Cybersecurity: main and emerging threats | Topics | European Parliament (2024)

Find out about the top cyber threats in 2022, the most affected sectors and the impact of the war in Ukraine.

The digital transformation has inevitably led to new cybersecurity threats. During the coronavirus pandemic, companies had to adapt to remote working and this created more possibilities for cybercriminals. The war in Ukraine has also affected cybersecurity.


In response to the evolution of cybersecurity threats, Parliament adopted a new EU directive introducing harmonised measures across the EU, including on the protection of essential sectors.

Read more on new EU measures to fight cybercrime

Top 8 cybersecurity threats in 2022 and beyond

According to the Threat Landscape 2022 report by the European Union Agency for Cybersecurity (Enisa), there are eight prime threat groups:

1. Ransomware: hackers seize control of someone’s data and demand a ransom to restore access

In 2022, ransomware attacks continued to be one of the main cyberthreats. They are also getting more complex. According to a survey quoted by Enisa that was conducted at the end of 2021 and in 2022, over half of respondents or their employees had been approached in ransomware attacks.

Data quoted by the EU Agency for Cybersecurity shows that the highest ransomware demand grew from €13 million in 2019 to €62 million in 2021 and the average ransom paid doubled from €71,000 in 2019 to €150,000 in 2020. It is estimated that in 2021 global ransomware reached €18 billion worth of damages – 57 times more than in 2015.

2. Malware: software that harms a system


Malware includes viruses, worms, Trojan horses and spyware. After a global decrease in malware linked to the Covid-19 pandemic in 2020 and early 2021, its use increased heavily by the end of 2021, as people started returning to the office.

The rise of malware is also attributed to crypto-jacking (the secret use of a victim’s computer to create cryptocurrency illegally) and Internet-of-Things malware (malware targeting devices connected to the internet such as routers or cameras).

According to Enisa, there were more Internet-of-Things attacks in the first six months of 2022 than in the previous four years.

3. Social engineering threats: exploiting human error to gain access to information or services

Tricking victims into opening malicious documents, files or emails, visiting websites and thus granting unauthorised access to systems or services. The most common attack of this sort is phishing (through email) or smishing (through text messages).

Almost 60% of the breaches in Europe, the Middle East and Africa include a social engineering component, according to research quoted by Enisa.

The top organisations impersonated by phishers were from the financial and technology sectors. Criminals are also increasingly targeting crypto exchanges and cryptocurrency owners.

4. Threats against data: targeting sources of data to get unauthorised access and disclosure

We live in a data-driven economy, producing huge amounts of data that are extremely important for, among others, enterprises and Artificial Intelligence, which makes it a major target for cybercriminals. Threats against data can be mainly classified as data breaches (intentional attacks by a cybercriminal) and data leaks (unintentional releases of data).

Money remains the most common motivation of such attacks. Only in 10% of cases is espionage the motive.

Read more about how the EU wants to boost data sharing and regulate AI

5. Threats against availability - Denial of Service: attacks preventing users from accessing data or services

These are some of the most critical threats to IT systems. They are increasing in scope and complexity. One common form of attack is to overload the network infrastructure and make a system unavailable.

Denial of Service attacks are increasingly hitting mobile networks and connected devices. They are used a lot in Russia-Ukraine cyberwarfare. Covid-19 related websites, such as those for vaccination have also been targeted.

6. Threats against availability: threats to the availability of the internet

These include physical take-over and destruction of internet infrastructure, as seen in occupied Ukrainian territories since the invasion, as well as the active censoring of news or social media websites.

7. Disinformation/misinformation: the spread of misleading information

The increasing use of social media platforms and online media has led to a rise in campaigns spreading disinformation (purposefully falsified information) and misinformation (sharing wrong data). The aim is to cause fear and uncertainty.

Russia has used this technology to target perceptions of the war.

Deepfake technology means it is now possible to generate fake audio, video or images that are almost indistinguishable from real ones. Bots pretending to be real people can disrupt online communities by flooding them with fake comments.

Read more about the sanctions against disinformation the Parliament is calling for

8. Supply-chain attacks: targeting the relationship between organisations and suppliers

This is a combination of two attacks - on the supplier and on the customer. Organisations are becoming more vulnerable to such attacks, because of increasingly complex systems and a multitude of suppliers, which are harder to oversee.

Top sectors affected by cybersecurity threats


Cybersecurity threats in the European Union are affecting vital sectors. According to Enisa, the top six sectors affected between June 2021 and June 2022 were:

  1. Public administration/government (24% of incidents reported)
  2. Digital service providers (13%)
  3. General public (12%)
  4. Services (12%)
  5. Finance/banking (9%)
  6. Health (7%)

Read more on the costs of cyberattacks

The impact of the war in Ukraine on cyberthreats

Russia’s war on Ukraine has influenced the cyber sphere in many ways. Cyber operations are used alongside traditional military action. According to Enisa, actors sponsored by the Russian state have carried out cyber operations against entities and organisations in Ukraine and in countries that support it.

Hacktivist (hacking for politically or socially motivated purposes) activity has also increased, with many conducting attacks to support their chosen side of the conflict.

Disinformation was a tool in cyberwarfare before the invasion started and both sides are using it. Russian disinformation has focused on finding justifications for the invasion, while Ukraine has used disinformation to motivate troops. Deepfakes with Russian and Ukrainian leaders expressing views supporting the other side of the conflict were also used.

