The 9th edition of the ENISA Threat Landscape Report

The ENISA Threat Landscape 2021 (ETL) report is the annual report of the EU Agency for Cybersecurity, ENISA, on the state of the cybersecurity threat landscape. The 9th edition released today covers a period of reporting starting from April 2020 up to July 2021.

Cybersecurity threats are on the rise. Ransomware ranks as a prime threat for the reporting period. For each of the identified threats, attack techniques, notable incidents and trends are identified alongside recommendations. The new report also features a list of trends concerning threat actors.

Supply-chains attacks rank highly among prime threats because of the significant potential they have in inducing catastrophic cascading effects. The risk is such that ENISA recently produced a dedicated threat landscape report for this specific category of threat.

The 9 top threats identified due to their prominent materialisation over the reporting period:

1. Ransomware;
2. Malware;
3. Cryptojacking;
4. E-mail related threats;
5. Threats against data;
6. Threats against availability and integrity;
7. Disinformation – misinformation;
8. Non-malicious threats;
9. Supply-chain attacks.

Key trends

The COVID-19 crisis has created possibilities for adversaries who used the pandemic as a dominant lure in campaigns for email attacks for instance. Monetisation appears to be the main driver of such activities.

The techniques that threat actors are resorting to are numerous. The non-exhaustive list below presents some of the most prevalent ones identified in the report, across all threats:

• Ransomware as a Service (RaaS)-type business models;
• Multiple extortion ransomware schemes;
• Business Email Compromise (BEC);
• Phishing-as-a-service (PhaaS);
• Disinformation-as-a-Service (DaaS) business model; etc.

For more etailed information, refer to the full report.