As enterprises move toward the rest of the year, it is helpful to look back and learn from key cybersecurity incidents that shaped the first half of 2021.
Threat actors and ransomware operators bombarded the security landscape with one major attack after another, making it difficult for affected enterprises and their customers to recover amid the current pandemic.
In total, nearly 41 billion threats were blocked and detected across files, emails, and URLs in the first six months of the year. The following is a rundown of data related to the crucial security issues that enterprises faced during this period, as examined in our report, “Attacks From All Angles: 2021 Midyear Cybersecurity Report.”
Ransomware operators aim at high-profile targets
Ransomware detections decreased by more than half, from over 14 million in the first half of 2020 to over 7 million in the same period this year. However, this does not necessarily mean that ransomware is no longer a pressing security issue; in fact, ransomware continues to mutate into a more vicious threat. This shows how attackers are moving from the opportunistic and quantity-focused model to more targeted modern ransomware methods and big-game hunting.
Both premodern and modern ransomware are among the top 10 most detected for the first half of this year. The premodern ransomware WannaCry (aka WCry) still tops the list, although detections for it significantly dipped. On the other hand, detections for modern ransomware such as DarkSide, REvil (aka Sodinokibi), and Nefilim increased, as operators continue to enhance their techniques and extortion schemes.
It is evident that ransomware operators continue to view critical industries as lucrative targets. In the first half of the year, the banking, government, manufacturing, healthcare, food and beverage, education, technology, financial, telecommunication, and retail industries were the most affected by ransomware. Alongside this, 49 new ransomware families emerged, showing how ransomware continues to expand as a threat.
Compared to the same period last year, the number of new vulnerabilities in the first half of 2021 slightly decreased, with a huge dip in the volume of critical flaws. Despite this, the first six months of the year were marked with significant vulnerability exploitation incidents, such as the ProxyLogon attacks.
Operating systems such as Windows and Linux continued to be plagued by both known and new vulnerabilities. These flaws can serve as entry points for various threats such as ransomware and other malware types including coinminers, web shells, and trojans.
Threats that use the pandemic as bait continued to propagate through malicious files, emails, and websites in the first six months, although they decreased by over a half compared to the same period last year. In particular, Covid-19 vaccines and inoculation programs serve as common lures for these scams. The countries most affected by these threats are the US, Germany, Colombia, Italy, and Spain.
With regard to specific threats, overall, cryptocurrency miners became the most detected malware during this period, replacing the WannaCry ransomware in the top spot. The third most detected malware, web shell, is commonly used by threat actors to enable remote access to compromised web servers.
In sum, cybercriminals continue to raise the stakes for the enterprises and organizations that they target, as they launch attacks from all angles. To detect and block threats from all fronts, a multilayered defense is necessary. Learn more in our midyear report, “Attacks From All Angles: 2021 Midyear Cybersecurity Report.”