Cyber attacks becoming more sophisticated, targeted, widespread and undetected says ENISA
This year’s publication is divided into 22 different reports,
available in pdf form and ebook form. The combined report lists the
major change from the 2018 threat landscape as the COVID-19-led
transformation of the digital environment. During the pandemic, cyber
criminals have been seen advancing their capabilities, adapting quickly
and targeting relevant victim groups more effectively.
The ETL report warns that there is a long road ahead to reach a more
secure digital environment. This is mainly due to the weakening of
existing cyber security measures through changes in working and
infrastructure patterns caused by the COVID-19 pandemic. This global
phenomenon has led to a surge in cyber criminals’ personalised cyber
attacks, using more advanced methods and techniques.
ENISA’s list of the top 15 threats
The top 15 cyber threat reports are of a technical nature, and
include findings, major incidents, statistics and more. The threat
reports are the following:
1. Malware
2. Web-based Attacks
3. Phishing
4. Web Application Attacks
5. SPAM
6. Distributed Denial of Service (DDoS)
7. Identity Theft
8. Data Breach
9. Insider Threat
10. Botnets
11. Physical Manipulation, Damage, Theft and Loss
12. Information Leakage
13. Ransomware
14. Cyber Espionage
15. Cryptojacking
The ETL report highlights important aspects and trends related to the threat landscape:
- There will be a new norm during and after the COVID-19 pandemic
that is even more dependent on a secure and reliable cyberspace;
- The number of fake online shopping websites and fraudulent online
merchants reportedly has increased during the COVID-19 pandemic. From
copycats of popular brands websites to fraudulent services that never
deliver the merchandise, the coronavirus revealed weaknesses in the
trust model used in online shopping;
- The number of cyberbullying and sextortion incidents also
increased with the COVID-19 pandemic. The adoption of mobile technology
and subscription to digital platforms makes younger generations more
vulnerable to these types of threats;
- Malicious actors are using social media platforms to increase efficiency in targeted attacks;
- Financial reward is still the main motivation behind most cyber attacks;
- Finely targeted and persistent attacks on high-value data, such
as intellectual property and state secrets, are being meticulously
planned and executed often by state-sponsored actors;
- Massively distributed attacks with a short duration and wide impact are used with multiple aims such as credential theft;
- The number of phishing victims in the EU continues to grow with
malicious actors using the COVID-19 theme to lure them in.
COVID-19-themed attacks include messages carrying malicious file
attachments and messages containing malicious links that redirect users
to phishing sites or malware downloads;
- Business Email Compromise (BEC) and COVID-19-themed attacks are
being used in cyber scams resulting in the loss of millions of euros
for EU citizens and corporations. European small and medium enterprises
(SMEs) have also fallen victim of these threats in a time when many
are going through severe financial difficulties due to the loss of
revenue;
- Ransomware remains widespread with costly consequences to many EU organizations;
- Many cyber security incidents still go unnoticed or take a long time to be detected;
- The number of potential vulnerabilities in a virtual or physical
environment continues to expand as a new phase of digital
transformation arises (as technology will keep diversifying);
- With more security automation, organizations will invest more in preparedness using CTI as their main capability.
source: https://www.continuitycentral....