The European Cybersecurity Agency (ENISA)’s threat landscape annual report 2022 is heavily influenced by the impact of the Russian invasion of Ukraine on the cyber landscape.
Covering the period from July 2021 up to July 2022, the report was presented under the title Volatile Geopolitics Shake the Trends of the 2022 Cybersecurity Threat Landscape during the Prague Security Conference on November 3, 2022.
“The geopolitical situations, particularly the Russian invasion of Ukraine, have acted as a game changer over the reporting period for the global cyber domain,” reads the report.
Examining the monthly breakdown of cyber incidents, the report shows an increase in February and March 2022, around the time the Russian invasion of Ukraine in late February.
Overall, however, 2022 saw a reduction in number of incidents compared to 2021 – partly because incident handling and analysis are still ongoing and because of the open-source nature of the information collected by ENISA.
“In particular, the category NEAR has a steady high number of observed incidents related to prime threats, which implies their significance in the context of the EU,” reads the report. This category represents incidents within EU borders on networks and systems controlled within EU borders – two of the other types, MID and FAR, account for networks and systems with less reliance on EU controls and the GLOBAL type represent incidents with global impact.
Same Actors, Similar Threats, Still Rising
Overall, prominent threat actors (state-sponsored, cyber-criminal gangs, hacker-for-hire actors and hacktivists) remain the same as last year’s. Similarly, the eight prime threat categories identified (ransomware, malware, social engineering, threats against data, denial of service, internet threats, disinformation-misinformation and supply chain attacks) also appeared in the 2021 edition of the report – only cryptojacking does not make this year’s report.
With more than 10 TB of data stolen monthly during the covered period, ransomware remains a prime threat, ENISA said. More generally, the use of malware was on the rise again after the decrease that was noticed in 2021 and linked to the COVID-19 pandemic.
ENISA also noticed an increase in denial-of-service attacks from the summer of 2022. Noticeably, a DDoS attack that targeted an Eastern European customer of the American firm Akamai in July 2022 proved to be the largest ever launched in Europe.
A Wider Range of Vectors
These trends may be familiar, but the devil is in the details. Since the Russian invasion of Ukraine, ENISA has seen a wider range of vectors emerge. “As a result, more malicious and widespread attacks emerge having more damaging impact,” reads the report.
Among them, the agency mentioned:
- Zero-day exploits gaining traction
- A new wave of hacktivism
- Extortion techniques are further evolving with the widespread use of leak sites.
- AI-enabled disinformation, deepfakes and disinformation-as-a-service
- New forms of phishing arising (spear-phishing, whaling, smishing and vishing)
- DDoS attacks getting larger and more complex, moving toward mobile networks and the Internet of Things (IoT)
- Destruction of internet infrastructure, outages and rerouting of internet traffic
The Public Sector Remains a Prime Target
The threat distribution across sectors shows that, while no industry was spared, public and government administrations were still the number one target, accounting for 24.21% of all reported incidents. Public sector attacks, together with those targeting digital service providers and the general public, made up 50% of all threats, with the other half shared by all other sectors of the economy.
"Today's global context inevitably drives major changes in the cybersecurity threat landscape. The new paradigm is shaped by the growing range of threat actors. We enter a phase which will need appropriate mitigation strategies to protect all our critical sectors, our industry partners and therefore all EU citizens,” Juhan Lepassaar, ENISA’s executive director, stated in the report.
Composed of open-sourced content such as media articles, expert opinions, intelligence reports, incident analysis and security research reports, as well as interviews with members of the ENISA Cyber Threat Landscapes (CTL) working group, ENISA’s annual threat landscape report aims at helping decision-makers, policymakers and security specialists define strategies to defend citizens and organizations in the EU member states.