A new survey by cybersecurity specialist CrowdStrike Intelligence shows a marked increase in cybersecurity attacks in 2021, with an increasing threat coming from two countries: Iran and China. In total, CrowdStrike Intelligence counted 2,686 ransomware-related data leaks in 2021, an increase of 82% compared to 2020.
According to the 2022 version of CrowdStrike Intelligence’s annual Global Threat Report released in February, since late 2020, multiple Iran-based entities have massively stepped up their use of so-called “lock-and-leak” attacks to target organizations in the US, Israel, and elsewhere. In this type of attack, hackers use ransomware to target networks and then publish embarrassing or politically sensitive materials on dedicated leak sites, social media, and chat platforms.
The report also called out China, identifying it as the leader because of its exploitation of 12 new attack vectors developed in 2021. Chinese-based entities focused on several vulnerabilities in Microsoft Exchange and exploited vulnerabilities in routers and virtual private networks (VPNs) to gain access to numerous organizations worldwide; enterprise software products hosted on Internet-facing servers were also identified as popular targets.
In a trend being seen in a growing number of security-related surveys, this year’s report shows that hackers are devoting more focus to exploiting vulnerabilities as enterprises store more data and move more workflows to the cloud. Common cloud attack vectors used by malicious actors include cloud vulnerability exploitation, credential theft, cloud service provider abuse, and the use of cloud services to host malware and hijack “command and control” operations.
In addition to China and Iran, the CrowdStrike report also cautions that Russian operatives are getting more sophisticated in exploiting cloud vulnerabilities. Cozy Bear and Fancy Bear, two hacker groups affiliated with Russian intelligence agencies and linked to previous cyberattacks against US government and enterprise organizations, are specifically singled out for updating their methods to exploit emerging cloud-related vulnerabilities.
Looking at emerging vulnerabilities, CrowdStrike predicts that the next big threat may come from malware focused on smartphones and other mobile devices as a way to gain unauthorized access to bank accounts or to collect sensitive information. And once that happens, look out: history says that once vulnerabilities are identified by one group, small breaches lead to bigger breaches as other malicious actors look to exploit new points of attack before they are closed.