https://www.enisa.europa.eu/publications/enisa-threat-landscape-2023
ENISA Threat Landscape 2023
This is the eleventh edition of the ENISA Threat Landscape (ETL) report, an annual report on the status of the cybersecurity threat landscape. It identifies the top threats, major trends observed with respect to threats, threat actors and attack techniques, as well as impact and motivation analysis. It also describes relevant mitigation measures. This year’s work has again been supported by ENISA’s ad hoc Working Group on Cybersecurity Threat Landscapes (CTL).
https://www.enisa.europa.eu/publications/enisa-threat-landscape-2023/@@download/fullReport
https://www.enisa.europa.eu/
Warfare and Geopolitics are Fuelling Denial-of-Service Attacks
The European Union Agency for Cybersecurity (ENISA)’s new report on the Denial-of-Service (DoS) attacks threat landscape finds 66% of DoS attacks are politically motivated.
The analysis is based on 310 verified Denial-of-Service (DoS) incidents during the reporting period of January 2022 to August 2023. However, this total number only represents the incidents gathered from open sources.
A large-scale study is also included of publicly reported incidents. The study focuses on the motivations of attackers, their goals and the socio-political profiles of targets.
DOS attack threat landscape report 2023
Since the beginning of 2022, DoS attacks have turned into a novel and massive threat using new techniques and are fuelled by warfare motivations.
In the last few years, DoS attacks have become easier, cheaper and more aggressive than ever before. The emergence of new armed conflicts around the world acted as fuel to new waves of DoS attacks where newly formed threat actors pick and choose targets without fear of repercussions.
Objective of report:
To provide a better understanding of this type of threat by analysing the motivations and impact of the DoS attacks and raise awareness at the same time by suggesting prevention and remediation recommendations.
The research performed illustrates that most impacted sectors over the reported period covering January 2022 to August 2023 are associated with government services. These attacks stand as retaliation acts triggered by political decisions.
The report highlights that the last few years, DoS attacks have increased in number especially in the public administration and have become easier and more aggressive than before, largely due to geopolitical reasons. The current DoS threat landscape is greatly influenced by the emergence of the recent armed conflicts around the world and especially by the Russia-Ukraine War that fuelled new waves of DoS attacks where recently introduced threat actors select targets without the fear of repercussions.
The study also illustrates that while no sector is exempted from DoS attacks, the government infrastructure has become a preferred target by threat actors that often manage to be successful by causing downtime.
KEY TAKEAWAYS
- The most affected sector was the government administration sector, accounting for receiving 46% of attacks.
- It is estimated that 66% of the attacks were motivated by political reasons or activist agendas.
- Overall, 50% of the global incidents were found to be related to the Russian-Ukrainian war.
- The study shows that 8% of the attacks caused total disruption in the target.
- The analysis of DoS attacks' motivations and goals is based on the new taxonomy used to classify such attacks based on information publicly available about the attacks the targets for a more systematic analysis approach.
- Warfare is a key gameplayer and organisations would benefit from prevention and remediation strategies.
- Reporting of DoS attacks has not reached the maturity needed to allow for the real extent and impact of such attacks.
Key challenges
The detection, description and analysis of DoS attacks is highly complex and different from other cybersecurity attacks. In other types of cybersecurity attacks, such as exploitation of services or even supply chain attacks, the attackers leave artefacts behind that the incident responders can find, analyse, share, confirm, verify and ultimately use for some explanation or even attribution. In the case of DoS attacks artefacts do not exist or are usually fake ones. This is part of the reasons why official databases of such attacks are difficult to be compiled.
The report sheds light on 3 types of information one must be warned against when seeking to analyse DoS incidents:
- The good quality of information: paradoxically, this is the information coming from reports and claims made by the attackers themselves.
- The bad quality of information: information coming from DoS protection providers that actually stopped the attacks.
- The ugly quality of information: information coming from reports created by the targets.
What is a Denial-of-Service or DoS attack?
There is a wide range of difficulties when it comes to defining what a DoS attack is.
Denial-of-service attacks (DoS) are defined for this report as availability attacks in which attackers, partially or totally, obstruct the legitimate use of a target's service by depleting or exploiting the target's assets over a period of time.
A Distributed Denial-of-Service (DDoS) attack DDoS is a subset of DoS attacks. DoS attacks can be distributed which means that they may originate from thousands of sources from all over the world, usually relying on large-scale botnets or proxies.
