Tenable’s 2021 Threat Landscape Retrospective

Key Takeaways

Evolution of the perimeter:
Adoption of cloud solutions, software and infrastructure as a service, and the increasingly complex service provider ecosystem all continue to challenge traditional conceptions of the perimeter. However, traditional perimeter devices like VPNs remain valuable targets for attackers.

Patching problems:
Staying on top of patching assets is difficult enough, but in 2021 it was even more challenging due to incomplete patches, miscommunications from vendors and patch bypasses, making it even harder for defenders to stay on top of securing critical systems.

Majority of zero-days exploited in the wild
83% of zero-day vulnerabilities disclosed in 2021 were exploited in attacks with web browser zero-days accounting for over 30% of them.

Ongoing risks of interconnection:
Code and library re-use have resulted in vulnerabilities persisting for years across potentially millions of sensitive operational technology (OT) devices. Software libraries and network stacks used commonly amongst OT devices often introduce additional risk when security controls and code audits are not in place.

Misconfigurations increase risk:
Cloud and Active Directory (AD) misconfigurations are low hanging fruit for threat actors. Openly accessible cloud databases and overly permissive AD configurations give attackers access to an organization’s most sensitive information.

Attackers target AD environments:
Threat groups, particularly ransomware, have increasingly exploited vulnerabilities and misconfigurations in Active Directory.

Surging ransomware attacks:
Ransomware attacks increased in both volume and sophistication. Ransomware groups leveraged zero-days and legacy vulnerabilities alike to target sensitive sectors like healthcare, education and the physical supply chain.

Physical and software supply chains under attack:
Supply chains of all kinds were targeted by diverse threat groups in 2021. Ransomware groups favored physical supply chain disruption as a tactic to extort payment while cyberespionage campaigns exploited the software supply chain to access sensitive data. And 61% of security leaders reported that their organization was exposed to increased risk related to its expanding supply chain.

Data breaches continue to increase:
Over 2.5 times as many breaches were reported in 2021 than in 2020. Additionally, there was a 78% increase in the number of records exposed.