The most malicious cyber security threats of 2021

It would be impossible to discuss the top cyberthreats of 2021 without mentioning the COVID-19 pandemic. Apart from the obvious dangers to human health and the economic impact, the pandemic fundamentally altered the digital world this year, including how we work and how we spend our free time online.  

As travel ceased, most businesses and services had to switch to primarily online operations. These who were already online had to expand, introducing entirely new processes into their workflows. This rapid shift opened organizations up to cyber threats on a larger scale than ever before.

In 2020, a staggering 31% of global companies were attacked by cyber criminals at least once per day. Over 1,000 had sensitive data stolen and publicly leaked by ransomware gangs. And even when a return to office life is possible, it seems clear that digital operations will remain far more prevalent than in previous years. Understanding the cyber threat landscape is key to staying safe online.  

A cyber threat is a malicious act — or just the possibility of one — that seeks to damage or steal data, or to otherwise disrupt computer networks and systems. Common cyber threats include computer viruses, software vulnerabilities, distributed denial of service attacks (DDoS), and social engineering techniques, such as phishing. Even “offline” events like natural disasters can be considered a cyber threat, as they put systems and data at risk.  

Cyber threats may come from a variety of sources, including:

1. Criminal gangs
2. Nation-states
3. Corporate spies
4. Disgruntled insiders
5. Individual hackers

No matter the source, cyber threats are a massive hazard. They threaten not only business health and operations, but even our daily life in this increasingly-digital world. And with AI and automation making cyberattacks easier to carry out, effective cyber protection is critical.  

Malicious applications that encrypt — and often steal — sensitive data continued to be a top cybersecurity threat in 2021. According to a report from cyberinsurance provider Coalition, ransomware was responsible for 41% of all cyberinsurance claims this year.

Data is increasingly at the forefront of business operations and decision-making, no matter the industry. Its loss, even temporarily, can have massive financial and reputational damage. Cybercriminals are well aware of this, and their continued strikes and massive ransom demands are indicative of the fact that data recovery is, indeed, worth millions of dollars to many organizations.

Massive news events lead to a surge in people searching for information online, and the COVID-19 pandemic has been no exception. Those seeking answers — What’s the latest news? How can I stay safe? How do I get financial aid? — had to contend with a huge number of scams and other exploits.

Cybercriminals have taken tried-and-true cyber threats, such as phishing campaigns and malicious email attachments, and themed them after the pandemic. By exploiting anxieties and a general sense of urgency, such attacks often succeed in getting victims looking for answers and assistance to put their better judgment aside.  

The COVID-19 pandemic has significantly changed the cyber threat landscape. Work-from-anywhere has become the new normal, and 92% of global organizations adopted new technologies this year to facilitate the switch to remote operations. While this has created plenty of new opportunities for vendors, it also highlights the numerous security and privacy risks associated with remote work.

Tools that enable collaboration and remote access to internal company servers are ripe attack targets for cybercriminals, and the rush to adopt new technologies — as well as budgetary and IT staff limitations — has resulted in many organizations pressing forward without properly vetting and configuring their new solutions. As a result, cyberattacks on these targets are frequently successful.   

With data at the core of every business — and remote access and collaboration tools increasingly necessary — it’s clear that IT services are no longer optional. Many organizations, especially small and medium businesses, rely on managed service providers (MSPs) for these needs.

It’s no wonder, then, that cybercriminals increasingly see MSPs as a ripe attack target. By compromising a service provider, criminals gain access to potentially hundreds of their customers downstream — far more efficiently than going after SMBs one-by-one. Poorly-configured remote access software is of the most exploited attack vectors, though attackers also take advantage of software vulnerabilities and social engineering techniques to gain access to these providers — and ultimately, their clients.  

On July 18, Telecom Argentina — the country’s largest telecommunications provider — was hit by a ransomware attack that encrypted over 18,000 systems, including terminals with highly-sensitive data. The infamous Sodinokibi group demanded an initial ransom of $7.5 million, set to double if not paid within 48 hours.

