Europe’s data centres — with more than 80 of them in Ireland — are increasingly being hit by cyberattacks, the bulk coming from hostile states, according to EU experts.
The EU Agency for Cybersecurity (ENISA) warns these centres and other types of digital infrastructure are an “attractive” target for attackers because of the “wider reach” of those affected — far beyond the service hit.
Data centres are the physical locations for cloud computing machines and data storage, providing the digital infrastructure for businesses, State bodies, and energy systems.
They also facilitate everyday consumer activities, such as online banking, watching Netflix, sending WhatsApp messages, buying airline tickets, and listening to Spotify.
There are an estimated 82 data centres in Ireland and another 14 are being constructed. Dublin is estimated to be the third largest "hyperscale" data centre hub in the world.
These massive centres, owned and operated by tech giants like Amazon, Google, and Microsoft, have industrial-scale capabilities — including for AI models.
In its latest threat assessment report, the EU agency said the number of cybersecurity incidents in the EU had doubled in the past year, from 5,500 in July 2022-July 2023 to more than 11,000 between July 2023 and July 2024.
The co-editor of ENISA Threat Landscape 2024 report, Apostolos Malatras, told the
: “Data centres and cloud computing services are part of digital infrastructure and, last year, they were the fifth most affected by cyberattacks — it was the 10th most affected the year before.”He said digital infrastructure was “attractive” to cyberattackers because of the “wider reach” of affected entities beyond the centre or service targeted.
Mr Malatras said modern cloud computing technology required a “more sophisticated” attacker — one that has the resources, expertise, and time required. This means it is more likely to be a state or state-sponsored attacker.
The agency published its report to coincide with a major conference in Athens, bringing together national cybersecurity centres.
The report said there had been a “significant increase” in incidents in 2024, in part due to major events such as the European Parliament elections.
It said DDoS [distributed denial of service] attacks were the most common type of incidents, accounting for over 40%. These attacks are typically aimed at overloading a network and is often “symbolic”.
Ransomware — hijacking a service and demanding a ransom — accounted for 25% of attacks, with businesses being hit the most. Malware [malicious code] hit digital infrastructure the hardest.
Social engineering, or exploiting human error, affects the general public the most. However, digital infrastructure is second hardest hit.
The report said social media, especially LinkedIn, served as a “fertile ground for crafting targeted lures” of people.
The agency said the “use of legitimate cloud services” for launching social engineering attacks had “ramped up significantly”.
It said this did not reflect a lack of security in these services, but underscored the “adaptability” of attackers.
The report said state actors were generally “well-funded, resourced and advanced”.
Their operations are large-scale and “long term”. The report cites Russia, China, and Iran as the main actors.
The report said there had been a “sharp rise” in misinformation, disinformation, and foreign interference — much of it through social media accounts like X and Facebook and video hosting services such as Instagram, TikTok, and YouTube.