This is the tenth edition of the report ENISA Threat Landscape (ETL), an annual report on the global state of cybersecurity threats. The document identifies the main threats, the main trends observed in terms of threats, threat actors and attack techniques, as well as impact and motivation analysis. It also outlines the most relevant mitigation measures currently in place.
This year’s work was again supported by ENISA’s ad hoc Working Group on Cybersecurity Threat Landscapes (CTL). During the ETL 2022 reporting period, the main threats identified include: ransomware, malware, social engineering threats, threats against data, threats against availability: denial of service, Internet threats, disinformation and supply chain attacks.
For each of the identified threats, certain attack techniques and notable incidents and trends are proposed, along with mitigation measures. In terms of trends during the reporting period, the document highlights the following:
Impact of geopolitics on the cybersecurity threat landscape:
- The conflict between Russia and Ukraine has reshaped the threat landscape during the reporting period.
- Geopolitics continues to have a very strong impact on cyber operations.
- Destructive attacks are a prominent component of the operations of state actors.
- Disinformation is a tool in cyberwarfare. It was used even before the “physical” war began as a preparatory activity for the Russian invasion of Ukraine.
The ransomware and availability attacks are the highest during the reporting period:
- Significant increase in availability attacks, especially DDoS, and the ongoing war are the main reasons for these attacks.
- Phishing is again the most common vector for initial access. Advances in phishing sophistication, user fatigue and targeted, context-based phishing have led to this increase. New bait in social engineering threats is focusing on the Ukraine-Russia conflict in a similar way to what happened during the COVID-19 situation.
- Malware is on the rise again after the decline that was noted, linked to the COVID-19 pandemic.
- DDoS are becoming larger and more complex, are moving towards mobile and IoT networks and are used in the context of cyberwarfare.
New, hybrid and emerging threats are shaping the threat landscape with great impact.
- Disinformation and deepfakes with artificial intelligence.
- Understanding trends related to threat actors, their motivations and objectives greatly helps to prepare cybersecurity defences and mitigation strategies. Therefore, for the purposes of ETL 2022, the following four categories of cybersecurity threat actors are again considered: state-sponsored actors, cybercrime actors, hacker-for-hire actors and hacktivists.
Through continuous analysis, ENISA obtained trends, patterns and insights for each of the major threats presented in the ETL 2022 report. The conclusions and key judgements of this assessment are based on multiple and available resources provided to the references used for the development of this document. The report is primarily aimed at strategic decision makers and policy makers, while being of interest to the technical cybersecurity community.