Only a week later, Garmin — one of the world’s largest wearable device companies — began experiencing a major outage of services and production. Garmin later confirmed this was the result of a WastedLocker ransomware attack. The cybercriminals are believed to have demanded a $10 million ransom, which Garmin reportedly paid — although the company has not publicly verified this.

Canon, the multinational firm specializing in optical and imaging products, fell victim to the Maze ransomware in August. Many of the company’s internal systems were impacted, as was their U.S. website. The Maze operators appear to have stolen over 10 TB of data, including the Social Security numbers and financial account details of thousands of current and former Canon employees.

In April, the German state of North Rhine-Westphalia (NRW) fell victim to a phishing campaign targeting COVID-19 relief funds. Cybercriminals created a fake version of the NRW’s aid request website, and sent out emails directing Germans to the phony site. When victims filled out the “application,” the attackers captured this personal data and used it to submit their own aid requests through the real website. NRW officials reported that up to 4,000 falsified requests were ultimately granted by the government, resulting in as much as $109 million being sent to the scammers.  

The latest version of the notorious TrickBot malware was distributed in a phishing campaign, in which victims received emails that claimed to contain information about free COVID-19 testing. These messages directed users to fill out the attached “form,” which actually contained a malicious script that downloaded the payload after a delay (in order to better avoid detection by anti-malware solutions).  

As videoconferencing solutions saw explosive user growth this year, they also attracted a lot of unwanted attention from cybercriminals, many of whom immediately began analyzing these applications for exploitable weaknesses.  

By mid-April, multiple zero-day vulnerabilities in the Zoom virtual conferencing platform had been identified, and were listed in dark web markets — one exploit being sold for $500,000. Zoom was also the target of a large-scale phishing campaign in which cybercriminals sent out fake password-stealing meeting invitations, taking advantage of user dependency on (and unfamiliarity with) the service.  

Similar services were targeted as well. Users of both Microsoft Teams and Cisco Webex had to contend with phishing emails with “notifications” that pointed users towards fake, credential-lifting login pages. In one week, as many as 50,000 Microsoft 365 users were attacked in this manner.  

In June, the Canada-based Pivot Technology Solutions was impacted by a partially-successful ransomware strike. Though the attack didn’t manage to encrypt any systems, some personal data — including addresses, Social Insurance Numbers, and payroll information — regarding employees and consultants was exfiltrated.  

Global IT services and solutions provider DXC Technology announced in early July a ransomware attack against its Xchanging subsidiary, whose customers include companies in the insurance, financial services, healthcare, defense, and aerospace industries.    

With the pandemic still underway and driving business operational decisions, expect more of these same cyber threats in 2021. Work-from-anywhere is here to stay, and it’s unclear whether we’ll ever make a full return to traditional office setups.

With regard to ransomware, data exfiltration is poised to become bigger than encryption, as cybercriminals strive to maximize success rates and monetize every attack. Strikes against cloud services will only grow alongside the services’ own popularity, taking advantage of improper configurations and weaknesses in the supply chain. 

It’s also likely that we’ll continue to see huge increases in the volume and variety of more traditional cyber threats. Advances in automation and data mining allow cybercriminals to rapidly create and iterate new malware variants, using data from corporate websites and social media profiles to personalize each attack. Increased adoption of the internet of things (IoT) is increasing the attack surface dramatically, with smart devices and appliances often being poorly-protected.

With these challenges ahead, it’s important for businesses to invest in solutions that can meet the top cyber threats head-on and provide comprehensive cyber protection.

Anti-malware agents may stop a cyber threat in progress, but won’t be able to restore any compromised data. Backup agents won’t automatically know about a cyber threat, and data will be recovered slowly — assuming that it hasn’t been compromised. Security patches to fix vulnerabilities in popular software are released frequently, but these are inconsequential if not enabled across your workloads in a timely manner.

To address these issues, we recommend tools like Acronis Cyber Protect — an integrated solution that combines data backup, anti-malware, RMM, vulnerability assessment, and patch management capabilities into a single agent. This level of integration enables optimal performance, eliminates compatibility issues, and ensures rapid automated recovery in the event of a breach.