Further Information
ENISA Threat Landscape for DoS Attacks - 2023
ENISA Threat Landscape - 2023
Contact
For press questions and interviews, please contact press (at) enisa.europa.eu
Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!
News items:
http://www.enisa.europa.eu/media/news-items/news-wires/RSS
PRs:
http://www.enisa.europa.eu/media/press-releases/press-releases/RSS
https://www.enisa.europa.eu/news/checking-up-on-health-ransomware-accounts-for-54-of-cybersecurity-threats
Checking-up on Health: Ransomware Accounts for 54% of Cybersecurity Threats
The European Union Agency for Cybersecurity (ENISA) releases today its first cyber threat landscape for the health sector. The report found that ransomware accounts for 54% of cybersecurity threats in the health sector.
The comprehensive analysis maps and studies cyberattacks, identifying prime threats, actors, impacts, and trends for a period of over 2 years, providing valuable insights for the healthcare community and policy makers. The analysis is based on a total of 215 publicly reported incidents in the EU and neighbouring countries.
Executive Director of the European Union Agency for Cybersecurity (ENISA), Juhan Lepassaar, said: “A high common level of cybersecurity for the healthcare sector in the EU is essential to ensure health organisations can operate in the safest way. The rise of the covid-19 pandemic showed us how we critically depend on health systems. What I consider as a wake-up call confirmed we need to get a clear view of the risks, the attack surface and the vulnerabilities specific to the sector. Access to incident reporting data must therefore be facilitated to better visualise and comprehend our cyber threat environment and identify the appropriate mitigation measures we need to implement.”
The findings
The report reveals a concerning reality of the challenges faced by the EU health sector during the reporting period.
- Widespread incidents. The European health sector experienced a significant number of incidents, with healthcare providers accounting for 53% of the total incidents. Hospitals, in particular, bore the brunt, with 42% of incidents reported. Additionally, health authorities, bodies and agencies (14%), and the pharmaceutical industry (9%) were targeted.
- Ransomware and data breaches. Ransomware emerged as one of the primary threats in the health sector (54% of incidents). This trend is seen as likely to continue. Only 27% of surveyed organisations in the health sector have a dedicated ransomware defence programme. Driven by financial gain, cybercriminals extort both health organisations and patients, threatening to disclose data, personal or sensitive in nature. Patient data, including electronic health records, were the most targeted assets (30%). Alarmingly, nearly half of all incidents (46%) aimed to steal or leak health organisations' data.
- Impact and lessons learned by the COVID-19 Pandemic. It is essential to note that the reporting period coincided with a significant portion of the COVID-19 pandemic era, during which the healthcare sector became a prime target for attackers. Financially motivated threat actors, driven by the value of patient data, were responsible for the majority of attacks (53%). The pandemic saw multiple instances of data leakage from COVID-19-related systems and testing laboratories in various EU countries. Insiders and poor security practices, including misconfigurations, were identified as primary causes of these leaks. The incidents serve as a stark reminder of the importance of robust cybersecurity practices, particularly in times of urgent operational needs.
- Vulnerabilities in Healthcare Systems. Attacks on healthcare supply chains and service providers resulted in disruptions or losses to health organisations (7%). Such types of attacks are expected to remain significant in the future, given the risks posed by vulnerabilities in healthcare systems and medical devices. A recent study by ENISA revealed that healthcare organisations reported the highest number of security incidents related to vulnerabilities in software or hardware, with 80% of respondents citing vulnerabilities as the cause of more than 61% of their security incidents.
- Geopolitical Developments and DDoS Attacks. Geopolitical developments and hacktivist activity led to a surge in Distributed Denial of Service (DDoS) attacks by pro-Russian hacktivist groups against hospitals and health authorities in early 2023, accounting for 9% of total incidents. While this trend is expected to continue, the actual impact of these attacks remains relatively low.
- The incidents examined in the report had significant consequences for health organisations, primarily resulting in breaches or theft of data (43%) disrupted healthcare services (22%) and disrupted services not related to healthcare (26%). The report also highlights the financial losses incurred, with the median cost of a major security incident in the health sector estimated at €300,000 according to the ENISA NIS Investment 2022 study.
- Patient safety emerges as a paramount concern for the health community, given potential delays in triage and treatment caused by cyber incidents.
