For many cybersecurity professionals, reviewing 2021 brings to mind the title of Christopher Koch’s seminal 1978 novel (and subsequent movie): “The Year of Living Dangerously.” This has been a year studded with spectacular successes on the part of threat actors, and commensurate setbacks on the part of defenders.
Perhaps the best/worst of these high-profile attacks in 2021 were those targeting private-sector companies considered part of national infrastructure. The scope and scale of these incidents not only stunned the victimized organizations, they also captured the attention of the global media and the mass audiences it serves. The most widely publicized of these cyber events involved ransomware attacks on mass producers in the energy, food supply, technology, and financial services sectors. The ransomware threat group REvil attacked Acer, JBS Foods, and others, while DarkSide actors crippled Colonial Pipeline, and Avaddon infiltrated insurance giant AXA.
Governments were compelled to respond to the attacks, with G7 countries and NATO allies putting cybersecurity at the top of the public policy agenda. U.S. President Joe Biden issued an Executive Order on “Improving the Nation’s Cybersecurity,” while the U.S. Department of Justice established a Ransomware and Digital Extortion Task Force.
Other threat campaigns proved just as devastating to victims, though perhaps because of their technical nature and more indirect impact on consumers, they generated fewer headlines. A Microsoft® Exchange Server zero-day vulnerability spiraled into a crisis after the HAFNIUM group exploited the flaw. Other threat actors were quick to capitalize on the opportunity by reverse engineering the patch and targeting organizations worldwide. The swift proliferation of HAFNIUM-style attacks reinforced the importance of keeping software up to date.
While attacks on large organizations dominated the 2021 news cycle, small to medium-sized businesses (SMBs) also suffered countless attacks, both directly and through the software supply chain. BlackBerry threat researchers discovered SMBs averaging 11 to 13 threats per device—a number much higher than among enterprise organizations.
“I’d Like to Thank…”
Threat actors owe their string of 2021 successes to a variety of factors. Many learned to adopt and mimic private-sector capabilities by utilizing service providers, intermediaries offering hack-for-hire capabilities such as ransomware-as-a-service (RaaS), infrastructure-as-a-service (IaaS), and malware-as-a-service (MaaS). Others sought to create a layer of separation and obfuscation between themselves and their targets by employing initial access brokers (IABs) to perform the initial breaches on their behalf. Still others sought to cover their tracks by impersonating the tactics, techniques, and procedures (TTPs) of unaffiliated threat groups.
Some threat actors turned to the adoption of novel programming languages to obscure their activities, with Go, D, Nim, and Rust making appearances across the threat landscape. As our BlackBerry Research and Intelligence Team documented so thoroughly in our new book, "Finding Beacons in the Dark: A Guide to Cyber Threat Intelligence", Cobalt Strike gained ground as perhaps the most pervasive and pernicious tool for building command-and-control networks to proliferate malware and attacks.
All the trends mentioned above are detailed in the new BlackBerry® 2022 Threat Report, released today. The report also points to areas of progress made by the cybersecurity defender community, including integrating security into next-generation connected vehicles, with the International Organization for Standardization (ISO), the Society of Automotive Engineers (SAE), and the United Nations (UN) providing firm guidance to automakers. In addition, the report speaks to several cybersecurity innovations and approaches that have emerged, offering stronger protection and greater resilience for many organizations. The report also offers prescriptive measures for those actively seeking to implement more effective security measures, such as adopting a Zero Trust framework and deploying prevention-oriented, AI-powered endpoint protection technologies, and migrating to XDR platforms or engaging a managed XDR team.
To learn more about the insights contained in the BlackBerry 2022 Threat Report, visit the report home page.