.jpg?width=400&height=271&name=iStock-1184072557%20(1).jpg)
Phishing was the initial access vector for 60% of cyberattacks across Europe between July 2024 and June 2025, according to the European Union Agency for Cybersecurity (ENISA).
“With regards to the primary method for initial intrusion, phishing (including vishing, malspam and malvertising) is identified as the leading vector, accounting for about 60% of observed cases,” the agency says.
“Advancements in its deployment, such as Phishing-as-a-Service (PhaaS) that allows the distribution of ready-made phishing kits, indicate an automation that paves the way for attackers regardless of their experience.”
The agency warns that AI tools have introduced new risks by assisting in cyberattacks and as a target for attacks themselves.
“The growing role of AI has become an undeniable key trend of the rapidly evolving threat landscape,” the researchers write. “The report highlights AI use both as an optimisation tool for malicious activities but also as a new point of exposure. Large Language Models (LLMs) are being used to enhance phishing and automate social engineering activities. By early 2025, AI-supported phishing campaigns reportedly represented more than 80 percent of observed social engineering activity worldwide.
“Attacks on the AI supply chain are on the rise. While the focus of threat activities involving AI was the use of consumer-grade AI tools to enhance their existing operations, the emergent malicious AI systems is raising concerns about their capabilities in the future due to the widespread use of AI models.”
ENISA also notes an increase in supply chain attacks, which can allow threat actors to scale their attacks by going after a victim’s customers.
“Closely linked to recent events in the EU, an increase in targeting cyber dependencies has been noted,” the agency says. “Cybercriminals have intensified their efforts to abuse critical dependency points, for example in the digital supply chain, to get the most out of their attacks. This method is able to magnify the impact of actions by leveraging the interconnectedness inherent in our digital ecosystems.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
ENISA has the story.
