After an eight-month foresight exercise, the European Union’s cyber security agency ENISA has come out with the top cybersecurity threats to emerge by 2030.
Crete-based ENISA’s Executive Director Juhan Lepassaar said: “The mitigation of future risks cannot be postponed or avoided. This is why any insight into the future is our best insurance plan. As the saying goes: “prevention is better than cure”. It is our responsibility to take all measures possible upfront to ensure we increase our resilience over the years for an improved cybersecurity landscape in 2030 and beyond.”
The ten are in an infographic on this link to the ENISA website and are, listed:
Supply chain compromise of software dependencies;
Advanced disinformation campaigns;
Rise of digital surveillance authoritarianism/loss of privacy;
Human error and exploited legacy systems within cyber-physical ecosystems;
Targeted attacks enhanced by smart device data;
Lack of analysis and control of space-based infrastructure and objects;
Rise of advanced hybrid threats;
Skills shortage;
Cross-border ICT service providers as a single point of failure; and
Artificial intelligence abuse.
See the ENISA Threat Landscape 2022 (ETL) report; see also from early last year ENISA’s first report “Foresight on Emerging and Future Cybersecurity Challenges”. The agency worked with Cybersecurity Incident Response Teams (CSIRTs) and the CERT-EU of EU member states; and the EU Cyber Crisis Liaison Organisation Network (EU CyCLONe) that acts as a bridge between the EU CSIRTs Network (at technical level) and the EU at political level.
Meanwhile the EU’s agency for judicial cooperation, Eurojust recently brought out what it described as its first comprehensive report on money laundering. Since 2016, the number of cases brought to the Agency has been steadily rising. Some 649 cases were brought in 2021, more than double the total of 315 in 2016. The top five EU countries involved in money laundering cases were:
` Italy (723)
` France (637)
` Spain (578)
` Germany (569)
` Netherlands (398).
The Republic of Ireland had 91. As for the UK, it’s with 137 cases second behind Switzerland (with 265 cases); however the UK’s data only dates from February 2020, that is, the UK’s official leaving of the European Union. By comparison, the United States came third with 70 cases, and followed by Ukraine, Serbia, Liechtenstein and Norway.
As a sign of how money laundering has like other financial crimes gone digital, the report gives an unidentified case of a hacker group behind ‘synchronised automated teller machine (ATM) attacks across Europe and beyond. The criminal operation struck at banks and financial entities in more than 40 countries,” which resulted in cumulative losses of over 1 billion euros. Malicious software was sent to bank employees via emails
impersonating legitimate companies (spear phishing); once downloaded, the malicious software allowed the criminals to remotely control the victims’ infected machines, giving them access to the internal banking network and infecting the servers controlling the ATMs. The money was then cashed out, whether by e-payments, or ‘mules’ taking money from bank accounts or ATMs.
For a download, visit the Eurojust website.
ENISA is running a CTI (cyber threat intelligence) conference in Brussels on December 7.
And last month the EU police agency Europol ran an operation whereby 19 countries took on criminal networks using stolen credit card information to order high-value goods from online shops.
