With the COVID-19 pandemic continuing to impact, and perhaps permanently changing, how we work, cybercriminals again leveraged the distraction in new waves of cyberattacks.
Over the course of 2021 we saw an increase in multiple attack approaches; some old, some new. Phishing and ransomware continued to grow from previous years, as expected, while new attacks on supply chains and cryptocurrencies captured our attention. We also saw an uptick in critical Windows vulnerabilities, again proving that no matter how many vulnerabilities are found, more will always exist.
As we enter 2022, we are seeing novel attacks originating from the conflict in Ukraine, which will certainly make their way into criminal attacks on worldwide businesses. In an upcoming webinar (register here), Cybersecurity company Cynet will provide an in-depth review of the high-profile attacks we saw in 2021 and provide guidance to cybersecurity professionals for 2022.
What are the top cyberattacks in 2021 that Cynet will explore?
The Top 2021 Cyber Attacks
Following are the top attack approaches that impacted companies around the world in 2021.
With over 90% of all attacks beginning with a simple phishing email, cyber criminals again set their sites on creating more sophisticated techniques and exploring novel social engineering approaches. During 2021 we mainly saw phishing campaigns using Emotet, Dridex, TrickBot, BazarLoader and a few others. Interesting that Emotet, with a major global takedown in 2020, resurfaced in 2021 as perhaps the most dangerous malware used in phishing campaigns.
During 2021 we saw some major ransomware campaigns affecting large, global entities, including Colonial Pipeline, insurance giant AXA and computer giant Acer. Although we haven't seen ransomware attacks change drastically, they remain the most lucrative e-crime business model. Some of the most prevalent ransomware variants used during 2021 include Conti, DarkSide, LockBit, and Revil.
Security professionals know that Windows vulnerabilities are, have been, and will continue to be a problem for every company that uses this OS. However, 2021 saw a concentration of critical vulnerabilities that impacted many Windows components, including Exchange server, kernel, print spooler, MSHTML, access control lists (ACL), and others. Will this continue into 2022?
With the price of Bitcoin reaching $68,000 during 2021, cybercriminals naturally saw an opportunity too good to ignore. Cryptocurrency attacks mostly focused on cryptojacking, compromising systems to mine currencies without the knowledge or permission of the infected host. A successful cryptojacking attack on only 100 endpoints can cost the victim $25,000 annually in electricity alone. Cynet will share an overview of several cryptojacking attacks that took place during 2021.
Supply Chain Attacks
Attacks on software supply chains increased by a whopping 650% during 2021 as threat actors wreaked havoc by infiltrating open-source software. Cybercriminals are setting their sites on open-source software, as exhibited by an exponential increase of vulnerabilities exposed year over year. With over 90% of organizations relying on open-source software, significant security and legal risk is introduced.
What To Expect in 2022
Cynet will provide their unique perspective on the attacks that will likely unfold over the coming year. The increase in the approaches listed above shows no signs of abating. Cynet expects the Russian attack on Ukraine to unleash a new set of attack campaign tools that will make their way into the wild and will certainly be harnessed by cybercriminals globally. Cynet will provide insights and recommendations to help companies face the range of attacks expected over the next year.