1. Comment
February 25, 2022

Cybersecurity: Top trending companies on Twitter Q4 2021

Verdict has listed five companies that trended the most in Twitter discussions related to cybersecurity, using research from GlobalData’s Technology Influencer platform.

The top companies are the most mentioned companies among Twitter discussions of more than 150 cybersecurity experts tracked by GlobalData’s Technology Influencer platform during the fourth quarter (Q4) of 2021.

Companies trending in cybersecurity discussions: The top five

1. Microsoft Corp – 765 mentions

Microsoft releasing updates to fix security bugs in its Windows operating systems and other software, hackers discovering a new technique to bypass a key Microsoft Office patch, and the company’s plans to reduce cybersecurity worker shortage by 2025 were some of the popular discussions in Q4 2021.

Brian Krebs, an investigative reporter, shared an article on Microsoft releasing upgrades to fix  55 security flaws in its Windows operating systems and other software. Two of the patches were released to address the vulnerabilities being used in active online attacks. Microsoft also made four security bugs public before the release, the article noted. The zero-day bugs included a security feature bypass flaw, the CVE-2021-42292, in Microsoft Excel versions 2013-2021, which allowed hackers to install malicious code by tricking people to open an Excel file.

The other zero-day security bug was the CVE-2021-42321 in Microsoft Exchange Server, which was used to hack into several organisations using Microsoft Exchange Servers to retrieve emails. Two other vulnerabilities disclosed before the release of the patches were the CVE-2021-38631 and CVE-2021-41371, the article further detailed. The two vulnerabilities involved security flaws in Microsoft’s Remote Desktop Protocol (RDP), the company’s remote administration tool, running on Windows 7 through Windows 11 systems and on Windows Server 2008-2019 systems. The flaws allowed hackers to see the RDP password for the exposed system.

Microsoft is a technology company headquartered in Redmond, Washington, US. The company’s security products include Microsoft 365 Defender, Microsoft Defender for Cloud, Microsoft Defender for Endpoint, Microsoft Defender for the Internet of Things (IoT), and Microsoft Sentinel.

2. Alphabet Inc – 452 mentions

Google’s first-ever Cybersecurity Action Team Threat Horizons report, the company’s research on how basic account hygiene can prevent hijacking, and the company detecting hackers using an old Mac exploit to target Hong Kong users were popularly discussed in the fourth quarter.

Dr Anton Chuvakin, a security solution strategist at Google Cloud, shared an article on Google’s first-ever Cybersecurity Action Team Threat Horizons report revealing that cloud users are usually targeted by ransomware, coin mining, and advanced persistent threats (APTs). The report highlighted insights provided by several teams, including the Google Threat Analysis Group (TAG), Google Cloud Security and Trust Centre, Google Cloud Threat Intelligence for Chronicle, Trust and Safety, and other teams, the article detailed.

The report highlighted that most cloud customers are faced with vulnerabilities due to poor tracking, scanning, and a lack of basic control implementation. Google’s internal security teams are now working on responding to cryptocurrency mining abuse, ransomware, and phishing attacks, the article noted. The report further revealed that the threat landscape was more complex in 2021, with several cyberattacks exposed by Google researchers including a phishing attack carried out by APT28/Fancy Bear backed by the Russian government in September that the company blocked.

Headquartered in Mountain View, California, US, Alphabet is the holding company of Google, life sciences company Verily Life Sciences, venture capital firm GV, biotech company Calico, and research and development company X. Google is the biggest subsidiary of the holding company.

3. Meta (formerly Facebook) – 313 mentions

Discussions around Meta (previously Facebook Inc) included the company’s plans to pay hackers to report scraping vulnerabilities across its platforms, the Irish Data Protection Commission (DPC) stating that the company is trying to bypass the General Data Protection Regulation (GDPR), and private surveillance groups being prohibited from using the platform for spying on individuals.

Bob Carver, the principal of cybersecurity threat intelligence and analytics at telecommunications company Verizon, shared an article on Meta’s plan to reward researchers to report bugs that enable attackers to evade data scraping restrictions and data scraping datasets online. Automated activity is designed to scrape public and private data from every website or service, but scrapers such as harmful scripts, websites or apps are constantly finding ways to escape detection against security protocols, according to Dan Gurfinkel, a security engineering manager at Meta.

The company is planning to compensate hackers who can report on scraping bugs across its platforms and detect unprotected or open databases that incorporate at least 10,000 unique user profiles with personally identifiable information (PII) such as phone numbers and e-mails. The move was initiated by the company in order to check unauthorised scraping and aims to reduce the abuse of users’ personal data such as the Cambridge Analytica data scandal that led to Meta users’ personal information being used for political advertising, the article highlighted.

Meta is a technology company headquartered in Menlo Park, California, US. The company specialises in areas such as social networking, artificial intelligence (AI), virtual reality (VR), machine learning (ML), augmented reality (AR), marketing science, mobile connectivity, and open compute.

4. Intel Corp – 119 mentions

An Intel-patched vulnerability in processors enabling attackers to access cryptographic keys, and the company investigating a huge data breach that exposed 20GB of its restricted and private data were some of the popular discussions in the last quarter of 2021.

Ken Westin, director of security strategy at cybersecurity technology company Cybereason, shared an article on how an Intel central processing unit (CPU) flaw named the CVE-2021-0146, which was recently patched, allowed attackers to target cryptographic keys. The security vulnerability affected Pentium, Celeron, and Atom CPUs on mobile, desktop and embedded devices, the article noted. The processors are also present in several cars, including those manufactured by Tesla. Identified by Positive Technologies, a Russian cybersecurity firm, the vulnerability is related to a debugging function with extreme privileges that is not secure. The flaw can also target attacks across a supply chain, the researchers added.

Intel Corp is a semiconductor company headquartered inSanta Clara, California, US. The company offers a key foundation of security across platforms with processors integrating advanced cryptography, such as Intel Crypto Acceleration, Intel BIOS Guard, and Intel Boot Guard.

5. Cisco Systems Inc – 115 mentions

Cisco’s commercial threat intelligence team Cisco Talos warning US companies about a new Babuk ransomware variant, security flaws in Cisco firewalls leading to a denial-of-service (DoS) attack, and the company being recognised as a potential cybersecurity incident response services provider were some of the popular discussions in Q4 2021.

Meredith Corley, a security communications leader at network security provider Cisco, shared an article on security researchers at Cisco Talos discovering a new Babuk ransomware variant targeting Microsoft Exchange servers. The researchers believe that the variant has been active since July 2021 and has a unique infection chain technique. Researchers added that the first infection route exploited the ProxyShell weaknesses in the Microsoft Exchange Server while deploying the China Chopper web shell, a tool that enables hackers to gain access to a target system. The Babuk ransomware normally attacks hardware and software systems, although the new variant is targeting Windows, the article detailed. It encrypts the victim’s machines, disturbs the systems backup function, and eventually deletes the volume shadow copies.

Cisco Systems is a communications and information technology company headquartered in San Jose, California, US. The company offers internet protocol-based networking devices and services including optical networking, access points, outdoor and industrial access points, next-generation firewalls, advanced malware protection, VPN security clients, email, and web security services.