ENISA Threat Landscape 2025 — Part 2
- Katarzyna Celińska
- 13 hours ago
- 2 min read
After publishing the introduction link to European Union Agency for Cybersecurity (ENISA) Threat Landscape 2025, I’ve finally dug deeper.
Entry Points
Phishing remains dominant, accounting for 60% of observed incidents. Phishing-as-a-Service platforms make it easy for low-skill attackers to replicate major brands and bypass MFA.
Vulnerability exploitation makes up 21.3% — a strong indicator of poor patch management and delayed vulnerability remediation.
Photo: https://pl.freepik.com/
Nearly 70% of vulnerability-based attacks resulted in malware installation, while 73% of phishing campaigns had unknown or diverse outcomes, showing phishing’s varied nature — often used for credential theft or social engineering rather than full system compromise.
Incident Types & Impact
DDoS attacks dominate (76.7%), largely driven by hacktivist campaigns.
Intrusions (17.8%) are led by cybercriminal groups, followed by state-aligned espionage operations.
The top three malware categories seen after intrusions were:
Ransomware
Banking Trojans
Infostealers
Together, they account for 87.3% of all malicious code deployments.
Attack Surfaces
Mobile threats – 42.4%
Web threats – 27.3%
Operational technology (OT) – 18.2%
Supply chain – 10.6%
And regarding motivations:
Ideology-driven hacktivism — 77.4%
Financial motives — 13.4%
Cyberespionage — 7.2%
Targeting Cyber Dependencies
Attackers are increasingly abusing supply chains and third party dependencies.
A 25% increase in exposed secrets in public repositories since 2023.
🔍 Converging Threat Groups
The boundaries between hacktivists, cybercriminals, and state actors are fading.
Faketivism — states use “hacktivist” labels to disguise their operations.
Hybrid threats — political sabotage campaigns combining DDoS, ransomware, and information warfare.
This hybridization blurs attribution.
AI
Over 80% of phishing emails now use AI-generated content.
Fake AI tools are used to deploy malware.
From my perspective — and comparing ENISA report with Microsoft 2025 Report — a few things stand out clearly:
✅ Phishing is still the king of initial compromise.
✅ Government remains the most attacked sector.
✅ Data theft is the universal motive.
But there are interesting differences too:
ENISA highlights the rise of hacktivism, while Microsoft barely mentions it, focusing mostly on cybercrime and financially motivated actors.
ENISA identifies transport, logistics, and manufacturing as heavily impacted sectors, whereas Microsoft names IT, research&academia among its top targets.
Author: Sebastian Burgemejster
Comments