Cybersecurity: main and emerging threats | Topics | European Parliament (2024)

In response to the evolution of cybersecurity threats, Parliament adopted a new EU directive introducing harmonised measures across the EU, including on the protection of essential sectors.

According to the Threat Landscape 2022 report by the European Union Agency for Cybersecurity (Enisa), there are eight prime threat groups:

In 2022, ransomware attacks continued to be one of the main cyberthreats. They are also getting more complex. According to a survey quoted by Enisa that was conducted at the end of 2021 and in 2022, over half of respondents or their employees had been approached in ransomware attacks.

The rise of malware is also attributed to crypto-jacking (the secret use of a victim’s computer to create cryptocurrency illegally) and Internet-of-Things malware (malware targeting devices connected to the internet such as routers or cameras).

According to Enisa, there were more Internet-of-Things attacks in the first six months of 2022 than in the previous four years.

Tricking victims into opening malicious documents, files or emails, visiting websites and thus granting unauthorised access to systems or services. The most common attack of this sort is phishing (through email) or smishing (through text messages).

Almost 60% of the breaches in Europe, the Middle East and Africa include a social engineering component, according to research quoted by Enisa.

We live in a data-driven economy, producing huge amounts of data that are extremely important for, among others, enterprises and Artificial Intelligence, which makes it a major target for cybercriminals. Threats against data can be mainly classified as data breaches (intentional attacks by a cybercriminal) and data leaks (unintentional releases of data).

Money remains the most common motivation of such attacks. Only in 10% of cases is espionage the motive.

These are some of the most critical threats to IT systems. They are increasing in scope and complexity. One common form of attack is to overload the network infrastructure and make a system unavailable.

Denial of Service attacks are increasingly hitting mobile networks and connected devices. They are used a lot in Russia-Ukraine cyberwarfare. Covid-19 related websites, such as those for vaccination have also been targeted.

The increasing use of social media platforms and online media has led to a rise in campaigns spreading disinformation (purposefully falsified information) and misinformation (sharing wrong data). The aim is to cause fear and uncertainty.

Russia has used this technology to target perceptions of the war.

Deepfake technology means it is now possible to generate fake audio, video or images that are almost indistinguishable from real ones. Bots pretending to be real people can disrupt online communities by flooding them with fake comments.

Read more about the sanctions against disinformation the Parliament is calling for

Russia’s war on Ukraine has influenced the cyber sphere in many ways. Cyber operations are used alongside traditional military action. According to Enisa, actors sponsored by the Russian state have carried out cyber operations against entities and organisations in Ukraine and in countries that support it.

Hacktivist (hacking for politically or socially motivated purposes) activity has also increased, with many conducting attacks to support their chosen side of the conflict.

Disinformation was a tool in cyberwarfare before the invasion started and both sides are using it. Russian disinformation has focused on finding justifications for the invasion, while Ukraine has used disinformation to motivate troops. Deepfakes with Russian and Ukrainian leaders expressing views supporting the other side of the conflict were also used.