New report from the NIS Cooperation Group
The NIS Cooperation Group releases today its report on “Threats and risk management in the health sector – Under the NIS Directive”. As a first assessment on the measures currently in place, the study sheds light on the different cybersecurity challenges in risk mitigation faced by the EU health sector. Together with relevant threat taxonomies and cyber incident data, the report discloses business continuity and mitigation recommendations to limit the likelihood and impacts of a cyber related incident.
Background
The ENISA threat landscape reports map the cyber threat landscape to help decision makers, policy makers and security specialists define strategies to defend citizens, organisations and cyberspace.
The report’s content is gathered from open sources such as media articles, expert opinions, intelligence reports, incident analysis and security research reports; as well as through the members of the ENISA Cyber Threat Landscapes Working Group (CTL working group).
The analysis and views of the threat landscape by ENISA is meant to be industry and vendor neutral. Information based on OSINT (Open-Source Intelligence) and the work of ENISA on Situational Awareness also helped document the analysis presented in the report.
Further Information
Health Threat Landscape – ENISA report 2023
ENISA topic: Health
ENISA topic: Cyber threats
CSIRT capabilities in healthcare sector – ENISA report 2021
Cloud security for healthcare services – ENISA report 2021
Procurement guidelines for cybersecurity in hospitals
References
https://www.enisa.europa.eu/about-enisa/data-protection
▼
ENISA is committed to the protection of individuals’ privacy and data protection.
The rights to privacy and data protection are fundamental rights, set out in articles 7 and 8 of the EU Charter of Fundamental Rights.
ENISA, as an EU Agency, is subject to the Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies. This Regulation has the same level and types of rules for the protection of personal data as the General Data Protection Regulation (GDPR), which is applicable to all EU Member States.
In order to function and meet its tasks and objectives, ENISA needs to collect and further process personal data of its staff members, as well as other natural persons in the context of its different activities in the areas of human resources, procurement and finance, corporate services (e.g. IT services), as well as in the context of the functioning of ENISA’s governance bodies and core operations.
What is personal data?
Personal data is any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
Examples of personal data include: names, pictures, contact details, emails, CVs, diplomas, recommendation letters, professional & family life, bank details, transaction information, medical data, judicial & criminal records, CCTV footage, log files, IP addresses, cookies, etc.
How does ENISA process personal data?
ENISA process personal data in accordance with the principles and provisions of Regulation (EU) 2018/1725.
These provisions mandate the personal data shall be:
- processed lawfully, fairly and in a transparent manner;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (“purpose limitation”);
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimisation”);
- accurate and, where necessary, kept up to date (“accuracy”’);
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’);
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
ENISA adheres to its obligations under the Regulation (EU) 2018/1725 and provides for the data subjects rights under this Regulation.
Further information:
ENISA’s central register of data processing activities
Data subjects rights under Regulation (EU) 2018/1725
ENISA’s Data Protection Officer
Data protection with regard to ENISA’s website
https://cybersecuritymonth.eu/
https://cybersecuritymonth.eu/press-campaign-toolbox/visual-identity/banners/ecsm-partnerstoolkit.zip
https://cybersecuritymonth.eu/smarterthanahacker
https://privacyforum.eu/
https://www.enisa.europa.eu/publications/pseudonymisation-techniques-and-best-practices
Pseudonymisation techniques and best practices
This report explores further the basic notions of pseudonymisation, as well as technical solutions that can support implementation in practice. Starting from a number of pseudonymisation scenarios, the report defines first the main actors that can be involved in the process of pseudonymisation along with their possible roles. It then analyses the different adversarial models and attacking techniques against pseudonymisation, such as brute force attack, dictionary search and guesswork. Moreover, it presents the main pseudonymisation techniques and policies available today.
https://www.enisa.europa.eu/publications/pseudonymisation-techniques-and-best-practices/@@download/fullReport
https://www.enisa.europa.eu/publications/data-pseudonymisation-advanced-techniques-and-use-cases
Data Pseudonymisation: Advanced Techniques and Use Cases
This report, building on the basic pseudonymisation techniques, examines advanced solutions for more complex scenarios that can be based on asymmetric encryption, ring signatures and group pseudonyms, chaining mode, pseudonyms based on multiple identifiers, pseudonyms with proof of knowledge and secure multi-party computation. It then applies some of these techniques in the area of healthcare to discuss possible pseudonymisation options in different example cases. Lastly, it examines the application of basic pseudonymisation techniques in common cybersecurity use cases, such as the use of telemetry and reputation systems.
