The ENISA Threat Landscape 2025 report provides a comprehensive analysis of the European cyber threat environment between July 2024 and June 2025, highlighting phishing as the primary intrusion vector and the increasing sophistication of ransomware, state-aligned cyberespionage, and hacktivist activities. It emphasizes emerging trends such as the targeting of mobile devices, supply chain compromises, and the convergence of tactics among threat groups. #ENISAThreatLandscape2025 #Phishing #Ransomware #StateAlignedThreats #Hacktivism #SupplyChainAttacks
Keypoints
- The report is structured into main sections including Executive Summary, Methodology, Threat Landscape Overview, General Key Trends, Sectorial Analysis, Cybercrime, State-Aligned Activities, Foreign Information Manipulation and Interference (FIMI), Hacktivism, Tactics, Techniques & Procedures (TTPs) & Vulnerabilities, Outlook & Conclusion, and Appendix; each section discusses specific aspects such as threat actor behaviours, sector impacts, and cybersecurity recommendations.
- Key statistics highlight phishing as responsible for 60% of intrusions, with vulnerability exploitation at 21.3%, and DDoS attacks making up 76.7% of incidents mainly driven by hacktivist groups.
- Ransomware, banking trojans, and infostealers account for 87.3% of malware deployed post-intrusion, with 68.6% of intrusions leading to data breaches sold on cybercriminal forums.
- The report indicates that mobile threats make up 42.4% of incidents, followed by web threats (27.3%), operational technology (18.2%), and supply chain risks (10.6%), reflecting evolving attack surfaces.
- Phishing campaigns have evolved with the rise of Phishing-as-a-Service platforms (e.g., Darcula, Lucid, FlowerStorm) automating attacks and expanding reach through SMS and mobile channels.
- Third-party providers and supply chain compromises are increasingly targeted, exemplified by incidents affecting transport companies, energy firms, and software repositories, with state-aligned groups such as Lazarus exploiting npm packages.
- Mobile devices, particularly Android, face rising threats including RATs (Rafel, BingoMod), spyware (KoSpy, BoneSpy, PlainGnome), and exploitation of mobile network protocol vulnerabilities (SS7, Diameter), compromising privacy and security.
- Threat actors from hacktivist, cybercrime, and state-aligned groups are converging tools and tactics, with phenomena such as faketivism where state-aligned groups adopt hacktivist personas, and hacktivists expanding into ransomware operations (e.g., FunkLocker, CyberVolk).
- The report stresses rapid weaponization of vulnerabilities following disclosure and underscores the necessity for timely patching, system hardening, and monitoring to counter evolving cyber threats.
- Artificial intelligence is significantly impacting phishing operations, with AI-enhanced campaigns constituting over 80% of social engineering attempts, using sophisticated methods like jailbroken models and synthetic media.
Source: Awesome Annual Security Reports - The reports in this collection are limited to content which does not require a paid subscription, membership, or service contract. (https://github.com/jacobdjwilson/awesome-annual-security-reports/)