ALPS blog

Midyear 2021 Cybersecurity Landscape Review: Attacks From All Angles Abound

As enterprises move toward the rest of the year, it is helpful to look back and learn from key cybersecurity incidents that shaped the first half of 2021.

Threat actors and ransomware operators bombarded the security landscape with one major attack after another, making it difficult for affected enterprises and their customers to recover amid the current pandemic.

In total, nearly 41 billion threats were blocked and detected across files, emails, and URLs in the first six months of the year. The following is a rundown of data related to the crucial security issues that enterprises faced during this period, as examined in our report, “Attacks From All Angles: 2021 Midyear Cybersecurity Report.”

Ransomware operators aim at high-profile targets

Ransomware detections decreased by more than half, from over 14 million in the first half of 2020 to over 7 million in the same period this year. However, this does not necessarily mean that ransomware is no longer a pressing security issue; in fact, ransomware continues to mutate into a more vicious threat. This shows how attackers are moving from the opportunistic and quantity-focused model to more targeted modern ransomware methods and big-game hunting.

Both premodern and modern ransomware are among the top 10 most detected for the first half of this year. The premodern ransomware WannaCry (aka WCry) still tops the list, although detections for it significantly dipped. On the other hand, detections for modern ransomware such as DarkSide, REvil (aka Sodinokibi), and Nefilim increased, as operators continue to enhance their techniques and extortion schemes.

Figure 1. The differences in modern and premodern ransomware
Figure 2. The differences in modern and premodern ransomware
Figure 2. File-only count ransomware family detections during the first half of 2020 compared to the first half of 2021 (Source: Trend Micro™ Smart Protection Network™ infrastructure)
Figure 2. File-only count ransomware family detections during the first half of 2020 compared to the first half of 2021 (Source: Trend Micro™ Smart Protection Network™ infrastructure)

It is evident that ransomware operators continue to view critical industries as lucrative targets. In the first half of the year, the banking, government, manufacturing, healthcare, food and beverage, education, technology, financial, telecommunication, and retail industries were the  most affected by ransomware. Alongside this, 49 new ransomware families emerged, showing how ransomware continues to expand as a threat.

Vulnerabilities

Compared to the same period last year, the number of new vulnerabilities in the first half of 2021 slightly decreased, with a huge dip in the volume of critical flaws. Despite this, the first six months of the year were marked with significant vulnerability exploitation incidents, such as the ProxyLogon attacks.

Figure 3. A comparison of the severity breakdown, based on the CVSS, of vulnerabilities in the first half of 2020 and 2021  (Source: Trend Micro Zero Day Initiative (ZDI) program)
Figure 3. A comparison of the severity breakdown, based on the CVSS, of vulnerabilities in the first half of 2020 and 2021 (Source: Trend Micro Zero Day Initiative (ZDI) program)

Operating systems such as Windows and Linux continued to be plagued by both known and new vulnerabilities. These flaws can serve as entry points for various threats such as ransomware and other malware types including coinminers, web shells, and trojans.

Figure 4. The top 10 operating systems according to malware detection
Figure 4. The top 10 operating systems according to malware detection
Figure 5. The top five malware families found in Linux systems from January 1 to June 30, 2021
Figure 5. The top five malware families found in Linux systems from January 1 to June 30, 2021

Covid-19-related threats

Threats that use the pandemic as bait continued to propagate through malicious files, emails, and websites in the first six months, although they decreased by over a half compared to the same period last year. In particular, Covid-19 vaccines and  inoculation programs serve as common lures for these scams. The countries most affected by these threats are the US, Germany, Colombia, Italy, and Spain.

Figure 6.  Comparison of Covid-19-related email threats, URLs, and malware in the first half of 2020 and the first half of 2021
Figure 6. Comparison of Covid-19-related email threats, URLs, and malware in the first half of 2020 and the first half of 2021
Figure 7. The top countries affected by Covid-19-related threats in the first half of 2021
Figure 7. The top countries affected by Covid-19-related threats in the first half of 2021

Other threats

With regard to specific threats, overall, cryptocurrency miners became the most detected malware during this period, replacing the WannaCry ransomware in the top spot. The third most detected malware, web shell, is commonly used by threat actors to enable remote access to compromised web servers.

Figure 8. Cryptocurrency miners were the most detected malware, with long-running family WannaCry in the second spot: The 10 most detected malware families in the first half of 2021
Figure 8. Cryptocurrency miners were the most detected malware, with long-running family WannaCry in the second spot: The 10 most detected malware families in the first half of 2021

In sum, cybercriminals continue to raise the stakes for the enterprises and organizations that they target, as they launch attacks from all angles. To detect and block threats from all fronts, a multilayered defense is necessary. Learn more in our midyear report, “Attacks From All Angles: 2021 Midyear Cybersecurity Report.

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

Featured News