Key Findings
Phishing (including malspam, vishing, and malvertising) was the dominant intrusion vector, accounting for approx. 60% of cases..
Top Shares of Recorded Incidents by Sector in the EU: 38.2%: Public Administration, 28.5%: Unknown, 7.5%: Transport (second most targeted sector), 4.8%: Finance, 4.5%: Energy, 2.9%: Education, 2.3%: Health, 2.2%: Digital Infrastructure & Services, 1.7%: Manufacturing, 1.2%: Media & Entertainment.
13.4% of assessed objectives were financially-motivated.
State-aligned operations, often driven by low-impact DDoS campaigns targeting EU Member States’ organisations’ websites, resulted in service disruption in only 2% of incidents.
79.4% of assessed objectives were ideology driven.
Vulnerability exploitation accounted for 21.3% of initial access vectors.
7.2% of assessed objectives were cyberespionage.
Public Administration was the most targeted sector in the EU, accounting for just over 38% of incidents.
Vulnerability exploitation led to malware deployment as a follow-up activity in 68% of cases.
Ransomware remained the most impactful cybercrime tool despite a reported decrease of 11% compared to the previous ENISA Threat Landscape (ETL) report.
NoName057(16) was responsible for over 60% of claims in the realm of hacktivism, sustained by its DDoSia platform
Insider threats accounted for 0.8% of initial access vectors.
Botnet accounted for 9.9% of initial access vectors.
Essential entities (including public administration, transport, digital infrastructure and services, finance, and manufacturing) represent 53.7% of the total number of recorded incidents in the EU.
Malicious applications accounted for 8% of initial access vectors.
Within Public Administration, incidents were dominated by low-impact DDoS campaigns (94.8%).