Cybercriminals often exploit leaked/stolen sensitive user information to perform various cyberattacks, including phishing and identity theft. The rising information leaks on dark web forums show that no one is immune to data breach incidents. As per research from Tenable, a cyber exposure company, over 40 billion records were exposed worldwide in 2021.
Tenable’s Security Response Team analyzed 1,825 data breach incidents disclosed between November 2020 and October 2021. The analysis included in the 2021 Threat Landscape Retrospective (TLR) report revealed an overview of the attack vectors, vulnerabilities, and insights that will help organizations prepare for the upcoming security challenges in 2022.
Some 21,957 common vulnerabilities and exposures were reported in 2021, representing a 19.6% increase over the 18,358 reported in 2020 and a 241% increase over the 6,447 disclosed in 2016. From 2016 to 2021, vulnerabilities increased at an average annual percentage growth rate of 28.3%.
The top vulnerabilities in 2021 include:
- CVE-2021-26855 — Proylogon, Microsoft Exchange Server
- CVE-2021-34527 — Printnightmare, Windows Print Spooler
- CVE-2021-21985 — VMWARE VSPHERE
- CVE-2021-22893 — Pulse Connect Secure
- CVE-2020-1472 — Zerologon, Windows Netlogon Protocol
Other key findings from the report:
- Ransomware had a monumental impact on organizations in 2021, responsible for approximately 38% of all breaches.
- 6% of data breaches were the result of unsecured cloud databases.
- Unpatched SSL VPNs continue to provide an ideal entry point for attackers to perform cyberespionage, exfiltrate sensitive and proprietary information, and encrypt networks.
- Threat groups, particularly ransomware, have increasingly exploited vulnerabilities and misconfigurations in Active Directory.
- When security controls and code audits are not in place, software libraries and network stacks commonly used amongst OT devices often introduce additional risks.
- Ransomware groups favored physical supply chain disruption as a tactic to extort payment, while cyberespionage campaigns exploited the software supply chain to access sensitive data.
- Health care and education experienced the greatest disruption from data breaches.
“Migration to cloud platforms, reliance on managed service providers, software, and infrastructure as a service have all changed how organizations must think about and secure the perimeter. Modern security leaders and practitioners must think more holistically about the attack paths within their networks and how they can efficiently disrupt them. By examining threat actor behavior, we can understand which attack paths are the most fruitful and leverage these insights to define an effective security strategy,” said Claire Tills, Senior Research Engineer, Tenable.