Geopolitics plays major role in cyberattacks, says EU cybersecurity agency

The ongoing Russia-Ukraine conflict has resulted in an increase in hacktivist activity in the past year, with state-sponsored threat actors targeting 128 governmental organizations in 42 countries that support Ukraine, according to the European Union Agency for Cybersecurity (ENISA).

In addition, some threat actors targeted Ukrainian and Russian entities during the early days of the conflict, likely for the collection of intelligence, according to the 10th edition of the ENISA threat landscape report. The report—this year titled Volatile Geopolitics Shake the Trends of the 2022 Cybersecurity Threat Landscape—notes that in general, geopolitical situations continue to have a high impact on cybersecurity.

State-sponsored attacks use zero-days, DDoS

This year’s report identified several attack types frequently used by state-sponsored attackers. These include zero-day and critical vulnerability exploitation; attacks on operational technology (OT) networks; wiper attacks to destroy and disrupt networks of governmental agencies and critical infrastructure entities; and supply chain attacks. 

Attacks also featured social engineering, disinformation, and threats against data.

State-sponsored threat actors have also been observed targeting entities from countries in Southeast Asia, Japan, Australia, and Taiwan. Due to increased tensions between specific countries in Asia, state-sponsored threat actors have targeted countries (including EU member states) that had established closer ties with Taiwan. 

“We expect to see more and more states deploying their cyber capabilities for the collection of intelligence, especially in times of increased tensions or conflict,” ENISA noted. 

Meanwhile, governments have been publicly identifying and attributing cyberattacks to adversary groups and taking legal action against them. 

“In our view, as cyber operations have become a priority for governments, we will certainly observe increased efforts by them in the public attribution of cyber campaigns, the disruption of the infrastructure of adversaries, and indictments to ‘name and shame’ operators,” ENISA noted. 

Ransomware remains the top cyberattack type

Ransomware remains the top cybercrime attack type this year as well. More than 10 terabytes of data were stolen monthly during the period studied, with phishing identified as the most common initial vector of such attacks. The report also noted that 60% of affected organizations likely have paid the ransom demanded. 

The second most used form of attack was DDoS. The largest DDoS attack ever was launched in Europe in July 2022 against a European customer of Akamai that was using its Prolexic platform. The attack hit a peak at 853.7Gbps and 659.6Mpps (megapackets per second) over 14 hours. 

While all sectors fell victim to attacks, public administration and government entities were the most affected, making up 24% of all cyberattack victims. This was followed by digital service providers at 13% and the general public at 12%. These three sectors alone accounted for 50% of all the attacks during this year.