This year the Danish Centre for Cyber Security (CFCS) raised the threat level against Denmark in one area. CFCS annually releases a report detailing the IT security threats, and this year's update highlights how rapidly the threat landscape is changing and influenced by political factors.
In this blogpost, we break down the recent updates to the threat levels by the CFCS. We also compare these with the broader insights from by European Union Agency for Cybersecurity (ENISA). Are you prepared to address these evolving challenges?
The changing threat landscape
CFCS’ threat assessments are divided into five categories and CFCS categorizes the threats into five levels, from “none” to “very high”.
Here’s how these levels have been updated:
- Cyber espionage: Remains at very high
- Cyber crime: Remains at very high
- Cyber activism: Raised to high in 2023
- Destructive cyber attacks: Raised to medium in 2024
- Cyber terrorism: Remains at none
While some threat levels have remained stable, our focus is on cyber activism and destructive cyber attacks, where updates have been made recently.
Cyber activism
The threat level was raised from medium to high in January 2023. This the highest level since CFCS started publishing threat assessments.
Cyber activism involves individuals and groups using cyber attacks to advance their ideological or political agendas. These activists aren’t necessarily acting on behalf of a state, but they can have connections to governments or be driven by strong beliefs about a particular issue.
They typically target organizations, governments, or companies they view as opponents of their cause. The most common type of attack they use is a DDoS attack (Distributed Denial of Service), which overwhelm and disrupt access to targeted websites.
Why has it been raised?
The threat level has been raised due to a rise in pro-Russian cyber activist attacks targeting European and NATO countries.
For instance, in 2022, the Danish Ministry of Defence was hit by DDoS attacks from a pro-Russian cyber activist hacker group, which disrupted access to their websites.
Destructive cyber attacks
The threat level for destructive cyber attacks was raised from low to medium in June 2024. This implies that organizations, governments, and companies in Denmark could become targets of such attacks.
Destructive cyber attacks aim to cause harm, either by damaging physical infrastructure, deleting critical data or disrupting critical sectors like hospitals.
These attacks are motivated by a desire to create chaos, spread fear, or advance a political agenda.
For instance, in 2017, Ukraine's transport sector was targeted by malware, which caused significant flight delays at Odessa Airport and disrupted electronic payments in the Kiev metro.
Why has the threat level been raised?
The threat level has been raised due to an increased danger posed by Russia to European NATO members.
Russian state-sponsored hackers and non-state hackers connected to Russia are increasingly more likely to use destructive hybrid tactics. These tactics combine cyber attacks with other forms of aggression, such as misinformation or physical sabotage.
As countries such as Russia intensify their use of these hybrid methods, the risk to organizations in Denmark has increased, prompting CFCS to raise the threat level.
The broader picture from ENISA
To get a full view of the cyber threat landscape, it’s also relevant to compare with insights from the ENISA’s report from 2023 which provides a broad perspective on cyber threats across the EU.
The report highlights DDoS and ransomware as top threats, along with social engineering, data-related threats and information manipulation as significant threats.
The report also notes a rise in threat actors professionalizing their tactics and using novel methods to gain access to systems and extort victims.
For instance, some attackers are now using advanced techniques to target the software that starts up a computer. This can potentially allow them to bypass security systems. Although these techniques are complex and not yet widely used, they highlight how cyber threats are evolving.
What does this mean for you?
Understanding the evolving threat landscape is crucial for protecting your organization. With the increasing risk from destructive cyber attacks and cyber activism, it's essential to implement measures to prevent and protect against such threats.
Here’s how you can act on recommendations from ENISA to best protect yourself and your organization against these threats:
- Make backups: Regularly back up your data and store it offline.
- Make a response plan: Develop a plan for responding to cyber attacks and make sure you and your team is familiar with the procedures for handling such an incident.
- Secure Remote Access: Ensure that remote access to your systems is safe by using multi-factor authentication and strong passwords.
- Train Your Team: Provide ongoing awareness and phishing training to help your staff recognize and respond to threats such as phishing attempts.
At CyberPilot, we offer awareness training in cyber security to keep organizations informed and prepared for the latest and most pressing cybersecurity threats. Our course, The Threat Landscape, is designed to help you and your team stay informed about these evolving threats. By learning about the different types of cyber threats, you can better safeguard your personal and organizational data.
You can try out awareness training for free for 14 days and explore our course catalogue to see if it could be a good fit for your organization.