DDoS overtakes ransomware as the most active cyber threat in Europe

The world of cyber threats is constantly changing, and a new report from the European Cybersecurity Agency (ENISA) shows that denial of service attacks (DDoS) are now the most active form of cyber attack in Europe. This is a worrying trend that is pushing the previously dominant ransomware attacks into the background. But what does this mean for companies and public institutions in the EU?

An ominous statistic: DDoS at the top

Almost half of all cyberattacks in the EU registered between July 2023 and June 2024 are DDoS attacks. These account for 41.1 % of the 4,120 documented attacks. This trend is led by the pro-Russian hacker group NoName057, which is currently considered the most active threat actor. In comparison, ransomware attacks reached 25.8 %, making it the second most common threat. Data breaches, particularly in the cloud, are the third most common threat, accounting for 19 % of incidents.

These figures show: DDoS attacks have established themselves as the dominant force in Europe's threat landscape. But what is the reason for this rise?

Targets and motives of the attackers

The cyberattacks are primarily directed against organizations in public administration, the transport sector and the financial sector. With 19 % of attacks, the public administration is particularly badly affected, while the transportation sector recorded 11 % and the financial sector 9 % of attacks.

Geopolitics remains a key driver of these cyber operations, particularly in connection with the Ukraine conflict. Hacker groups use political instability to weaken institutions and cause disruption.

Rhetorical question: How can companies and public institutions protect their systems from such targeted attacks if geopolitical tensions continue to rise?

DDoS vs. ransomware: a comparison

While DDoS attacks are often considered annoying but not highly dangerous, ransomware remains a serious threat. Groups such as LockBit, Cl0p and PLAY are the most prominent attackers here and continue to cause considerable damage.

At around 1,000 ransomware incidents per quarter worldwide, the level remains alarmingly high. There is an increasing trend in so-called „double-dipping“ attacks, in which victims are attacked multiple times. Cyber criminals use known vulnerabilities or stolen access data to carry out repeated attacks.

This development highlights the ongoing threat: while DDoS attacks can disrupt business operations, ransomware remains one of the most costly and destructive forms of cybercrime.

Vulnerabilities and data leaks: The growing danger

Another alarming aspect of the cyber threat situation is the more than 19,000 vulnerabilities identified, of which 9.3 % are classified as „critical“ and 21.8 % as „high“. Web applications and the internet infrastructure are particularly affected. These vulnerabilities provide hackers with ideal targets, especially for DDoS and ransomware attacks.

The cloud also remains a popular target: IBM reports that 82 % of all data breaches occurred in the cloud, with 39 % of these attacks affecting multiple environments, including on-premises systems. This trend shows that digitalization and the increased use of cloud technologies bring new security requirements. Companies must not only focus their protective measures on their on-premises infrastructure, but also extend them to their cloud environments.

Manipulation of information: A new trend

In addition to the known methods of attack, the EU is also facing a growing threat from the manipulation of information. Attackers are using misinformation as a weapon, particularly in connection with geopolitical events such as the Ukraine conflict. The use of artificial intelligence (AI) to spread disinformation is increasing, but is still at an early stage according to ENISA.

Metaphor: This is just the tip of the iceberg - the potential of AI for such purposes is far from exhausted. It is only a matter of time before such methods find wider application.

What should companies do now?

In view of these developments, it is becoming increasingly important for companies and institutions to review and adapt their cyber security strategies. Some key measures are:

1. Strengthening the IT security infrastructure: In particular by investing in modern security solutions and regular security checks.

2. Training and sensitization of employees: Human error is often the trigger for successful attacks. Continuous training is essential.

3. Collaboration with cybersecurity experts: External support from specialized service providers can help to identify vulnerabilities at an early stage and close security gaps.

4. Contingency plans for cyber attacks: The best protection is a well thought-out plan to react quickly and efficiently in the event of an attack.

Conclusion: The changing threat situation

ENISA's report shows that the cyber threat landscape in Europe is changing. DDoS attacks have replaced ransomware as the leading threat, but the danger from ransomware remains at a high level. Companies must remain vigilant and continuously adapt their security strategies to meet the new challenges. Because in an increasingly digitalized world, it is no longer a question of if an attack will come, but when.