The most influential security topics in 2021

In 2020, the New Crown outbreak impacted the steady flow of industries while spawning a number of new needs for home-based, New Crown outbreak-focused businesses, yet in 2021, there is a clear shift in focus for users worldwide. Insecure data, malware in code hosting repositories, critical zero-day exploits and never-before-seen ransomware scenarios are among the topics that readers read most often in the news. This indicates a greater interest in cybercrime innovation as new ways of working become “normalized.

Constant data breaches

The headlines in 2021 were dominated by major security incidents such as Log4Shell, Colonial Pipeline, Kaseya, ProxyLogon/ProxyShell and SolarWinds. In addition to this, the Iberostar data breach received a lot of attention based on traffic data from related articles.

In April 2021, Bill Demirkapi, a sophomore at Rochester Institute of Technology, discovered that on a lender’s website, it was possible to check the credit score of almost any American without the slightest restriction of access through the Experian Credit Bureau API port.

The port, called Experian Connect API, allows lenders to automate FICO score lookups. demirkapi was able to build a command-line utility called Bill’s Cool Credit Score Lookup Utility that, even when substituting zeros in the date of birth field, still automatically look up the credit score of almost everyone. In addition, the API port allows access to more detailed credit history and credit alerts for Iberostar users, such as when a user has too many consumer finance accounts. Iberostar says it has resolved the issue and denies the possibility that it will pose a systemic threat.

Not coincidentally, the sale of LinkedIn data on the dark web has also become a high-profile data breach in 2021.

In April and June of 2021, LinkedIn suffered a data breach that affected 500 million LinkedIn members. A hacker claiming to be GOD User TomLiner posted a thread on RaidForums containing 700 million LinkedIn account records for sale. The post contained 1 million account records proving to be LinkedIn member information, and was examined by Privacy Sharks, which found that the leaked data included names, genders, email addresses, phone numbers and industry information.

LinkedIn insists that the database has not been compromised by an outsider.

But even so, the security implications of a LinkedIn user data breach are enormous, as the cached records could be used by criminals to brute-force account passwords, emails, and thus commit phone scams, phishing, identity theft, and other activities. More importantly, this data could form a social engineering “gold mine” where attackers could easily access the profile to obtain personal information of many target users and commit targeted fraud.

Critical Zero-Day Vulnerability

Critical zero-day vulnerabilities are a constant topic, but the 2021 malignancy begins with Log4Shell.

The Log4Shell vulnerability is a critical vulnerability in the Java logging library Apache Log4j that allows unauthenticated remote code execution (RCE) and complete server takeover, and is still actively exploited in the wild.

After the vulnerability (CVE-2021-44228) first appeared in the Minecraft game website, Apache hastily released a patch, but within 1 to 2 days, attacks gradually became rampant as threat actors attempted to exploit this new vulnerability. Since then, news about the additional exploit vector, the second vulnerability, the ferocity of the attack, and the expansion of the reach have dominated all the headlines in December.

NSO’s “zero-click” attack on Apple

In September, researchers discovered a zero-click vulnerability known as ForcedEntry be, which affected all Apple products including iPhone, iPad, Mac, and Apple Watch. The results showed that the vulnerability was exploited by NSO to install the infamous Pegasus spyware.

Although Apple has rolled out an emergency fix, Citizen Lab has observed NSO committing illegal surveillance activities through the iMessage channel, where the vulnerability was exploited.

Huge Zero-Day Vulnerability in Palo Alto Security Appliance

Researchers from Randori have developed an effective exploit to obtain remote code execution (RCE) on Palo Alto Networks’ GlobalProtect firewall via critical vulnerability CVE 2021-3064. Randori researchers say that if attackers successfully exploit the vulnerability, they can gain access to the target system’s Shell, access sensitive configuration data, extract credentials and more. “Once an attacker takes control of the firewall, they can access the intranet and continue to move laterally.” Thankfully, Palo Alto Networks patched the vulnerability the same day the information was disclosed.

Google Memory Zero-Day Vulnerability

In March 2021, Google rushed to fix a vulnerability in Chrome that was under active attack. The vulnerability is a post-release use vulnerability that allows remote attackers to exploit the vulnerability to build malicious WEB pages that trick users into parsing them and can crash applications or execute arbitrary code.

