On 3 November 2022, the EU Agency for Cybersecurity, ENISA, published its Threat Landscape 2022 (ETL) Report. The 10th edition of the Report covers the reporting period of July 2021 up to July 2022. The Report’s content is gathered from open sources such as media articles, expert opinions, intelligence reports, incident analysis and security research reports; as well as through interviews with members of the ENISA Cyber Threat Landscapes Working Group (CTL working group).
Ransomware remains one of the prime threats with phishing identified as the most common initial vector of such attacks. Further high-ranking threats are attacks against availability (in the form of distributed Denial of Service (DDoS) attacks.
During the reporting period the number of threats continued to increase. In addition to the increase, a wider range of vectors could be observed with zero-days exploits, AI-enabled disinformation and also deepfakes. This combination together with a growing range of threat actors resulted in more malicious and widespread attacks. As regards the threat actors, state sponsored, cybercrime, hacker-for-hire and hacktivists remain the most prominent threat actors.
With an overall high number of incidents, the following sectors could be identified as primary targets: ublic administration and governments (24%), digital service providers (13%) and the general public (12%).
The Report notes that “geopolitical situations”, in particular the Russian invasion of Ukraine, have acted as a game changer for the global cyber domain. Threats materialise in a new contextual setting. Since the invasion, there has inter alia been an increase in what is commonly understood as “hacktivism”. Hacktivism is many cases can be considered a criminal act. Further, DDoS attacks have been moving towards mobile networks and IoT which are ow being used in “cyberwarfare”. Also, government agencies have been flooded with fake contents and comments as a result of AI-enabled disinformation and deepfakes.
The Reports identifies geopolitics and ideology as a new driving factor behind prime threats: State-sponsored groups engage in espionage and disruptions of infrastructure, while hacktivist actions are triggered by similar motivation.