Sep 23, 2024
sysbraykr.com news - The European Union is grappling with an unprecedented wave of cyberattacks, according to the latest “ENISA Threat Landscape 2024” report by the European Union Agency for Cybersecurity (ENISA). Covering the period from July 2023 to June 2024, the report reveals that more than 11,000 cyber incidents were recorded, with 322 attacks targeting two or more EU member states simultaneously.
Distributed Denial of Service (DDoS) attacks have surged to become the most prevalent type of cyber threat, accounting for 41.1% of all recorded incidents. Often underestimated as relatively harmless, DDoS attacks can significantly disrupt critical services and infrastructure. The sectors most frequently targeted were public administration (19%), transportation (11%), and finance (9%).
Ransomware attacks constituted 25.8% of the incidents, underscoring their continued threat despite a slight decline in activity. The most active ransomware groups identified were LockBit, Cl0p, and PLAY. Cl0p, notorious for exploiting two separate zero-day vulnerabilities in 2023, has been notably quiet in the first half of 2024.
In contrast, LockBit has maintained its operations despite efforts like Operation Cronos aimed at dismantling the group. ENISA notes that reports of LockBit’s resurgence may have been exaggerated in some studies and publications.
Data breaches accounted for 19% of the cyber incidents, marking a significant increase of 78% compared to the previous period. According to IBM, 82% of all breaches involved data stored in the cloud, with 39% of incidents affecting multiple environments such as cloud and on-premises systems.
ENISA highlights the sophisticated evasion techniques employed by cybercriminals. Attackers are increasingly using “Living-off-the-land” (LOTL) methods, which involve leveraging legitimate processes to disguise malicious activities. There’s also a growing trend of extending these techniques to cloud environments, complicating detection efforts.
A troubling development is the “re-exploitation” of victims, where cybercriminals attack the same organization multiple times. They may exploit previously identified vulnerabilities or use stolen credentials to launch subsequent assaults.
During the reporting period, 19,754 vulnerabilities were identified, with 9.3% classified as critical and 21.8% considered high-risk. Of particular concern are the 123 vulnerabilities listed in the Cybersecurity and Infrastructure Security Agency’s (CISA) catalog of known exploited bugs. This underscores the urgency for organizations to prioritize patch management and vulnerability remediation.
While the use of artificial intelligence to manipulate information remains limited, experts anticipate growth in this area. NewsGuard has identified over 1,000 news and information websites created with AI and operating with minimal human involvement, raising concerns about the potential spread of misinformation.
Mobile threats are also escalating, with a sharp rise in mobile banking trojans reported. Studies indicate a 200% increase compared to 2023, posing significant risks to both consumers and financial institutions.
ENISA emphasizes that the geopolitical landscape continues to be a powerful catalyst for malicious cyber activities. The agency calls for closer cooperation between EU member states and the private sector to effectively counter cyber threats and protect critical infrastructure.
source : https://securityonline.info/enisa-calls-for-urgent-action-as-eu-cyberattacks-reach-record-high/