author photo
By Bruce Sussman
Thu | Nov 12, 2020 | 9:29 AM PST

Sometimes when you are down in the cyber attack trees defending your organization, it can be tough to see the cyber threat forest.

Understanding how things are shifting in the forest, or overall threat landscape, can help us categorize, strategize, and prioritize our resources.

And now we have new research coming from the EU which unpacks the  top cyber threats as they stand now.

What are the top cyber threats right now?

The European Union Agency for Cybersecurity (ENISA) just published its Threat Landscape 2020 report. It found cyber attacks becoming more sophisticated, targeted, widespread, and undetected.

More on these things in a minute. First, however, let's look at the top 15 cyber threats organizations are facing right now, according to the research:

  1. Malware
  2. Web-based Attacks
  3. Phishing
  4. Web Application Attacks
  5. SPAM
  6. Distributed Denial of Service (DDoS)
  7. Identity Theft
  8. Data Breach
  9. Insider Threat
  10. Botnets
  11. Physical Manipulation, Damage, Theft, and Loss
  12. Information Leakage
  13. Ransomware
  14. Cyber Espionage
  15. Cryptojacking


So that is the top 15 list of cyber threats according to the European Union. 

Trends in malware attacks

We can't look at all of these categories, but let's talk about the number one cyber attack threat of malware.

Emotet remains the most common type of malware infection, which started as a banking trojan, evolved, and now targets organizations regardless of industry vertical. 

" has been upgraded with command and control (C2) functionality, additional evasion mechanisms such as the ability to tell whether if it is running in a sandbox environment and the ability to deliver dangerous payloads, such as Trickbot and Ryuk. 

During the reporting period, Emotet evolved into a botnet, increased its activity, and initiated new localized spam campaigns with spear-phishing functionality to install ransomware or steal information."

The EU researchers uncovered the following insightful information:

  • 13% increase in Windows malware detections at business endpoints globally
  • 71% of organizations experienced malware activity that spread from one employee to another
  • 46,5% of all malware in e-mail messages found in '.docx' file type
  • 50% increase in malware designed to steal personal data or stalkerware
  • 67% of malware was delivered via encrypted HTTPS connections
Researchers also found that file-less ransomware skyrocketed, and that trend makes sense. They say it can be 10 times as likely to succeed because it more easily evades detection.

"Fileless malware attacks increased by 265% during the first half of 2019. The majority of such attacks were script-based (38%), while others executed an in-memory attack (24%) or abused built-in system tools (20%)."

Trends in ransomware attacks

Researchers confirm what the headlines keep screaming: the threat of ransomware is rising. Ransomware detections on machines jumped a whopping 369% compared to 2018.

Using Remote Desktop Protocol (RDP) continues to be one of the riskiest moves by organizations:

"Unfortunately, many organisations still use RDP instead of the more secure Virtual Private Network (VPN) for remote access. The problems with the RDP is that it suffers from vulnerabilities that can be exploited and the RDP service may rely on internet-facing servers which are easily accessed."

Another significant finding is that nearly half of organizations that get hit are now paying hacker ransoms. This is partly driven by cyber insurance and a growing number of organizations seeing this insurance as a business necessity:

"Although cyber insurance policies existed since early 2000, ransomware attacks are one of the main reasons for the increased interest in this type of insurance during the last five years. In some of the 2019 incidents, the ransom or the costs of recovery was covered by such contracts.

Unfortunately, if potential ransomware targets are known to be insured, the attackers assume that they will most probably be paid.

Another downside for the victim is that insurance providers are paying the ransom in advance to mitigate the damage and to keep the victim's reputation intact. However, such compliance by paying ransoms encourages the hacker community and ensures neither the victim’s recovery nor their reputation."

Specific examples of how the cyber threat landscape is shifting

Now, let's look at some additional findings in the Threat Landscape 2020 study. Researchers revealed these cybercrime trends are underway:

  • There will be a new norm during and after the COVID-19 pandemic that is even more dependent on a secure and reliable cyberspace;
  • The number of fake online shopping websites and fraudulent online merchants reportedly has increased during the COVID-19 pandemic. From copycats of popular brands websites to fraudulent services that never deliver the merchandise, the coronavirus revealed weaknesses in the trust model used in online shopping;
  • The number of cyberbullying and sextortion incidents also increased with the COVID-19 pandemic. The adoption of mobile technology and subscription to digital platforms makes younger generations more vulnerable to these types of threats;
  • Malicious actors are using social media platforms to increase efficiency in targeted attacks;
  • Financial reward is still the main motivation behind most cyber attacks;
  • Finely targeted and persistent attacks on high-value data, such as intellectual property and state secrets, are being meticulously planned and executed often by state-sponsored actors;
  • Massively distributed attacks with a short duration and wide impact are used with multiple aims such as credential theft;
  • The number of phishing victims in the EU continues to grow with malicious actors using the COVID-19 theme to lure them in. COVID-19-themed attacks include messages carrying malicious file attachments and messages containing malicious links that redirect users to phishing sites or malware downloads;
  • Business Email Compromise (BEC) and COVID-19-themed attacks are being used in cyber-scams resulting in the loss of millions of euros for EU citizens and corporations. European Small and Medium Enterprises (SMEs) have also fallen victim of these threats in a time when many are going through severe financial difficulties due to the loss of revenue;
  • Ransomware remains widespread with costly consequences to many organisations;
  • Many cybersecurity incidents still go unnoticed or take a long time to be detected;
  • The number of potential vulnerabilities in a virtual or physical environment continues to expand as a new phase of digital transformation arises (as technology will keep diversifying);
  • With more security automation, organisations will invest more in preparedness using CTI (cyber threat intelligence) as their main capability.
Podcast: the future of cloud security threats

Clearly the cyber threat forecast, or landscape, is evolving. The EU broke out each of the top 15 cyber threats into individual reports which are worth reading.

Another trend worth exploring is the forced and rapid shift to the cloud that occurred during 2020. What is the future of cloud security? How do we make cloud security usable and stable? What is the biggest cyber threat in the cloud? 

We discussed all these things and more with Mark Nunnikhoven, Vice President of Cloud Research at Trend Micro. Listen here: