Since devices are connected to the internet more than ever before, exploiting vulnerabilities to cross privilege boundaries has become common. Recently, Recorded Future and Insikt Group released the H1 2021: Malware and Vulnerability Trends Report, which talks about how the marketplace for ransomware matured as more operators began hiring affiliates to increase the effectiveness of their attacks.
With innovative techniques and sophisticated tools, threat groups exploit flaws to deliver, distribute and execute malicious code onto vulnerable systems. Given this scenario, proactively identifying malware and patching vulnerabilities is fundamental to bolstering network and application security posture.
Despite attempts to fortify the systems and maintain stringent security hygiene, the first half of 2021 witnessed several notable cyber incidents that gained mainstream attention due to their wide effect and novel techniques used in attacks.
The modus operandi of the threat actors in these notable incidents was to take advantage of critical vulnerabilities to deploy malware onto compromised systems such as Accellion FTA software, Microsoft Exchange Servers, macOS, and QNAP devices. Ransomware operators have demonstrated increased sophistication by adding DDoS to their attacks, targeting Linux systems, rapidly exploiting newly disclosed vulnerabilities, and even targeting zero-day vulnerabilities in attacks.
Highlighting the botnet activity investigation and taking down of Emotet botnet in January 2021, the report reveals how it opened a gap in the botnet space. This gap, in turn, gave rise to the use of other bots, including Trickbot, IcedID, BazarLoader, and Qakbot over the last quarter.
Deliberating on the trends within the vulnerability landscape, the report stated that vulnerabilities in corporate software were more frequently targeted than consumer-grade software, and high-risk vulnerabilities across major vendors spiked in the first half of the year.
Microsoft and Apple Most Targeted
Microsoft products being most commonly used have historically been a major target of vulnerability exploitation; in early 2020, Microsoft dominated the list of high-risk vulnerabilities. However, in Q1 2021, Microsoft’s high-risk vulnerabilities accounted for less than 25% of the total 39.
According to the report, the number of high-risk vulnerabilities in Recorded Future’s data set spiked from 39 in Q1 to 70 in Q2 2021. The number of vulnerabilities reported to be exploited jumped from 17 to 34.
PrintNightmare, with assigned CVE-2021-1675, was most referenced for the quarter, affecting the Windows print spooler service, largely due to Microsoft’s failure to initially patching the flaw, which is unusual for the company. However, Microsoft has now fixed these vulnerabilities and made an announcement in its September 2021 Patch Tuesday advisory.
Apple, known for its inherent security features in its products, was among the highly affected vendors. In Q2 2021, attackers exploited vulnerabilities in Apple’s MacOS, Safari, iPhone OS, iPad OS, tvOS, and WatchOS. Earlier this week Apple released security updates for two critical zero-day vulnerabilities, tracked as CVE-2021-30860 and CVE-2021-30858. In an urgent update, Apple has urged its customers to run the latest software updates for the fixes to take effect by installing iOS 14.8, MacOS 11.6 and WatchOS 7.6.2.
Threats to Expect
As per the threat analysis:
- Ransomware will continue to make headlines, with its evolution and development in the ransomware market.
- Apple products will continue to be susceptible to more vulnerability exploitation.
- Botnet malware delivery may see a surge.
For more information, download a copy of the report here.