CrowdStrike has revealed its yearly threat report which indicates there was a serious boost in data leaks subsequent to ransomware attacks in 2021, growing by 82% from 2020. There were 2,686 ransomware attacks documented in 2021 as compared to 1,474 in 2020. The weekly average of ransomware attacks in 2021 is over 50.
Ransomware groups at the same time demanded bigger ransom payments in 2021, greater by 36% in 2021 in comparison to 2020. $6.1 million was the average ransom demand in 2021. The healthcare market was widely attacked by ransomware groups in 2021, though many threat actors claimed they wouldn’t execute attacks on healthcare companies. CrowdStrike monitored 154 ransomware attacks on healthcare companies in 2021, higher than 94 in 2020. Healthcare was number 6 out of all industry markets for information leaks. It was number 4 in 2020.
CrowdStrike mentioned the threat landscape has become far more jampacked in 2021, with many new adversaries appearing which include threat actors that have earlier not been greatly engaged in cyberattacks for example Colombia And Turkey. CrowdStrike found 21 new adversaries in 2021, with considerable growth in China-nexus And Iran-nexus threat actors.
A threat group monitored as Wizard Spider was one high-profile ransomware actor in 2021. Carbon Spider focused on big game hunting, Cozy Bear concentrated on attacking cloud systems, Prophet Spider employed the Log4j exploit for collection of credentials from online workspace services, and Aquatic Panda focused on the Log4j vulnerability and employed the Log4Shell exploit to obtain remote code execution on victims’ environments.
Iran-nexus actors substantially employed lock-and-leak tactics. Russian threat actors progressively attacked online environments. China-nexus threat actors concentrated on taking advantage of new vulnerabilities. CrowdStrike mentioned there was 6 times more vulnerability exploitation in 2021. Ten known adversaries or activity groupings engaged in those attacks. Merely 2 vulnerabilities were taken advantage of by Chinese threat actors in 2020, as opposed to twelve in 2021.
As of 2020, ransomware groups were exfiltrating sensitive information before encrypting files and were employing double extortion techniques on their victims. Victims are forced to pay money to get the keys to decrypt data files and to avert the exposure of the stolen information on data leaks websites. Though ransomware attacks were very common, there was furthermore a rise in data theft and extortion without the usage of ransomware and there was a lively market for vending stolen data on hacking communities and darknet portals.
Malware is frequently employed in cyberattacks nevertheless attackers are more and more evading the usage of malware and are employing legit credentials to gain access to systems and then living-off-the-land techniques, where current system tools are utilized as opposed to malware to evade security methods. In 2021, merely 38% of cyber attacks employed malware, 62% of attacks have nothing to do with malware.
CrowdStrike believes web-related threats will be more commonplace and grow in 2022 as threat actors choose targets that present direct access to big combined stores of high-value information. Threat actors are furthermore possible to broaden their tool arsenal to comprise of mobile malware 9nm 2022, and it is remarkably possible adversaries will still search for weaknesses in platforms employed by their targets in 2022.
To combat these threats, CrowdStrike proposes understanding the adversaries that are recognized to target your market, as this can enable you to better get ready for attacks. It is critical to secure all workloads and have a proven response plan to permit quick action to be undertaken in case of an attack. The rate of the response frequently dictates whether or not mitigations become successful or not.
Cloud misconfigurations are typically taken advantage of to obtain access to sizeable data storage. One strategy to lessen the risk of human error is to create new accounts and infrastructure making use of default patterns. Though it is necessary to employ technical steps to identify and discontinue attacks, it is furthermore crucial to invest in user awareness plans, as end-users may play a major role in avoiding data breaches, specifically identifying and averting phishing attacks and social engineering techniques.