ENISA Warns of Rising AI Manipulation Ahead of Upcoming European Elections

Written by

The use of AI chatbots and AI-enabled manipulation of information by malicious actors is a key threat ahead of the upcoming 2024 elections across the continent, according to the European Union Agency for Cybersecurity (ENISA).

The 11th edition of ENISA’s Threat Landscape report, published on October 19, 2023, compiles cyber threats observed by the Agency from July 2022 to June 2023.

In the comprehensive, 161-page long report, ENISA threat researchers argued that information manipulation should be considered as a cybersecurity threat and the increased use of AI for malicious purposes strengthens the need for vigilance ahead of the upcoming European elections.

They also found that state-nexus actors increasingly target employees in key positions, politicians, government officials, journalists and activists, particularly using spear-phishing emails and social networks.

Juhan Lepassaar, ENISA’s executive director, warned governments, organizations and the public that the growing cyber threat against democracies will be challenging to mitigate: “Trust in the EU electoral process will critically depend on our capacity to rely on cybersecure infrastructures and on the integrity and availability of information. Now, it is up to us to ensure we take the necessary actions to achieve this sensitive yet essential goal for our democracies,” he commented.

While the use of AI is concerning, “a number of older techniques require much less effort and still remain highly efficient and a resurgence of them has been observed,” the report stated.

DDoS Jumped to Second Most Prominent Threat

In total, ENISA recorded approximately 2580 incidents during the reporting period, with an additional 220 incidents specifically targeting two or more EU Member States.

A grand total of 24,690 common vulnerabilities and exposures (CVEs) were recorded over the period, marking an increase of 2770 in comparison to the prior reporting period.

Ransomware remained the top threat observed by ENISA, accounting for 34% of EU-focused threats.

Distributed denial-of-service (DDoS) ranked second, representing 28% of all threats against EU countries.

Top threats targeting EU member-states (July 2022-June 2023). Source: ENISA
Top threats targeting EU member-states (July 2022-June 2023). Source: ENISA

Ransomware attacks targeted all sectors indiscriminately, with manufacturing reaching 14% of all ransomware events, followed by health at 13%, then by public administration at 11% and services at 9%.

DDoS attacks, on the other hand, seemed to have their preferred targets, with 34% hitting public administrations, followed by the transport sector at 17% and banking/finance sectors at 9%.

Targeted sectors per number of incidents (July 2022-June 2023). Source: ENISA
Targeted sectors per number of incidents (July 2022-June 2023). Source: ENISA

“The extent of the impact of supply chain attacks emerges as a substantial concern in relation to the upcoming elections. This is because such attacks affected public administration for 21% and digital service providers for 16%. Besides, exploitation of vulnerabilities was associated with events involving digital service providers for 25%, digital infrastructures for 23% and public administration for 15%,” read the report.

Financial Gain and Disruption as Top Motivation Factors

Another trend ENISA observed was a shift in cyber threat actors’ motivations.

While ransomware attacks are primarily motivated by financial gain, a number of such attacks were also intended to have a disruptive effect, which is also the key driver for DDoS attacks and information manipulation.

This means that disruption is now identified as the second most common motive after financial gain.

“In most cases, top threats may be motivated by a combination of intentions such as financial gain, disruption, espionage, destruction or ideology in the case of hacktivism,” wrote the ENISA researchers.

A good example is a technique consisting of trojanizing known software packages.

“We observe that state-nexus actors adopt attack patterns typically seen in criminal campaigns. Or, in some cases, state-nexus actors supported actions from cybercriminals whether directly or indirectly. Some of the techniques include targeted malvertising where malevolent sites point to trojanized versions of legitimate applications. Those actors also resort to techniques allowing them to have full control over the operating system (OS) boot process, and then making it possible to disable OS security mechanisms,” read the report.

Read more: ENISA: Ransomware Makes Up Over Half of Healthcare Cyber-Threats

What’s hot on Infosecurity Magazine?