Content Assessment: Geopolitical Shakedowns? The Annual ENISA Threat Landscape Report - 10th Edition
Information - 95%
Insight - 96%
Relevance - 93%
Objectivity - 92%
Authority - 94%
A short percentage-based assessment of the qualitative benefit of the recent post highlighting the recently published annual threat landscape report by the European Union Agency for Cybersecurity.
Editor’s Note: The European Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe. In November of 2022, ENISA published the tenth edition of the ENISA Threat Landscape (ETL) report. The report maps the cyber threat landscape to help decision-makers, policy-makers, and security specialists define strategies to defend citizens, organizations, and cyberspace. This work is part of the EU Agency for Cybersecurity’s annual work program to provide strategic intelligence to its stakeholders. This new report may benefit cybersecurity, information governance, and legal discovery professionals operating in the eDiscovery ecosystem as they consider cyber discovery through the lens of increasing cyber threats.
Press Announcement And Report*
Volatile Geopolitics Shake the Trends of the 2022 Cybersecurity Threat Landscape
With the geopolitical context giving rise to cyberwarfare and hacktivism, alarming cyber operations and malignant cyberattacks have altered the trends of the 10th edition of the Threat Landscape report released today by the European Union Agency for Cybersecurity (ENISA).
The ENISA Threat Landscape 2022 (ETL) report is the annual report of the EU Agency for Cybersecurity on the state of the cybersecurity threat landscape. The 10th edition covers a period of reporting starting from July 2021 up to July 2022.
With more than 10 terabytes of data stolen monthly, ransomware still fares as one of the prime threats in the new report with phishing now identified as the most common initial vector of such attacks. The other threats to rank highest along ransomware are attacks against availability also called Distributed Denial of Service (DDoS) attacks.
However, the geopolitical situations, particularly the Russian invasion of Ukraine, have acted as a game changer over the reporting period for the global cyber domain. While we still observe an increase in the number of threats, we also see a wider range of vectors emerge, such as zero-day exploits and AI-enabled disinformation and deepfakes. As a result, more malicious and widespread attacks emerge having more damaging impact.
EU Agency for Cybersecurity Executive Director, Juhan Lepassaar stated that “Today’s global context is inevitably driving major changes in the cybersecurity threat landscape. The new paradigm is shaped by the growing range of threat actors. We enter a phase which will need appropriate mitigation strategies to protect all our critical sectors, our industry partners and therefore all EU citizens.”
Prominent threat actors remain the same
State sponsored, cybercrime, hacker-for-hire actors and hacktivists remain the prominent threat actors during the reporting period of July 2021 to July 2022.
Based on the analysis of the proximity of cyber threats in relation to the European Union (EU), the number of incidents remains high over the reporting period in the NEAR category. This category includes affected networks, systems, controlled and assured within EU borders. It also covers the affected population within the borders of the EU.
Threat analysis across sectors
Added last year, the threat distribution across sectors is an important aspect of the report as it gives context to the threats identified. This analysis shows that no sector is spared. It also reveals nearly 50% of threats target the following categories; public administration and governments (24%), digital service providers (13%) and the general public (12%) while the other half is shared by all other sectors of the economy.
Top threats still standing their grounds
ENISA sorted threats into 8 groups. Frequency and impact determine how prominent all of these threats still are.
- Ransomware: 60% of affected organisations may have paid ransom demands
- Malware: 66 disclosures of zero-day vulnerabilities observed in 2021
- Social engineering: Phishing remains a popular technique but we see new forms of phishing arising such as spear-phishing, whaling, smishing and vishing
- Threats against data: Increasing in proportionally to the total of data produced
- Threats against availability: Largest Denial of Service (DDoS) attack ever was launched in Europe in July 2022; Internet: destruction of infrastructure, outages and rerouting of internet traffic.
- Disinformation – misinformation: Escalating AI-enabled disinformation, deepfakes and disinformation-as-a-service
- Supply chain targeting: Third-party incidents account for 17% of the intrusions in 2021 compared to less than 1% in 2020
Contextual trends emerging
- Zero-day exploits are the new resource used by cunning threat actors to achieve their goals;
- A new wave of hacktivism has been observed since the Russia-Ukraine war.
- DDoS attacks are getting larger and more complex moving towards mobile networks and Internet of Things (IoT) which are now being used in cyberwarfare.
- AI-enabled disinformation and deepfakes. The proliferation of bots modelling personas can easily disrupt the “notice-and-comment” rulemaking process, as well as the community interaction, by flooding government agencies with fake contents and comments.
Shifting motivation and digital impact are driving new trends
An impact assessment of threats reveals 5 types of impact; damages of reputational, digital, economical, physical or social nature. Although for most incidents the impact really remains unknown because victims fail to disclose information or the information remains incomplete.
Prime threats were analysed in terms of motivation. The study reveals that ransomware is purely motivated by financial gains. However, motivation for state sponsored groups can be drawn from geopolitics with threats such as espionage and disruptions. Ideology may also be the motor behind cyber operations by hacktivists.
The ETL report maps the cyber threat landscape to help decision-makers, policy-makers and security specialists define strategies to defend citizens, organisations and cyberspace. This work is part of the EU Agency for Cybersecurity’s annual work programme to provide strategic intelligence to its stakeholders.
The report’s content is gathered from open sources such as media articles, expert opinions, intelligence reports, incident analysis and security research reports; as well as through interviews with members of the ENISA Cyber Threat Landscapes Working Group (CTL working group).
The analysis and views of the threat landscape by ENISA is meant to be industry and vendor-neutral. Information based on OSINT (Open Source Intelligence) and the work of ENISA on Situational Awareness also helped document the analysis presented in the report.
- ENISA Threat Landscape 2022 – Infographic
- ENISA Threat Landscape Report 2022
- ENISA Threat Landscape Report 2021
- ENISA Threat Landscape Supply Chain
- ENISA Threat Landscape for Ransomware Attacks – May 2021 – June 2022
ENISA Threat Landscape 2022
*Shared with permission under Creative Commons – Attribution 4.0 International (CC BY 4.0) – license.
- International Cyber Law in Practice: Interactive Toolkit
- Defining Cyber Discovery? A Definition and Framework
Have a Request?
If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.
ComplexDiscovery is an online publication that highlights cyber, data, and legal discovery insight and intelligence ranging from original research to aggregated news for use by cybersecurity, information governance, and eDiscovery professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding cyber, data, and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.
ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of cyber, data, and legal discovery organizations. Focused primarily on supporting the ComplexDiscovery publication, the company is registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world. The company operates virtually worldwide to deliver marketing consulting and services.