Geo-politics plays major role in cyber attacks

The ongoing Russia-Ukraine conflict has resulted in an increase in hacktivist activity in the past year, with state-sponsored threat actors targeting 128 governmental organisations in 42 countries that support Ukraine, according to the European Union Agency for Cybersecurity (ENISA).

In addition, some threat actors targeted Ukrainian and Russian entities during the early days of the conflict, likely for the collection of intelligence, according to the 10th edition of the ENISA threat landscape report.

The report — this year titled Volatile Geopolitics Shake the Trends of the 2022 Cybersecurity Threat Landscape — notes that in general, geopolitical situations continue to have a high impact on cyber security.

State-sponsored attacks use zero-days, DDoS

This year's report identified several attack types frequently used by state-sponsored attackers. These include zero-day and critical vulnerability exploitation; attacks on operational technology (OT) networks; wiper attacks to destroy and disrupt networks of governmental agencies and critical infrastructure entities; and supply chain attacks. 

Attacks also featured social engineering, disinformation, and threats against data.

State-sponsored threat actors have also been observed targeting entities from countries in Southeast Asia, Japan, Australia, and Taiwan. Due to increased tensions between specific countries in Asia, state-sponsored threat actors have targeted countries (including EU member states) that had established closer ties with Taiwan. 

“We expect to see more and more states deploying their cyber capabilities for the collection of intelligence, especially in times of increased tensions or conflict,” ENISA noted.

Meanwhile, governments have been publicly identifying and attributing cyber attacks to adversary groups and taking legal action against them.

“In our view, as cyber operations have become a priority for governments, we will certainly observe increased efforts by them in the public attribution of cyber campaigns, the disruption of the infrastructure of adversaries, and indictments to 'name and shame' operators,” ENISA noted.

Ransomware remains the top cyber attack type

Ransomware remains the top cyber crime attack type this year as well. More than 10 terabytes of data were stolen monthly during the period studied, with phishing identified as the most common initial vector of such attacks. The report also noted that 60 per cent of affected organisations likely have paid the ransom demanded.

The second most used form of attack was DDoS. The largest DDoS attack ever was launched in Europe in July 2022 against a European customer of Akamai that was using its Prolexic platform. The attack hit a peak at 853.7Gbps and 659.6Mpps (megapackets per second) over 14 hours.

While all sectors fell victim to attacks, public administration and government entities were the most affected, making up 24 per cent of all cyber attack victims. This was followed by digital service providers at 13 per cent and the general public at 12 per cent. These three sectors alone accounted for 50 per cent of all the attacks during this year.