April, 2022 - Jason Steer - Recorded Future
Following announcements from various global organisations such as the FBI, UK NCSC etc businesses are on heightened level of alertness in anticipation of an increasing cyber attacks from pro and anti-Russia groups. Whilst few organisations are targets, most are worried about being collateral damage as we have seen with with global events such as Notpetya and wannacry aas two such global cyber incidents. We highlight two key areas every organisation is considering currently as risks to their organisation.
The 2021 vulnerability threat landscape was defined by high-profile incidents involving integral vendor software that led to widespread data breaches and malware attacks. With timing reminiscent of the SolarWinds Orion SUNBURST backdoor disclosure in December 2020, the most serious vulnerability of 2021, commonly known as “Log4Shell” and tracked as CVE-2021-44228, was first publicly disclosed on December 9, 2021.
Other major vulnerabilities throughout the year were identified affecting Microsoft Exchange and Windows Print Spoolers, VMware vCenter, legacy Accellion FTA, and the IT management company Kaseya’s Virtual System Administrator.
High-risk vulnerabilities and actively exploited vulnerabilities disclosed in 2021 affected products belonging to a more diverse array of parent companies than prior years. Outside of the top 10, which mainly affected Microsoft products, serious actively exploited vulnerabilities were also identified affecting products from Linux, Google, Pulse Connect Secure, and Apple, among others.
Contrary to our findings in previous years (2020, 2019, 2018), none of the top exploited vulnerabilities of 2021 were recycled vulnerabilities disclosed in prior years.
During the last 2 years, ransomware has been dominating cybersecurity headlines around the world. It is no longer only being discussed within the security community but is recognized as a systemic threat across most industries and geographies. Terms like RaaS (ransowmware-as-a-service) and REvil have even entered the mainstream news.
Historically, both technical and non-technical reporting has primarily focused on actual ransomware attacks. Gathering knowledge about victims, ransomware groups, their affiliations and extortion strategies, TTPs, and IOCs helps to protect against them through prevention and detection. However, discussed less frequently and less systematically are law enforcement actions taken against ransomware operators and their co-conspirators, which have become an important pillar to combat the threat.
This report looks at international law enforcement operations and is based on data collected over the last 2 years. We first address common difficulties faced by law enforcement, then outline trends and observations by distinguishing between different types of law enforcement activities, and finally provide a timeline of all events.
While 2021 was globally seen as the year of ransomware attacks, it was also the year of law enforcement operations against ransomware. According to public reporting, there were 38 law enforcement operations in 2021, compared to only 4 in 2020.
Through this report, we aim to create an overview of the status quo and to better understand the effectiveness of law enforcement in the medium term. Read Report
If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:
By email:
secretary@iisf.ie
By post:
David Cahill
Information Security
GPO, 1-117
D01 F5P2
Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland
Invitations for Annual Sponsorship of IISF has now reopened.
Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more