The 2021 edition of the Threat Landscape report by the European Union Agency for Cybersecurity, ENISA, highlights a surge in cybercrime, mainly driven by ransomware and cryptojacking attacks.

Ransomware ranks as a prime threat for the reporting period April 2020 to July 2021. The cybersecurity threat landscape has grown in terms of sophistication of attacks, complexity and impact. This trend is spurred by an ever-growing online presence, the transitioning of traditional infrastructures to online solutions, advanced ­interconnectivity, and the exploitation of new ­features of emerging technologies. Supply-chain attacks rank highly among prime threats because of the significant potential they have in inducing catastrophic cascading effects.

The 9 top threats: 9 threat groups were identified due to their prominence in the reporting period. They include ransomware; malware; cryptojacking; e-mail related threats; threats against data; threats against availability and integrity; disinformation – misinformation; non-malicious threats; and supply-chain attacks.

Key trends: The COVID-19 crisis has created possibilities for attackers, who used the pandemic as a dominant lure in campaigns for email attacks for instance. Monetisation appears to be the main driver of such activities. The techniques that threat actors used are numerous. The following non-exhaustive list presents some of the most prevalent threats identified in the report: Ransomware as a Service (RaaS)-type business models; multiple extortion ransomware schemes; Business Email Compromise (BEC); Phishing-as-a-Service (PhaaS); and Disinformation-as-a-Service (DaaS) business model.

Three types of threats receive particular attention in the report: ransomware, cryptojacking infections, and misinformation and disinformation.

Ransomware has been the prime threat during the reporting period, with several high profile and highly publicised incidents. The significance and impact of the threat of ransomware is also evidenced by a series of related policy initiatives in the European Union (EU) and worldwide. Compromise through phishing e-mails and brute-forcing on Remote Desktop Protocol (RDP) services remain the two most common infection vectors. The occurrence of triple extortion schemes also increased strongly during 2021 and cryptocurrency remains the most common pay-out method for threat actors.

Cryptojacking or hidden cryptomining is a type of cybercrime where a criminal secretly uses a victim’s computing power to generate cryptocurrency. With the proliferation of cryptocurrencies and their ever-increasing uptake by the wider public, an increase in corresponding cybersecurity incidents has been observed. Cryptocurrency remains the most common pay-out method for threat actors.

Misinformation and disinformation are for the first time appearing in the ENISA threat landscape report. Disinformation and misinformation campaigns are on the rise as a result of the increased online presence due to the COVID-19 pandemic, which has led to a high use of social media platforms and online media. Disinformation and misinformation campaigns are frequently used in hybrid attacks to foster doubt or create confusion, therefore reducing the overall perception of trust as a consequence and damaging this major proponent of cybersecurity in the process.

Threat actors: The report is focused on four categories of cybersecurity threat actors – state-sponsored actors, cybercriminals, hacker-for-hire actors, and hacktivists. Cyber threat actors are an integral component of the threat landscape. They are entities aiming to carry out a malicious act by taking advantage of existing vulnerabilities, with the intent to do harm to their victims. Understanding how threat actors think and act, what their motivations and goals are, is an important step towards a stronger cyber incident response. Monitoring the latest developments with respect to the tactics and techniques used by threat actors to achieve their objectives is crucial for an efficient defence in today’s cybersecurity ecosystem. Such threat assessment allows us to prioritise security controls and devise an adequate strategy based on the potential impact and likelihood of threat materialisation.

The ENISA Threat Landscape 2021 report is the annual report of the EU Agency for Cybersecurity, ENISA, on the state of the cybersecurity threat landscape. The 9th edition was published in October 2021.

Further information:
ENISA Threat Landscape Report 2021 –
https://www.enisa.europa.eu/publications/enisa-threat-landscape-2021