ENISA warns against AI manipulation ahead of upcoming European elections


The use of AI chatbots and manipulation of information by malicious actors poses a major threat in the run-up to the upcoming 2024 elections across the continent, according to the European Union Agency for Cybersecurity (ENISA).

The 11th edition of ENISA’s Threat Landscape report, published on October 19, 2023, compiles the cyber threats observed by the Agency from July 2022 to June 2023.

In this comprehensive 161-page report, ENISA researchers say that the manipulation of information should be considered a threat to cybersecurity and that the increased use of AI for malicious purposes reinforces the need for vigilance the approach of the next European elections.

They also found that state actors are increasingly targeting employees in key positions, politicians, government officials, journalists and activists, particularly via spear phishing emails and social networks.

Juhan Lepassaar, Executive Director of ENISA, warned governments, organizations and the public that the growing cyber threat to democracies will be difficult to mitigate: “Trust in the European electoral process will crucially depend on our ability to rely on cybersecure infrastructures and on the integrity and availability of information. It is now up to us to ensure that we take the necessary measures to achieve this sensitive but essential objective for our democracies,” he commented.

While the use of AI is concerning, “a number of older techniques require significantly less effort while remaining highly effective and a resurgence of these has been observed,” the report said.

DDoS rose to second biggest threat

In total, ENISA recorded around 2,580 incidents during the reporting period, in addition to 220 incidents specifically targeting two or more EU Member States.

A total of 24,690 common vulnerabilities and exposures (CVEs) were recorded during the period, an increase of 2,770 compared to the previous reporting period.

Ransomware remains the top threat observed by ENISA, accounting for 34% of threats targeting the EU.

Distributed denial of service (DDoS) comes in second, accounting for 28% of all threats against EU countries.

Ransomware attacks have targeted all industries indiscriminately, with manufacturing accounting for 14% of all ransomware events, followed by healthcare at 13%, then government at 11% and services at 9%.

DDoS attacks, on the other hand, seem to have their preferred targets, with 34% affecting public administrations, followed by the transport sector with 17% and the banking/financial sectors with 9%.

“The scale of the impact of supply chain attacks is emerging as a major concern in relation to the upcoming elections. In fact, these attacks affected public administration for 21% and digital service providers for 16%. In addition, the exploitation of vulnerabilities was associated with events involving digital service providers for 25%, digital infrastructure for 23% and public administrations for 15%,” the report reads.

Financial gain and disruption as key motivators

Another trend observed by ENISA is a change in the motivations of cyber threat actors.

Even though ransomware attacks are primarily motivated by financial gain, a number of these attacks also aimed to have a disruptive effect, which is also the main driver of DDoS attacks and information manipulation.

This means that disruption is now identified as the second most common motive after financial gain.

“In most cases, primary threats may be motivated by a combination of intentions such as financial gain, disruption, espionage, destruction, or ideology in the case of hacktivism,” the researchers wrote. ENISA researchers.

A good example is a technique of creating Trojans for known software packages.

“We are observing that state actors are adopting attack patterns typically seen in criminal campaigns. Or, in some cases, state actors have supported the actions of cybercriminals, directly or indirectly. Some of these techniques include targeted malvertising in which malicious sites point to trojanized versions of legitimate applications. These actors also use techniques allowing them to have total control over the boot process of the operating system (OS), and then allowing them to deactivate the security mechanisms of the operating system”, read The report.

Read more: ENISA: ransomware represents more than half of cyber threats in healthcare

Share This Article
Leave a comment