ENISA reports rising DDoS attacks against EU public administrations in latest sector analysis
A new ENISA assessment finds that public administrations remain the most targeted sector in the EU, driven largely by short-lived DDoS campaigns carried out by hacktivist groups. The report warns that data breaches, ransomware and emerging AI-enabled threats pose growing risks to essential public services.
The European Union Agency for Cybersecurity (ENISA) has published new findings showing that public administrations across the EU are increasingly targeted by cyberattacks, with Distributed Denial-of-Service (DDoS) incidents dominating reported cases. The analysis, based on 586 publicly reported incidents from 2024, underscores the sector’s vulnerability as it adapts to new obligations under the NIS2 Directive, which identifies public administration as highly critical for the functioning of European society and the single market.
According to ENISA, public administration accounted for 38 percent of all incidents in the agency’s most recent threat landscape report, making it the most targeted sector in the EU. The new analysis highlights that many government entities remain in the early stages of aligning with NIS2 requirements, leaving them within what ENISA describes as a “risk zone.” Central governments were particularly affected, representing 69 percent of all incidents, with attacks largely hitting the websites of parliaments, ministries and national agencies.
Hacktivists were responsible for nearly 63 percent of incidents in 2024, using DDoS attacks primarily to disrupt services and draw attention to political causes. These attacks accounted for 60 percent of all incidents and were generally short-lived, though they still posed challenges for service availability. Other threats, including data breaches, ransomware and social engineering, were less frequent but had more severe operational consequences. Data-related incidents alone made up 17.4 percent of cases, affecting employment services, local government systems, law enforcement portals and educational platforms.
State-linked intrusion groups represented a smaller portion of attacks – around 2.5 percent – but ENISA warns that their potential impact on national security is significant due to the strategic value of public-sector data. The report also notes that increased use of AI tools may enable more sophisticated social engineering and multi-extortion campaigns, potentially affecting critical services such as tax systems, e-ID platforms and court operations.
ENISA’s recommendations focus on improving resilience and preparedness across public administration. For DDoS threats, the agency suggests measures such as placing critical services behind content delivery networks (CDNs) or web application firewalls (WAFs) with continuous protection, as well as deploying DNS failover and static fallback sites. To address data-related risks, ENISA recommends widespread adoption of multi-factor authentication, conditional access controls and privileged access management. Ransomware mitigation should include endpoint detection and response (EDR) tools and stronger network segmentation.
Additional guidance from the NIS360 report encourages governments to build shared remediation capacities, use the EU Cybersecurity Reserve, and enhance cross-border cooperation. ENISA emphasises that strengthening cybersecurity in public administration is essential to protecting essential services and maintaining public trust as digitalisation accelerates across the EU.
