The use of AI chatbots and AI-enabled manipulation of information by malicious actors is a key threat ahead of the upcoming 2024 elections across the continent, according to the European Union Agency for Cybersecurity. The 11th edition of ENISA's Threat Landscape report, published on October 19, 2023, compiles cyber threats observed by the Agency from July 2022 to June 2023. In the comprehensive, 161-page long report, ENISA threat researchers argued that information manipulation should be considered as a cybersecurity threat and the increased use of AI for malicious purposes strengthens the need for vigilance ahead of the upcoming European elections. They also found that state-nexus actors increasingly target employees in key positions, politicians, government officials, journalists and activists, particularly using spear-phishing emails and social networks. Juhan Lepassaar, ENISA's executive director, warned governments, organizations and the public that the growing cyber threat against democracies will be challenging to mitigate: "Trust in the EU electoral process will critically depend on our capacity to rely on cybersecure infrastructures and on the integrity and availability of information. Now, it is up to us to ensure we take the necessary actions to achieve this sensitive yet essential goal for our democracies," he commented. While the use of AI is concerning, "a number of older techniques require much less effort and still remain highly efficient and a resurgence of them has been observed," the report stated. In total, ENISA recorded approximately 2580 incidents during the reporting period, with an additional 220 incidents specifically targeting two or more EU Member States. A grand total of 24,690 common vulnerabilities and exposures were recorded over the period, marking an increase of 2770 in comparison to the prior reporting period. Ransomware remained the top threat observed by ENISA, accounting for 34% of EU-focused threats. Distributed denial-of-service ranked second, representing 28% of all threats against EU countries. Another trend ENISA observed was a shift in cyber threat actors' motivations. While ransomware attacks are primarily motivated by financial gain, a number of such attacks were also intended to have a disruptive effect, which is also the key driver for DDoS attacks and information manipulation. This means that disruption is now identified as the second most common motive after financial gain. "In most cases, top threats may be motivated by a combination of intentions such as financial gain, disruption, espionage, destruction or ideology in the case of hacktivism," wrote the ENISA researchers. A good example is a technique consisting of trojanizing known software packages. "We observe that state-nexus actors adopt attack patterns typically seen in criminal campaigns. Or, in some cases, state-nexus actors supported actions from cybercriminals whether directly or indirectly. Some of the techniques include targeted malvertising where malevolent sites point to trojanized versions of legitimate applications. Those actors also resort to techniques allowing them to have full control over the operating system boot process, and then making it possible to disable OS security mechanisms," read the report.
This Cyber News was published on www.infosecurity-magazine.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000