Bulk of data centre cyberattacks coming from hostile states, warn EU experts

Bulk of data centre cyberattacks coming from hostile states, warn EU experts

Are Those Of Target Centres Data For Because Affected Picture: Of Attackers Shutterstock Reach' The 'wider Attractive An

Europe’s data centres — with more than 80 of them in Ireland — are increasingly being hit by cyberattacks, the bulk coming from hostile states, according to EU experts.

The EU Agency for Cybersecurity (ENISA) warns these centres and other types of digital infrastructure are an “attractive” target for attackers because of the “wider reach” of those affected — far beyond the service hit.

Data centres are the physical locations for cloud computing machines and data storage, providing the digital infrastructure for businesses, State bodies, and energy systems.

They also facilitate everyday consumer activities, such as online banking, watching Netflix, sending WhatsApp messages, buying airline tickets, and listening to Spotify.

There are an estimated 82 data centres in Ireland and another 14 are being constructed. Dublin is estimated to be the third largest "hyperscale" data centre hub in the world.

These massive centres, owned and operated by tech giants like Amazon, Google, and Microsoft, have industrial-scale capabilities — including for AI models.

In its latest threat assessment report, the EU agency said the number of cybersecurity incidents in the EU had doubled in the past year, from 5,500 in July 2022-July 2023 to more than 11,000 between July 2023 and July 2024.

The sectors most targeted are public administration, followed by transport, banking, business services, and digital infrastructure

The co-editor of ENISA Threat Landscape 2024 report, Apostolos Malatras, told the Irish Examiner: “Data centres and cloud computing services are part of digital infrastructure and, last year, they were the fifth most affected by cyberattacks — it was the 10th most affected the year before.” 

He said digital infrastructure was “attractive” to cyberattackers because of the “wider reach” of affected entities beyond the centre or service targeted.

Mr Malatras said modern cloud computing technology required a “more sophisticated” attacker — one that has the resources, expertise, and time required. This means it is more likely to be a state or state-sponsored attacker.

Ransomware accounted for 25% of cyberattacks in the EU, with businesses hit the most. File Picture: iStock
Ransomware accounted for 25% of cyberattacks in the EU, with businesses hit the most. File Picture: iStock

The agency published its report to coincide with a major conference in Athens, bringing together national cybersecurity centres.

The report said there had been a “significant increase” in incidents in 2024, in part due to major events such as the European Parliament elections.

It said DDoS [distributed denial of service] attacks were the most common type of incidents, accounting for over 40%. These attacks are typically aimed at overloading a network and is often “symbolic”.

Infrastructure attacks

Ransomware — hijacking a service and demanding a ransom — accounted for 25% of attacks, with businesses being hit the most. Malware [malicious code] hit digital infrastructure the hardest.

Social engineering, or exploiting human error, affects the general public the most. However, digital infrastructure is second hardest hit. 

The report said social media, especially LinkedIn, served as a “fertile ground for crafting targeted lures” of people.

The agency said the “use of legitimate cloud services” for launching social engineering attacks had “ramped up significantly”.

It said this did not reflect a lack of security in these services, but underscored the “adaptability” of attackers.

The report said state actors were generally “well-funded, resourced and advanced”.

Their objective is primarily espionage and disruption, sometimes directed by the military, intelligence, or state control apparatus of their country

Their operations are large-scale and “long term”. The report cites Russia, China, and Iran as the main actors.

The report said there had been a “sharp rise” in misinformation, disinformation, and foreign interference — much of it through social media accounts like X and Facebook and video hosting services such as Instagram, TikTok, and YouTube.

More in this section

Cookie Policy Privacy Policy Brand Safety FAQ Help Contact Us Terms and Conditions

Limited © Echo Group Examiner