Ransomware is the most impactful cyber threat to the European Union’s digital infrastructure, according to the EU’s agency for cyber, ENISA. In its threat landscape report, the agency said DDoS attacks were the dominant incident type and accounted for 77 per cent of reported incidents. Most attacks were by hacktivists while cyber criminals represent only a minor portion.
As for how the attackers get in, above all it’s by phishing, followed by vulnerability exploitation. The report analyses some 4875 incidents between July 2024 and June 2025; for the 87-page report in full visit https://enisa.europa.eu/topics/cyber-threats.
What they say
ENISA Executive Director Juhan Lepassaar said: “Systems and services that we rely on in our daily lives are intertwined, so a disruption on one end can have a ripple effect across the supply chain. This is connected to a surge in abuse of cyber dependencies by threat actors that can amplify the impact of cyberattacks. The ENISA Threat Landscape provides valuable insights to enable informed decision-making and prioritisation to safeguard our critical infrastructure and ensure that our digital future is secure.”
Comments
Sylvain Cortes, VP Strategy at the cyber company Hackuity said that the report points out the harsh reality that there are still fundamental security issues going unaddressed and that cybercriminals don’t necessarily need to be inventive. He said: “Vulnerability exploitation, which accounts for 21.3 per cent of all attacks according to ENISA, is continually seen as a problem for businesses. The challenge is that organisations often have difficulty with visibility and prioritisation; they need both a centralised view to identify vulnerabilities and then the context around these to know where to prioritise remediation efforts. There’s an inherent imbalance in the time it can take for organisations to patch critical vulnerabilities and the speed with which attackers can exploit them.
“Beyond the technical aspects, organisations need joined up processes across their security teams as attacks are evolving quickly. Organisations must adapt to keep pace, and that’s a challenge.”
And James Neilson, SVP International at OPSWAT, said: “Operational technology (OT) assets have emerged as a key target for nation-state groups, including Russia- and China-nexus campaigns, which aim to disrupt European nations, compromise or diminish essential services, and inflict harm on wider civilian populations.
“ENISA’s Threat Landscape Report highlights this issue, and organisations must secure the data moving in and out of their OT networks. It is no coincidence that the sectors identified by ENISA as the most targeted are those that contain a significant number of OT systems within their environments. IT systems, internet connectivity, and transient devices remain major attack surfaces for ICS/OT infrastructure. In fact, IT compromises account for 58pc of ICS/OT incidents, this reveals a lack of understanding among security teams regarding the impact of IT threats on OT environments.
“An OT security strategy should follow secure-by-design principles, reinforced by tools such as content disarm and reconstruction (CDR), vulnerability assessments, data loss prevention, and multiscanning to keep files, data, and devices safe in secure OT environments.”
