

    Prime threats were analysed in terms of motivation. The study reveals that ransomware is purely motivated by financial gains. However, motivation for state sponsored groups can be drawn from geopolitics with threats such as espionage and disruptions. Ideology may also be the motor behind cyber operations by hacktivists.

    Background

    The ETL report maps the cyber threat landscape to help decision-makers, policy-makers and security specialists define strategies to defend citizens, organisations and cyberspace. This work is part of the EU Agency for Cybersecurity’s annual work programme to provide strategic intelligence to its stakeholders.

    The report’s content is gathered from open sources such as media articles, expert opinions, intelligence reports, incident analysis and security research reports; as well as through interviews with members of the ENISA Cyber Threat Landscapes Working Group (CTL working group).

    The analysis and views of the threat landscape by ENISA is meant to be industry and vendor-neutral. Information based on OSINT (Open Source Intelligence) and the work of ENISA on Situational Awareness also helped document the analysis presented in the report.

    Further Information:

    Read the original announcement.


    Complete Report: ENISA Threat Landscape 2022 (PDF) – Mouseover to Scroll

    ENISA Threat Landscape 2022

    Read the original paper.

    *Shared with permission under Creative Commons – Attribution 4.0 International (CC BY 4.0) – license.


    Additional Reading

    Source: ComplexDiscovery

     

    Have a Request?

    If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.

    ComplexDiscovery is an online publication that highlights cyber, data, and legal discovery insight and intelligence ranging from original research to aggregated news for use by cybersecurity, information governance, and eDiscovery professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding cyber, data, and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.

    ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of cyber, data, and legal discovery organizations. Focused primarily on supporting the ComplexDiscovery publication, the company is registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world. The company operates virtually worldwide to deliver marketing consulting and services.

    Beyond the Perimeter? The DoD Zero Trust Strategy and Roadmap

    Current and future cyber threats and attacks drive the need for...

    Balancing Spend and Standards? Cybersecurity Investments in the European Union

    According to EU Agency for Cybersecurity Executive Director Juhan Lepassaar, “The...

    Stricter Supervisory and Enforcement Measures? European Parliament Adopts New Cybersecurity Law

    According to European Member of Parliament (MEP) Bart Groothuis, “Ransomware and...

    Geopolitical Shakedowns? The Annual ENISA Threat Landscape Report – 10th Edition

    According to EU Agency for Cybersecurity Executive Director Juhan Lepassaar, “Today's...

    A Technology-Driven Solution? Integreon Announces New Chief Executive Officer

    Subroto’s people-first leadership style combined with his passion for leveraging technology...

    A Magnet for Revenue? Magnet Forensics Announces 2022 Third Quarter Results

    According to Adam Belsher, Magnet Forensics' CEO, "Our solutions address the...

    Progress and Opportunity? Cellebrite Announces Third Quarter 2022 Results

    “We are pleased to report a solid third quarter, delivering strong...

    Fueling Continued Growth? Renovus Capital Acquires Advisory Business from HBR Consulting

    "The legal industry remains in the early stages of digital and...

    An eDiscovery Market Size Mashup: 2022-2027 Worldwide Software and Services Overview

    From retraction to resurgence and acceleration, the worldwide market for eDiscovery...

    On the Move? 2022 eDiscovery Market Kinetics: Five Areas of Interest

    Recently ComplexDiscovery was provided an opportunity to share with the eDiscovery...

    Trusting the Process? 2021 eDiscovery Processing Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    The Year in Review? 2021 eDiscovery Review Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    Five Great Reads on Cyber, Data, and Legal Discovery for November 2022

    From cyber shakedowns and threats to the total cost of eDiscovery...

    Five Great Reads on Cyber, Data, and Legal Discovery for October 2022

    From cyber claims and data privacy to corporate litigation and the...

    Five Great Reads on Cyber, Data, and Legal Discovery for September 2022

    From privacy legislation and special masters to acquisitions and investigations, the...

    Five Great Reads on Cyber, Data, and Legal Discovery for August 2022

    From AI and Big Data challenges to intriguing financial and investment...

    Onsite or Remote? Document Reviewer Preferences Survey (Winter 2023)

    Today CompexDiscovery expands that survey portfolio by introducing a new business...

    In The House? The Fall 2022 eDiscovery Total Cost of Ownership Survey – Final Results

    Today CompexDiscovery shares the results of a new business survey focused...

    Cold Front Concerns? Eighteen Observations on eDiscovery Business Confidence in the Fall of 2022

    In the fall of 2022, 49.0% of survey respondents felt that...

    Stereotyping Data? Issues Impacting eDiscovery Business Performance: A Fall 2022 Overview

    In the fall of 2022, 28.0% of respondents viewed increasing types...

    The Arrival of General Winter? Ukraine Conflict Assessments in Maps (November 21-27, 2022)

    According to a recent update from the Institute for the Study...

    Digging Out and Digging In? Ukraine Conflict Assessments in Maps (November 14-20, 2022)

    According to a recent update from the Institute for the Study...

    A Liberating Momentum? Ukraine Conflict Assessments in Maps (November 7-13, 2022)

    According to a recent update from the Institute for the Study...

    Rhetoric or Reality? Ukraine Conflict Assessments in Maps (November 1-6, 2022)

    According to a recent update from the Institute for the Study...