“By convincing a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial-of-service condition on the system,” IBM X-Force wrote in response to the vulnerability report.

Dell Kernel Privilege Vulnerability

Not long ago, researchers discovered five serious security vulnerabilities that had been hidden for 12 years in some Dell PCs, tablets and laptops, all of which were sold to the market around 2009. According to SentinelLabs, the vulnerabilities could bypass the protection of firewalls or other security products, execute code on the target device and laterally move through the LAN or Internet to infiltrate other devices.

The vulnerabilities are hidden in Dell’s firmware update drivers and could affect hundreds of millions of Dell computer devices, the researchers said. Multiple local elevation of privilege (LPE) vulnerabilities have existed in the Dell firmware update driver version 2.3 (dbutil_2_3.sys) module since 2009. The driver component processes Dell firmware updates through the Dell BIOS utility, which “pre-installs” the vulnerabilities on most Dell machines running Windows.

Software Supply Chain and Code Repository Crisis

The software supply chain is based on open source code repositories where developers can upload packages in a centralized location for developers to use when building various applications, services and other projects. They include GitHub, as well as more specialized repositories such as the Node.js Package Manager (npm) code repository for Java, RubyGems for the Ruby programming language, and the Python Package Index (PyPI).

While providing convenience, these package managers have also become a whole new supply chain threat, as anyone can upload code to them, which in turn can unknowingly seep into all kinds of applications.

More importantly, a single malware package can be embedded in different projects such as crypto miners, information stealers, and further infections, making the remediation process extremely complex.

Because of the simplicity of the operation and the extreme severity of the damage, cybercriminals have flocked to it. For example, in December a series of 17 malicious packages were discovered in npm, all built to target the virtual meeting platform Discord in order to steal Discord tokens and thus take over accounts.

Also that month, three malware packages hosted in the PyPI code repository were discovered with a total of more than 12,000 downloads and may have infiltrated various application installations. The packages included a Trojan horse used to create a backdoor in the victim’s device and 2 information-stealing programs.

The researchers also found 17,000 unpatched Log4j Java packages in the Maven Central ecosystem, making the significant supply chain risk posed by the Log4Shell exploit apparent. The Google security team said it could take years to fix the entire ecosystem.

Crafty ransomware variants

In 2021, ransomware is a growing threat, with increasing levels of sophistication and innovation in this type of cybercrime. Malware used to lock files is no longer simply a matter of adding an extension to the target folder. There are three major discoveries regarding ransomware variants and advancements, as follows.

HelloKitty: targeting virtual machines

In June 2021, researchers made public for the first time a type of Linux encryptor used by the HelloKitty ransomware gang.

HelloKitty, which was behind the February attack on video game developer CD Projekt Red, developed a number of Linux ELF-64 versions of ransomware to attack VMware ESXi servers and the virtual machines (VMs) running on them.

VMware ESXi (ESX), a bare-metal hypervisor, can be easily installed onto a server and partitioned into multiple VM systems. While this makes it easy for multiple VMs to share the same hard drive storage, it increases the risk of attacks on the system. Since multiple virtual machines share the same storage system, an attacker can directly compromise multiple server systems once the data is locked.

MosesStaff: The “missing” key

In November, a group called MosesStaff launched an attack on Israeli institutions that eventually brought down the Israeli network.

Unlike typical cyber extortion cases, MosesStaff does not seek money; it goes to great lengths to encrypt networks and steal information, but only for political reasons. The group also remains active on social media, posting inflammatory messages and videos through various channels and letting the outside world know what it is doing.

Epsilon Red targets Exchange servers

In June, researchers discovered that an attacker had deployed new ransomware based on a set of PowerShell scripts that were developed to exploit vulnerabilities in unpatched Exchange servers.

The Epsilon Red ransomware, which was discovered during an attack on a U.S. hotel company, was named after an unassuming enemy character from the X-Men Marvel comics, a Russian super-soldier with four mechanical tentacles.

Researchers said the ransomware’s intrusion pattern is different from typical ransomware. While the malware itself is a 64-bit Windows executable program programmed in the Go programming language, its delivery system relies on a series of PowerShell scripts.

