With the COVID-19 pandemic continuing to impact, and perhaps permanently changing, how we work, cybercriminals again leveraged the distraction in new waves of cyberattacks.
We saw an increase of multiple attacks over the course 2021. Some old and some new. As expected, ransomware and Phishing continued to increase over previous years. New attacks on supply chains, and cryptocurrency, also caught our attention. We also saw an uptick in critical Windows vulnerabilities, again proving that no matter how many vulnerabilities are found, more will always exist.
As we enter 2022, we are seeing novel attacks originating from the conflict in Ukraine, which will certainly make their way into criminal attacks on worldwide businesses. In an upcoming webinar (register here), Cybersecurity company Cynet will provide an in-depth review of the high-profile attacks we saw in 2021 and provide guidance to cybersecurity professionals for 2022.
What are the most serious cyberattacks in 2021 Cynet will investigate?
The Top 2021 Cyber Attacks
Following are the top attack approaches that impacted companies around the world in 2021.
With over 90% of all attacks beginning with a simple phishing email, cyber criminals again set their sites on creating more sophisticated techniques and exploring novel social engineering approaches. We saw many phishing campaigns during 2021, including those using Emotet and TrickBot as well as BazarLoader, BazarLoader, BazarLoader, Dridex, TrickBot and others. Interesting that Emotet, with a major global takedown in 2020, resurfaced in 2021 as perhaps the most dangerous malware used in phishing campaigns.
During 2021 we saw some major ransomware campaigns affecting large, global entities, including Colonial Pipeline, insurance giant AXA and computer giant Acer. Although we haven’t seen ransomware attacks change drastically, they remain the most lucrative e-crime business model. The most popular ransomware types during 2021 are Conti, DarkSide and LockBit.
Security experts know that Windows vulnerabilities have always been a concern for companies that use this OS. However, 2021 saw a concentration of critical vulnerabilities that impacted many Windows components, including Exchange server, kernel, print spooler, MSHTML, access control lists (ACL), and others. Will this continue into 2022?
With the price of Bitcoin reaching $68,000 during 2021, cybercriminals naturally saw an opportunity too good to ignore. Cryptocurrency attacks mostly focused on cryptojacking, compromising systems to mine currencies without the knowledge or permission of the infected host. A successful cryptojacking attack on only 100 endpoints can cost the victim $25,000 annually in electricity alone. Cynet will share an overview of several cryptojacking attacks that took place during 2021.
Supply Chain Attacks
Attacks on software supply chains increased by a whopping 650% during 2021 as threat actors wreaked havoc by infiltrating open-source software. As evidenced by the exponential rise in vulnerabilities revealed year after year, cybercriminals have made open-source software their target. With over 90% of organizations relying on open-source software, significant security and legal risk is introduced.
What To Expect in 2022
Cynet provides a unique view on the likely attacks over the next year. The increase in the approaches listed above shows no signs of abating. Cynet anticipates that the Russian attack against Ukraine will unleash new attack campaign tools, which will be used by cybercriminals worldwide. Cynet will provide insights and recommendations to help companies face the range of attacks expected over the next year.