https://www.enisa.europa.eu/publications/data-pseudonymisation-advanced-techniques-and-use-cases/@@download/fullReport
https://www.enisa.europa.eu/publications/engineering-personal-data-sharing
Engineering Personal Data Sharing
This report attempts to look closer at specific use cases relating to personal data sharing, primarily in the health sector, and discusses how specific technologies and considerations of implementation can support the meeting of specific data protection. After discussing some challenges in (personal) data sharing, this report demonstrates how to engineer specific technologies and techniques in order to enable privacy preserving data sharing. More specifically it discusses specific use cases for sharing data in the health sector, with the aim of demonstrating how data protection principles can be met through the proper use of technological solutions relying on advanced cryptographic techniques. Next it discusses data sharing that takes place as part of another process or service, where the data is processed through some secondary channel or entity before reaching its primary recipient. Lastly, it identifies challenges, considerations and possible architectural solutions on intervenability aspects (such as the right to erasure and the right to rectification when sharing data).
https://www.enisa.europa.eu/publications/engineering-personal-data-sharing/@@download/fullReport
https://www.enisa.europa.eu/news/securing-personal-data-in-the-wake-of-ai
Securing Personal Data in the Wake of AI
This year’s Annual Privacy Forum focused on pressing personal data protection challenges raised by the ever faster-paced developments witnessed today in digital technologies and legislative initiatives.
Organised by the European Union Agency for Cybersecurity (ENISA) together with the directorate general of the European Commission for communications networks, content and technology (DG Connect) and the National Institute for Research in Digital Science and Technology (INRIA), the 2023 edition of the event took place in Lyon, France.
This 11th edition brought together a total of 26 speakers and over 400 participants both physically and remotely.
Panels of experts were given the chance to address some of the most pressing topics in relation to the securing of personal data, including:
- Emerging Technologies for personal data protection;
- Machine learning and personal data processing;
- Personal data sharing under the European Data Strategy;
- Promoting GDPR compliance and data subject rights.
European Union Agency for Cybersecurity, Executive Director Juhan Lepassaar, commented: “ENISA has been analysing AI risks for the last 5 years. To prepare for a secure and trusted AI, the safeguards need to be in place. Today AI and in particular machine learning pose great challenges to data protection and privacy. Trust is what underpins the secure adoption and maturity of these technologies. Personal data protection measures are an impactful way to gaining this trust.”
Wojciech Wiewiorowski, European Data Protection Supervisor: “It would be reductive to not look at the benefits that AI can bring to society, such as faster decision making and easy-to-use automation. However, the risks to individual rights are significant and can have a profound impact on our democracies. By proactively addressing these risks, we can harness the potential of AI while safeguarding privacy rights. It is crucial to take action now to ensure responsible and ethical implementation of AI technologies.”
Challenges and opportunities: the conference’s key take-aways
- Within the three panel discussions, regulators from EU Institutions, France, Spain and Norway together with policy makers and industry practitioners, debated on which are the data protection engineering challenges for the years to come, what is the role of Data Protection Authorities in the artificial intelligence era and the data protection prospects and contemplations when processing medical data in the post pandemic era.
- Further to these discussions, invited speakers also elaborated on the AI regulatory approaches on artificial intelligence across the two sides of the Atlantic and how Zero Knowledge Proof technique can be deployed as a privacy enhancing technique in real life applications.
The Annual Privacy Forum was co-located and organised back to back with the EDPS IPEN workshop as part of their strategic cooperation and the Memorandum of Understanding signed between ENISA and the EDPS in 2022.
Further Information
Relevant ENISA publications:
Other information:
About the Annual Privacy Forum
The Annual Privacy Forum (APF) has become a renowned forum among policy-makers, researchers and industry stakeholders in the area of privacy and personal data protection who join forces to advance information security. The forum is set against the EU legislative background that is mainly, but not exclusively, comprised of the GDPR and the draft ePrivacy Regulation. The event sets the stage for new research proposals, solutions, models, applications and policies. In the last few years, the forum has also developed a deeper industry footprint to complement its original research and policy orientation.
About the European Union Agency for Cybersecurity (ENISA)
The EU Agency for Cybersecurity has been working in the area of privacy and data protection since 2014, by analysing technical solutions for the implementation of the GDPR, privacy by design and security of personal data processing. The Agency has been providing guidance on data pseudonymisation solutions to data controllers and processors since 2018.
Contact
For press questions and interviews, please contact press (at) enisa.europa.eu
