The Inner Circle

Hi All,

ENISA just published ENISA Threat Landscape: Finance Sector.

This is the first analysis conducted by the European Union Agency for Cybersecurity (ENISA) of the cyber threat
landscape of the European finance sector. From January 2023 to June 2024, the European financial sector faced
significant cybersecurity challenges, highlighting threats and vulnerabilities across the sector.

• ENISA analysed 488 publicly reported incidents affecting the finance sector in Europe.
• European banks (credit institutions) were the most frequently affected at a 46% rate, with 301 incidents
observed. Public organisations related to finance (13%) followed next. Individuals, such as customers of credit
institutions, were also affected (10%), being defrauded through social engineering campaigns with a financerelevant
theme.
• The finance sector saw peaks in distributed denial-of-service activity linked to geopolitical events, particularly
Russia's invasion of Ukraine. Hacktivists targeted European credit institutions (58% of incidents) and
governmental websites related to finance (21%), notably causing operational disruptions.
• Data breaches and leaks remain prominent issues. Threat actors exploited vulnerabilities for financial gain
through fraud, supply chain attacks, and social engineering. European credit institutions were the primary
targets (39%), with incidents leading to financial losses, regulatory penalties, and reputational damage.
• Social engineering campaigns, including phishing, smishing and vishing, were prevalent tactics used by
cybercrime threat actors. These incidents aimed to steal sensitive information and commit financial fraud,
affecting individuals (38%) and credit institutions (36%). The result was financial loss, large-scale financial
crimes, and data exposure.
• Fraud accounted for 6% of overall incidents, primarily affecting individuals (40%) and credit institutions (35%).
Although reported cases seem low, underreporting and secondary consequences from other cyber incidents
suggest a broader issue. Crypto-related cybercrime increased. Related activities include theft, scams, and illicit
laundering.
• Ransomware attacks primarily affected service providers (29%) and insurance organisations (17%), with
impacts including financial loss (38%), data exposure (35%), and operational disruption (20%).
• Malware incidents (excluding ransomware cases), though fewer in number (21 cases), often affected a large
number of citizens. Banking trojans and spyware posed significant threats by enabling device takeovers and
fraudulent activities. Credit institutions (36%) and individuals (24%) were affected most.
• Attacks on suppliers, mostly data breaches and ransomware, resulted in the exposure and sale of sensitive
data (63%), operational disruption (26%), and financial loss (11%).

------------------------------
Michael Roza CPA, CISA, CIA, CC, CCSKv5, CCZTv1, MBA, EMBA, CSA
------------------------------

Link to the ENISA publication web page FYI: https://www.enisa.europa.eu/publications/enisa-threat-landscape-finance-sector

------------------------------
Erik Johnson CCSK, CCSP, CISSP, PMP
Senior Research Analyst
Cloud Security Alliance
[email protected]
------------------------------

Original Message:
Sent: Feb 21, 2025 12:23:15 PM
From: Michael Roza
Subject: ENISA Threat Landscape: Finance Sector

Hi All,

ENISA just published ENISA Threat Landscape: Finance Sector.

This is the first analysis conducted by the European Union Agency for Cybersecurity (ENISA) of the cyber threat
landscape of the European finance sector. From January 2023 to June 2024, the European financial sector faced
significant cybersecurity challenges, highlighting threats and vulnerabilities across the sector.

• ENISA analysed 488 publicly reported incidents affecting the finance sector in Europe.
• European banks (credit institutions) were the most frequently affected at a 46% rate, with 301 incidents
observed. Public organisations related to finance (13%) followed next. Individuals, such as customers of credit
institutions, were also affected (10%), being defrauded through social engineering campaigns with a financerelevant
theme.
• The finance sector saw peaks in distributed denial-of-service activity linked to geopolitical events, particularly
Russia's invasion of Ukraine. Hacktivists targeted European credit institutions (58% of incidents) and
governmental websites related to finance (21%), notably causing operational disruptions.
• Data breaches and leaks remain prominent issues. Threat actors exploited vulnerabilities for financial gain
through fraud, supply chain attacks, and social engineering. European credit institutions were the primary
targets (39%), with incidents leading to financial losses, regulatory penalties, and reputational damage.
• Social engineering campaigns, including phishing, smishing and vishing, were prevalent tactics used by
cybercrime threat actors. These incidents aimed to steal sensitive information and commit financial fraud,
affecting individuals (38%) and credit institutions (36%). The result was financial loss, large-scale financial
crimes, and data exposure.
• Fraud accounted for 6% of overall incidents, primarily affecting individuals (40%) and credit institutions (35%).
Although reported cases seem low, underreporting and secondary consequences from other cyber incidents
suggest a broader issue. Crypto-related cybercrime increased. Related activities include theft, scams, and illicit
laundering.
• Ransomware attacks primarily affected service providers (29%) and insurance organisations (17%), with
impacts including financial loss (38%), data exposure (35%), and operational disruption (20%).
• Malware incidents (excluding ransomware cases), though fewer in number (21 cases), often affected a large
number of citizens. Banking trojans and spyware posed significant threats by enabling device takeovers and
fraudulent activities. Credit institutions (36%) and individuals (24%) were affected most.
• Attacks on suppliers, mostly data breaches and ransomware, resulted in the exposure and sale of sensitive
data (63%), operational disruption (26%), and financial loss (11%).

------------------------------
Michael Roza CPA, CISA, CIA, CC, CCSKv5, CCZTv1, MBA, EMBA, CSA
------------------------------