Cybercriminals tried to extort money from people wanting to support Ukraine via fake charities

Cybersecurity: main and emerging threats  | Topics | European Parliament (2024)

FAQs

What are the 5 main threats to cyber security? ›

The Top 5 Cybersecurity Threats- and how to protect against them
  • Malware Attacks. Malware- short for malicious software- refers to any software intentionally designed to cause damage to a computer, server, client, or computer network. ...
  • Phishing Scams. ...
  • Data Breaches. ...
  • Ransomware. ...
  • Social Engineering.

What are the emerging threats in cyber security? ›

In the realm of cybersecurity, emerging threats refer to new tactics, techniques, and procedures (TTPs) that cybercriminals employ to exploit, disrupt, or breach security systems. These threats constantly evolve, making them harder to predict and mitigate.

What are the 7 types of cyber security threats? ›

Types of Cyber Attacks
  • Malware Attack. This is one of the most common types of cyberattacks. ...
  • Phishing Attack. Phishing attacks are one of the most prominent widespread types of cyberattacks. ...
  • Password Attack. ...
  • Man-in-the-Middle Attack. ...
  • SQL Injection Attack. ...
  • Denial-of-Service Attack. ...
  • Insider Threat. ...
  • Cryptojacking.
Aug 13, 2024

What are the 5 C's of cyber security? ›

From small businesses to large enterprises, understanding the 5 Cs of cybersecurity—Change, Compliance, Cost, Continuity, and Coverage—is pivotal. These five components provide a robust framework, guiding businesses in safeguarding their digital assets.

What are the 8 main cyber security threats? ›

Inside the Top Cyber Threats
  • Ransomware. Ransomware is malware designed to use encryption to force the target of the attack to pay a ransom demand. ...
  • Malware. ...
  • Fileless Attacks. ...
  • Phishing. ...
  • Man-in-the-Middle (MitM) Attack. ...
  • Malicious Apps. ...
  • Denial of Service Attack. ...
  • Zero-Day Exploit.

What are the three main cyber threats? ›

Ransomware. Distributed denial of service (DDoS) attacks. Spam and Phishing.

What are the emerging trends in cyber security? ›

Attackers increasingly leverage artificial intelligence (AI) and machine learning (ML) to enhance their capabilities. These technologies automate attacks, create more convincing phishing emails, and even identify vulnerabilities in target systems. As AI and ML advance, their role in digital threats will likely grow.

What are three most common security threats? ›

Cyber attacks that disrupt user provisioning and prevent users from accessing data are most frequently seen in the form of ransomware, distributed denial-of-service (DDos) attacks and network intrusions.

What are the four major categories of threats? ›

Threats can be classified in four categories: direct, indirect, veiled, or conditional.

What is the current US cyber threat level? ›

Today's Cyber Threat Level

The Cyber Alert Level remains at Blue (Guarded) due to the continued threat posed by various malicious groups targeting government networks and new critical security patches released by Microsoft.

What are the 5 D's of cyber security? ›

The "5 Ds of Security" – Deter, Detect, Deny, Delay, and Defend – provide a framework for enhancing security measures across various domains. This article explores each of these principles and their significance in building a robust security posture.

What is the most common type of cyber threat? ›

Malware is the most common type of cyberattack, mostly because this term encompasses many subsets such as ransomware, trojans, spyware, viruses, worms, keyloggers, bots, cryptojacking, and any other type of malware attack that leverages software in a malicious way.

What are the 4 main types of vulnerability in cyber security? ›

What are the 4 major types of security vulnerability?
  • Process (or procedural) vulnerabilities.
  • Operating system vulnerabilities.
  • Network vulnerabilities.
  • Human vulnerabilities.
Jan 12, 2024

What are the top 5 web security threats? ›

Defending against cyberthreats is a critical and ongoing process that requires a proactive and multifaceted approach. Social engineering, third-party exposure, cloud vulnerabilities, ransomware, and IoT are the top threats that organizations should focus on to protect their data, systems, and reputations.

What are the 5 elements of cybersecurity? ›

What are the 5 Essential Elements of Cyber Security? A well-rounded cybersecurity framework includes five essential functions from the NIST Cybersecurity Framework: Identification, Protection, Detection, Response, and Recovery.

What are 5 network security threats? ›

7 common network security issues
  • 1) Internal security threats. Over 90% of cyberattacks are caused by human error. ...
  • 2) Distributed denial-of-service (DDoS) attacks. ...
  • 3) Rogue security software. ...
  • 4) Malware. ...
  • 5) Ransomware. ...
  • 6) Phishing attacks. ...
  • 7) Viruses.

What are 5 Internet threats? ›

Types of cyber threats your institution should be aware of include:
  • Malware.
  • Ransomware.
  • Distributed denial of service (DDoS) attacks.
  • Spam and Phishing.
  • Corporate Account Takeover (CATO)
  • Automated Teller Machine (ATM) Cash Out.

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Frankie Dare

Last Updated:

Views: 6288

Rating: 4.2 / 5 (73 voted)

Reviews: 88% of readers found this page helpful

Author information

Name: Frankie Dare

Birthday: 2000-01-27

Address: Suite 313 45115 Caridad Freeway, Port Barabaraville, MS 66713

Phone: +3769542039359

Job: Sales Manager

Hobby: Baton twirling, Stand-up comedy, Leather crafting, Rugby, tabletop games, Jigsaw puzzles, Air sports

Introduction: My name is Frankie Dare, I am a funny, beautiful, proud, fair, pleasant, cheerful, enthusiastic person who loves writing and wants to share my knowledge and understanding with you.