Geopolitics shake up cyber considerations

Geopolitical situations, namely the Russian invasion of Ukraine, were found to be game changers for cybersecurity consideration, with destructive/disruptive operations often targeting critical energy infrastructure.

This is according to the latest ENISA Threat Landscape report, which evaluates the global cybersecurity landscape across sectors.

According to the report, such geopolitical situations have acted as a game changer over the reporting period for the global cyber domain. While there is still an increase of the number of threats, there is also a wider range of vectors, such as zero-day exploits and AI-enabled disinformation and deepfakes.

As a result, more malicious and widespread attacks have been emerging with more damaging impacts.

With more than 10 terabytes of data stolen monthly, ransomware still fares as one of the prime threats in the new report with phishing now identified as the most common initial vector of such attacks.

Have you read:
Cybersecurity proposals for smart devices in Europe
CNI security: what cyber security investments should energy companies be making?

Targeting energy infrastructure

The report’s assessment found that destructive or disruptive operations by state-backed actors will continue as the Russia-Ukraine conflict goes on. Within Ukraine specifically, prime targets include energy and communications sectors (regarding critical infrastructure) as well as government and military networks.

According to the report, cybercriminals continue to disrupt the industrial sector. An assessment made within last year’s report - that cybercrime attacks against Operational Technology (OT) systems would become more disruptive - holds true.

During the reporting period – July 2021 to July 2022 – ransomware was the major cause of compromises in the industrial sector, with the manufacturing industry being the most targeted sector by far. Disruptive attacks have had significant impacts on other sectors, energy prime among them.

And one major contributing factor for ransomware groups targeting OT operation is the ongoing digital transformation in the industrial sector and the increased connectivity between IT and OT networks.

Impacts and actors

An impact assessment of threats revealed five types of impact; damages of reputational, digital, economical, physical or social nature. However, for most incidents, the impact remains unknown because victims fail to disclose information or the information remains incomplete.

Prime threats were analysed in terms of motivation. The study revealed that ransomware is purely motivated by financial gains. However, motivation for state sponsored groups can be drawn from geopolitics with threats such as espionage and disruptions. Ideology may also be the motor behind cyber operations by hacktivists.

State sponsored, cybercrime, hacker-for-hire actors and hacktivists remain the prominent threat actors during the reporting period.

Based on the analysis of the proximity of cyber threats in relation to the EU, the number of incidents remains high over the reporting period in the NEAR category. This category includes affected networks, systems, controlled and assured within EU borders. It also covers the affected population within the borders of the EU.

ENISA sorted threats into 8 groups. Frequency and impact determine how prominent all of these threats still are.

• Ransomware: 60% of affected organisations may have paid ransom demands
• Malware: 66 disclosures of zero-day vulnerabilities were observed in 2021
• Social engineering: Phishing remains a popular technique but there are new forms of phishing arising such as spear-phishing, whaling, smishing and vishing
• Threats against data: Increases were observed proportionally to the total amount of data produced
• Threats against availability: The largest Denial of Service (DDoS) attack ever was launched in Europe in July 2022. DDoS is an attempt to disrupt normal traffic of a targeted server, service or network by overwhelming with a flood of Internet traffic.
• Disinformation – misinformation: This includes escalating AI-enabled disinformation, deepfakes and disinformation-as-a-service
• Supply chain targeting: Third-party incidents account for 17% of the intrusions in 2021 compared to less than 1% in 2020

Also of interest:
How to protect your business from a supply chain cyber-attack  
Digitalising Europe’s energy sector – the strategy

Emerging trends

According to the report, notable trends emerged from their findings. Prominent among these include:

• Zero-day exploits (a software vulnerability discovered by attackers before the vendor has become aware) are the new resource used by threat actors to achieve their goals;
• A new wave of hacktivism has been observed since the Russia-Ukraine war.
• DDoS attacks are getting larger and more complex moving towards mobile networks and Internet of Things (IoT) which are now being used in cyberwarfare.
• The proliferation of bots modelling personas can easily disrupt the “notice-and-comment” rulemaking process, as well as community interaction by flooding government agencies with fake contents and comments.

EU Agency for Cybersecurity executive director, Juhan Lepassaar, stated on the report that “Today's global context is inevitably driving major changes in the cybersecurity threat landscape. The new paradigm is shaped by the growing range of threat actors. We enter a phase which will need appropriate mitigation strategies to protect all our critical sectors, our industry partners and therefore all EU citizens."

The ENISA Threat Landscape 2022 (ETL) report - the 10th edition - covers a period of reporting from July 2021 up to July 2022.