ENISA, the European Union Agency for Cybersecurity, has published the 8th annual ENISA Threat Landscape (ETL) report, identifying and evaluating the top cyber threats for the period January 2019-April 2020.

The ETL report warns that there is a long road ahead to reach a more secure digital environment. This is mainly due to the weakening of existing cyber security measures through changes in working and infrastructure patterns caused by the COVID-19 pandemic. This global phenomenon has led to a surge in cyber criminals’ personalized cyber-attacks, using more advanced methods and techniques.

The ETL report highlights important aspects and trends related to the threat landscape:

• There will be a new norm during and after the COVID-19 pandemic that is even more dependent on a secure and reliable cyberspace
• The number of fake online shopping websites and fraudulent online merchants reportedly has increased during the COVID-19 pandemic.
• The number of cyberbullying and sextortion incidents also increased with the COVID-19 pandemic.
• Malicious actors are using social media platforms to increase efficiency in targeted attacks
• Financial reward is still the main motivation behind most cyber-attacks;
• Finely targeted and persistent attacks on high-value data, such as intellectual property and state secrets, are being meticulously planned and executed often by state-sponsored actors
• Massively distributed attacks with a short duration and wide impact are used with multiple aims such as credential theft
• The number of phishing victims in the EU continues to grow with malicious actors using the COVID-19 theme to lure them in
• Business Email Compromise (BEC) and COVID-19-themed attacks are being used in cyber scams resulting in the loss of millions of euros for EU citizens and corporations. European small and medium enterprises (SMEs) have also fallen victim of these threats in a time when many are going through severe financial difficulties due to the loss of revenue
• Ransomware remains widespread with costly consequences to many EU organizations
• Many cyber security incidents still go unnoticed or take a long time to be detected
• The number of potential vulnerabilities in a virtual or physical environment continues to expand as a new phase of digital transformation arises
• With more security automation, organizations will invest more in preparedness using CTI as their main capability