2025欧洲金融业网络安全威胁态势剖析报告

JANUARY 2023 TO JUNE 2024 ABOUT ENISA The European Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated to achieving a high commonlevel of cybersecurity across Europe. Established in 2004 and strengthened by the EU Cybersecurity Act, the EuropeanUnion Agency for Cybersecurity contributes to EU cyber policy, enhances the trustworthiness of ICT products, servicesand processes with cybersecurity certification schemes, cooperates with Member States and EU bodies, and helpsEurope prepare for the cyber challenges of tomorrow. Through knowledge sharing, capacity building and awarenessraising, the Agency works together with its key stakeholders to strengthen trust in the connected economy, to boostresilience of the Union’s infrastructure, and, ultimately, to keep Europe’s societyand citizens digitally secure. Moreinformation about ENISA and its work can be found here:www.enisa.europa.eu. CONTACT Tocontacttheauthors,please useetl@enisa.europa.euFor media enquiries about this paper, please usepress@enisa.europa.eu. AUTHORS Marianthi Theocharidou, Ifigeneia Lella,Rossen Naydenov, Apostolos Malatras,ENISA ACKNOWLEDGEMENTS Tomislav VazdarandAdrian Ifrim The report has been validated and supported by themembers ofthe ENISA advisory group,the National Liaison OfficersNetwork,theENISA Ad Hoc Working Group on Cybersecurity Threat Landscapes (CTL),andthe European FinancialInstitutes–Information Sharing and Analysis Centre. LEGAL NOTICE This publication represents the views and interpretations of ENISA, unless stated otherwise. It does not endorse aregulatory obligation of ENISA or of ENISA bodies pursuant to Regulation (EU)2019/881. ENISA has the right to alter, update or remove the publication or any of its contents. It is intended for informationpurposes only and it must be accessible free of charge. All references to it or its use as a whole or partially must containENISA as its source. Third-party sources are quoted as appropriate. ENISA is not responsible or liable for the content of the external sourcesincluding external websites referenced in this publication. Neither ENISA nor any person acting on its behalf is responsible for the use that might be made of the informationcontained in this publication. ENISA maintains its intellectual property rights in relation to this publication. COPYRIGHT NOTICE © European Union Agency for Cybersecurity (ENISA), 2024 Unlessotherwise noted, the reuse of this document is authorised under the Creative Commons Attribution 4.0International (CCBY4.0) licence (https://creativecommons.org/licenses/by/4.0/). This means that reuse is allowed,provided appropriate credit is given and any changes are indicated. For any use or reproduction of photos or other material that is not under the ENISA copyright, permission must besought directly from the copyright holders. ISBN978-92-9204-677-4, DOI10.2824/5410466 TABLE OF CONTENTS 1.INTRODUCTION42.INCIDENTS63.PRIME THREATS103.1DISTRIBUTED DENIAL-OF-SERVICE ATTACKS113.2DATA-RELATED THREATS123.3SOCIAL ENGINEERING133.4FRAUD143.5RANSOMWARE153.6MALWARE163.7ATTACKS TO THE SUPPLY CHAIN173.8OTHER THREATS184.THREAT ACTORS194.1THREAT ACTOR GOALS194.2THREAT ACTOR ANALYSIS204.2.1State-nexus actors214.2.2Cybercrime groups224.2.3Hacktivists235.IMPACT276.CONCLUSIONS30 EXECUTIVE SUMMARY This is the first analysis conducted by the European Union Agency for Cybersecurity (ENISA) of the cyber threatlandscape of theEuropeanfinancesector.From January 2023 to June 2024, theEuropeanfinancial sectorfacedsignificant cybersecurity challenges,highlightingthreats andvulnerabilities acrossthe sector. •ENISA analysed 488 publicly reported incidentsaffecting the finance sectorinEurope.•European banks(credit institutions)werethe most frequentlyaffectedat a46%rate, with 301 incidentsobserved.Public organisationsrelated tofinance(13%)followednext.Individuals,such as customers of creditinstitutions,werealsoaffected(10%), being defraudedthroughsocial engineering campaigns with a finance-relevant theme.•The finance sector saw peaks indistributed denial-of-serviceactivity linked to geopolitical events, particularlyRussia’sinvasion of Ukraine.Hacktivists targeted European credit institutions(58% of incidents) andgovernmental websitesrelated to finance(21%),notablycausing operational disruptions.•Data breaches and leaks remainprominentissues. Threat actors exploited vulnerabilities for financial gainthrough fraud, supply chain attacks, and social engineering. European credit institutions were the primarytargets(39%), with incidents leading to financial losses, regulatory penalties, and reputational damage.•Socialengineering campaigns, including phishing, smishing and vishing,were prevalent tactics used bycybercrime threat actors. These incidents aimed to steal sensitive information and commit financial fraud,affectingindividuals(38%) and credit institutions (36%). The result was financial loss, large-scale financialcrimes, and data exposure.•Fraud