Gaming Security

For the second year in a row, gaming security is in the spotlight, likely because the global epidemic epidemic has pushed up demand for games and cybercriminals are targeting the space. In a recent Kaspersky survey, nearly 61 % of people have experienced something like ID theft, fraud or theft of in-game valuables. Some of the related incidents are outlined below.

SteamHide fiasco

In June 2021, malware called SteamHide emerged, using profile avatars from the gaming platform Steam to spread.

According to G Data’s research, the malware does not infect Steam directly, but uses it as a distribution channel. steamHide first spreads via email and then quickly infects the Steam platform on the target device, with an image containing the malicious code replacing the original Steam profile avatar. When a user’s friends access this avatar, they are automatically infected with SteamHide.

In fact, steganography is not a new technology, but the idea that SteamHide could use steganography and Steam platform friend access to commit cybercrime is still shocking.

Twitch Source Code Leak

In October 2021, an anonymous user posted a link to 125 GB of data on 4chan, containing all of Twitch’s source code dating back to its inception, including user comments, user payment information, and more.

The attackers claimed to have ransacked everything on Twitch’s live streaming platform, and Twitch confirmed the veracity of the story. Thankfully, the attackers did not seek money and launched the attack solely to vent their frustration with Twitch’s rules, which they hoped would improve Twitch’s user rules.

The Steam Stealing Discord Scam

In November, a new scam began spreading on Discord, which allows cybercriminals to access Steam account information and use the account’s useful data to commit fraud.

Discord scams targeting gamers are commonplace, but it’s playing with a new twist. Researchers note that the new model spans Discord and Stream gaming platforms, with scammers offering so-called free subscriptions to Nitro (a Discord plugin that enables avatars, custom emoticons, profile badges, larger uploads and server boosts, etc.) in exchange for links to both accounts.

The target user will receive a malicious link on Discord describing a number of benefits, including access to free games or game props, and all the user needs to do is “link your Steam account”. Clicking on the malicious link takes the user to a fake Discord page with a button that reads “Get Nitro”. Once the victim clicks the button, the site appears to serve a pop-up ad similar to the Steam page, but the researchers explained that the ad is still part of the malicious site.

The tactic is designed to trick users into thinking they are being taken to the Steam platform to enter their login information, when in fact, the scammers are ready to receive your account data.

PlayStation3 was Ban’d

In June 2021, due to Sony’s negligence, a folder containing the serial numbers of all Play Station 3 consoles was placed online in clear text. This provided an opportunity for unscrupulous elements to take advantage of the situation, causing some PlayStation 3 players to have their consoles directly Baned and unable to use them normally.

In mid-April 2021, a Spanish YouTuber named The WizWiki discovered that Sony had left a folder containing all PS3 console IDs online with no security to speak of. And by June, gamers on PlayStation Network message boards began complaining that they couldn’t log in.

Users speculated that the threatened individuals were using stolen PS3 console IDs for malicious purposes, resulting in legitimate players being banned. However, Sony did not confirm that there was a necessary connection between the two.

Zodiac killer password finally cracked

The “Zodiac Killer” code, which has plagued the U.S. police for more than half a century, was cracked by a team of mathematicians in December 2020.

The serial killer reportedly murdered at least five people in and around the Northern California area in the late 1960s and early 1970s. The hitherto unnamed killer sent four strings of encrypted messages to local newspapers and media bragging about his crimes and containing mysterious icons, earning him the nickname “The Zodiac.

The first cipher was quickly deciphered, but the 340 Cipher, named after the 340 character, was even more difficult to decipher. Australian mathematician Sam Blake calculated 650,000 ways to decipher it. A Belgian warehouse operator, Jarl Van Eycke, wrote a software to break the code. This unique code-breaking method has an echo and has been officially confirmed by the FBI.

While the name of the mysterious serial killer is still unknown, this breakthrough represents a victory for access control and segmentation in cryptography and network security.

As 2021 comes to a close and we’re heading into a more promising new year, this list of cybersecurity statistics can help stay ahead of the security and privacy game in the next 12 months.

Here are 22 of the most impactful cybersecurity stats to know in 2022.

