Trends in Security Information

The HSD Trendmonitor is designed to provide access to relevant content on various subjects in the safety and security domain, to identify relevant developments and to connect knowledge and organisations. The safety and security domain encompasses a vast number of subjects. Four relevant taxonomies (type of threat or opportunity, victim, source of threat and domain of application) have been constructed in order to visualize all of these subjects. The taxonomies and related category descriptions have been carefully composed according to other taxonomies, European and international standards and our own expertise.

In order to identify safety and security related trends, relevant reports and HSD news articles are continuously scanned, analysed and classified by hand according to the four taxonomies. This results in a wide array of observations, which we call ‘Trend Snippets’. Multiple Trend Snippets combined can provide insights into safety and security trends. The size of the circles shows the relative weight of the topic, the filters can be used to further select the most relevant content for you. If you have an addition, question or remark, drop us a line at info@securitydelta.nl.

visible on larger screens only

Please expand your browser window.
Or enjoy this interactive application on your desktop or laptop.

Type of Threat or Opportunity

DDoS attacks most used in ideological-driven cyber threats

The motivation of threat actors per threat category for cyber threats. DDoS attacks are most used in ideological-driven threats while financially-driven threat actors mostly utilise ransomware, threats against data and Foreign Information Manipulation & Interference.

More source info

Figure._10_ENISA.jpeg

Understanding the enemy and the motivation behind a cybersecurity incident or targeted attack is important because it can determine what an adversary is after. Assessing the motives provides an idea of the intentions of attackers and helps entities focus their efforts in defence on the most likely attack scenario for any particular asset.

For the third year ETL 2024 includes an assessment of the motivation behind the incidents observed during the reporting period. For this purpose, five distinct kinds of motivation that can be linked to threat actors have been defined:

• Financial gain: any financially related action (carried out mostly by cybercrime groups);

• Espionage: gaining information on IP (intellectual property), sensitive data, classified data (mostly executed by state-sponsored groups);

• Destruction: any destructive action that could have irreversible consequences;

• Ideological: any action backed up with an ideology behind it (such as hacktivism).

It is apparent that in the majority of cases the primary threats can be attributed to one or more motivations, with certain motivations emerging as more dominant than others. As with the previous iteration within the realm of Ransomware attacks, while the primary motivation typically revolves around financial gain, there is a small percentage where a disruptive motive also plays a role.

Following financial gain as the top motivation, disruption was the second most common motive, primarily due to the prevalence of DDoS attacks during the reporting period. These disruptive attacks were aimed at causing operational downtime.

Date Trend snippet:

27 September 2024

Relevance date:

2023, 2024

Type of Treath or Oppertunity

Data breach/leakage, Malware & antivirus, DDoS attack, Social engineering

Domain of application