The 9th edition of the ENISA Threat Landscape (ETL) report is out!

I’m proud to announce the release of the 9th edition of the ENISA Threat Landscape (ETL) on the state of the cybersecurity threat landscape.

The Europen Agency for cybersecurity ENISA releases its ENISA Threat Landscape 2021 (ETL) report, which is the annual analysis on the state of the cybersecurity threat landscape.

This edition reports events and analyses related to the period between April 2020 up to July 2021.

The bad news is the cybersecurity threats are on the rise, and ransomware attacks rank as a prime threat for the period. Supply-chains attacks also rank among the most dangerous threats due to the catastrophic cascading effects. The document identified threats, attack techniques, notable incidents, and related trends, it also provides recommendations to mitigate the risk of exposure.

“Given the prominence of ransomware, having the right threat intelligence at hand will help the whole cybersecurity community to develop the techniques needed to best prevent and respond to such type of attacks. Such an approach can only rally around the necessity now emphasised by the European Council conclusions to reinforce the fight against cybercrime and ransomware more specifically.” states EU Agency for Cybersecurity Executive Director, Juhan Lepassaar.

The level of sophistication of attacks and their impact continues to increase. The experts highlight an increase in the surface of attacks of organizations due to an ever-growing online presence.

Below are the 9 threat groups analyzed in details in the report over the reporting period:

1. Ransomware;
2. Malware;
3. Cryptojacking;
4. E-mail related threats;
5. Threats against data;
6. Threats against availability and integrity;
7. Disinformation – misinformation;
8. Non-malicious threats;
9. Supply-chain attacks.

Key trends

The COVID-19 crisis has created possibilities for adversaries who used the pandemic as a dominant lure in campaigns for email attacks for instance. Monetisation appears to be the main driver of such activities.

The techniques that threat actors are resorting to are numerous. The non-exhaustive list below presents some of the most prevalent ones identified in the report, across all threats:

• Ransomware as a Service (RaaS)-type business models;
• Multiple extortion ransomware schemes;
• Business Email Compromise (BEC);
• Phishing-as-a-service (PhaaS);
• Disinformation-as-a-Service (DaaS) business model; etc.

The report has been drawn up with the support of the ENISA Cyber Threat Landscapes Working Group (CTL working group).

The content of the report content is based on open source analysis, expert opinions, intelligence reports, incident analysis and security research reports.

Enjoy the report:

ENISA Threat Landscape Report 2021

ENISA Threat Landscape Supply Chain                                                                               

ENISA Threat Landscape Report 2020

Infographic Threat Landscape Mapping during COVID-19

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, threat landscape)

[adrotate banner=”5″]

[adrotate banner=”13″]