1. 2021 saw the highest average cost of a data breach in 17 years, rising from $3.86 million to $4.24 million per year.

2. Driven by the new crown epidemic, telecommuting has had a direct impact on the cost of data breaches, with the average cost of a data breach being $1.07 million higher.

3. The most common cause of data breaches is the theft of user credentials. As a common attack vector, these caused 20 % of the breaches, and the average cost of these breaches was $4.37 million.

4. By mid-2021, IT management software provider Kaseya’s systems were compromised by the Sodinokibi ransomware, with the perpetrators demanding a ransom of $70 million, the largest ransomware fee ever demanded.

5. Phishing attacks were associated with 36 % of the exploits, an increase of 11 %, which may be partly due to the new crown epidemic. As expected, threat actors have been observed to adapt their phishing campaigns to readily available news releases.

6. Social engineering attacks are the most serious threat to public administration, accounting for 69 % of all public administration breaches analyzed by Verizon 2021.

7. Shortly after the disclosure of Log4Shell, a critical vulnerability in the Log4j logging utility, in December 2021, ESET detected and blocked hundreds of thousands of exploitation attempts, most of which were located in the United States and the United Kingdom.

8. 2021 saw an incredible increase in Android banking malware detection. t1 grew by an incredible 158.7 % and t2 continued to grow by 49 %. This should be seen as a worrying trend, as banking Trojans have a direct impact on the financial situation of their targets.

9. 4 years on, WannaCryptor (also known as WannaCry) is still a global threat that cannot be ignored. In T2, the infamous Trojan compromises machines vulnerable to the EternalBlue exploit, topping the ESET ransomware detection charts at 21.3 % of detections.

10. cryptocurrency investment scams are as popular as ever. between October 2020 – May 2021, victims were scammed out of over $80 million. The actual number is expected to be higher, as many people are ashamed to admit they were scammed.

11. Cryptocurrencies have been the payment method of choice for cybercriminals for some time, especially when it comes to ransomware. As much as $5.2 billion in outgoing Bitcoin transactions may be related to ransomware spending involving the top 10 most common ransomware variants.

12. In early 2021, the infamous Emotet botnet, one of the longest-lasting and most pervasive malware threats, was disrupted in a massive global law enforcement operation. Approximately 700 command and control servers were taken offline during the bankruptcy.

13. The Cyber Security Workforce Estimate assesses the number of cybersecurity professionals available globally and estimates the pool of experts to be approximately 4.2 million in 2021. This is an increase of 700,000 compared to the previous year.

14. the same study also concluded that the cybersecurity workforce gap has decreased for 2 consecutive years. in 2020, the number of additional cybersecurity experts needed by organizations to protect their assets is 3.12 million, but that number shrinks to 2.72 million in 2021.

15. To make up for the shortage of cybersecurity professionals needed to effectively protect organizations’ critical assets, the global cybersecurity workforce must grow by 65 %.

16. A total of 82 % of organizations admit to having increased their cybersecurity budgets in the past year, with these funds accounting for up to 15 % of total IT spending.

17. In recent years, threat actors have shifted from infecting systems with ransomware to double extortion, in which case they also threaten to compromise data and release it to the public or sell it. The threat of leaking stolen data has increased dramatically, from 8.7 % in 2020 to 81 % in the second quarter of 2021.

18. The total cost of fixing ransomware attacks has increased significantly. While the cost in 2020 is $761,106, the total cost of fixing a ransomware attack soars to $1.85 million in 2021.

19. the number of distributed denial of service (DDoS) attacks is also trending upward, due in part to the new crown epidemic. more than 10 million attacks occurred in 2020, an increase of 1.6 million over the previous year.

20. in 2020, the FBI’s Internet Crime Center (IC3) received a record 791,790 cybercrime complaints, with reported losses of approximately $4.2 billion.

21. According to the latest available data from the FBI, business email compromise (BEC) scams remain the most costly cybercrime, with losses set to exceed $1.86 billion in 2020. By comparison, the second most costly scam is trust/love fraud, with recorded losses of “only” about $600 million.

Seniors are disproportionately affected by cybercrime, as approximately 28% of fraud losses are caused by victims over the age of 60, with losses to older victims of approximately $1 billion.