The threat landscape in 2021 (2023)

The threat landscape in 2021 (1)

Team of threat huntersSymantec

Consciously:6 minutes readThreat Intelligence



Symantec analyzes the cybersecurity trends that shaped the year

From the evolving ransomware ecosystem to attacks on critical infrastructure, Symantec analyzes theCybersecurity trends that shaped 2021.

A new white paper from Symantec, a division ofSoftware Broadcom, looks at some of the top threats that will shape the threat landscape in 2021.

Ransomware was arguably the most significant threat facing businesses in 2021, with some ransomware operators exiting the scene, new ones arriving, and honing business models and tactics to make targeted ransomware more profitable than ever.

Ransomware was not the only threat, however, as supply chain attacks, an increase in the number of attackers exploiting vulnerabilities in public applications, and attacks on critical infrastructure also shape the threat landscape in 2021.

data theft

Ransomware, or more specifically, targeted ransomware, was the most dominant threat making headlines in 2021. Ransomware gangs have moved into target entities with a wide network of downstream users. These upstream entities included large software developers and organizations involved in critical infrastructure, as seen in the Kaseya and Colonial Pipeline attacks. The attack on managed service providers (MSPs) also gave attackers the ability to potentially infect thousands of victims by compromising just one.

While the total number of ransomware attacks detected and blocked by Symantec continues to decline in 2021, as in previous years, that doesn't mean ransomware activity is becoming any less threatening. This downward trend is due to a significant decline in relatively simple and indiscriminate ransomware attacks and threat actors shifting their focus to larger organizations where they can cause more disruption and demand higher ransoms. The number of these targeted ransomware attacks increased from around 80 in January 2020 to over 200 in September 2021.

(Video) Cybersecurity Awareness - The Threat Landscape
The threat landscape in 2021 (2)

This increase in targeted ransomware attacks is due in part to two relatively recent developments: the rise of so-called Initial Access Brokers (IABs), threat actors who sell access to compromised networks to the highest bidder, which have recently evolved into targeted ransomware attacks; and an increase in ransomware-as-a-service (RaaS), a subscription-based model that allows individuals or gangs, known as partners, to use off-the-shelf ransomware threats in their attacks.

The RaaS model greatly increases the number of adversaries a company faces, as multiple attackers are now attempting to distribute the same ransomware but using different Tactics, Techniques and Procedures (TTPs).

Due to the growth of the RaaS market, affiliates now have the option to migrate to another ransomware when the current one is terminated. Next to,Symantec pointed this outaffiliated companies using two different types of ransomware in a very short time and in some cases during the same attack. This suggests that some partners are reputable enough not to be tied to an exclusive contract with a ransomware operator.

While the total number of ransomware attacks detected and blocked by Symantec continues to decline in 2021, as in previous years, that doesn't mean ransomware activity is becoming any less threatening.

Botnets are also now playing a key role in ransomware attacks, and many legacy financial fraud botnets are being repurposed to proliferate ransomware. In some cases, the same threat actor is behind the ransomware and the botnet. For example, Trickbot is believed to be controlled by the miner group (aka Wizard Spider), which is also linked to Ryuk and Conti ransomware.

Another lesson of the year in terms of ransomware was operators targeting sectors hardest hit by the COVID-19 pandemic. A good example of this was theAttack on the Irish National Health Service, the Health Service Executive, by Conti ransomware operators (aka Miner, Wizard Spider).

Last year, the infrastructure of the ransomware REvil (aka Leafroller, Sodinokibi) was compromised by law enforcement agencies, resulting ingained control of at least some of REvil's servers. However, as with previous efforts to halt gang activity, REvil is likely to make a comeback in some form following recent takedown efforts.

In 2021, targeted ransomware groups also began threatening victims to prevent them from sharing attack details with the media or commercial ransomware companies. Ransomware gangs Conti and Grief said they would release victims' stolen data or remove decryption keys if transcripts or screenshots of ransomware negotiations were shared publicly. The announcement was likely prompted by an increasing number of media reports detailing the bailout negotiations. Other threat groups have also used similar tactics, including Ragnar Locker and a new ransomware threat called YanluowangDiscovered by Symantec's Threat Hunter team.

Attacks on the supply chain

Attacks against software supply chains continue to be a problem for governments and businesses around the world due to their potential to disrupt large sectors of society and businesses. Two significant supply chain attacks that made headlines last year were the SolarWinds attack and the Kaseya attack.

Although the SolarWinds attack happened in late 2020, it made waves well into 2021. The attackers responsible for the attack, the Russian-backed group Nobelium (aka Hagensia), remained active. In September, a new backdoor threat (Tomiris), likely developed by Nobelium, was discovered. The malware shares similarities with the second stage SUNSHUTTLE malware used by Nobelium in the SolarWinds attack. Another post-exploitation backdoor (FoggyWeb) has also been linked to Nobelium. The malware is designed to steal sensitive data from compromised Active Directory Federation Services (AD FS) servers.

The attack on IT management software maker Kaseya, carried out by REvil ransomware operators, affected multiple managed service providers (MSPs) using the company's software. Although Kaseya reported that approximately 60 of its customers were affected by the attack, those customers were MSPs with multiple customers. The estimated number of organizations at risk from the supply chain attack was 1500. The attack was carried out over the 4th of July bank holiday weekend in the United States, probably in an attempt to keep the attack unnoticed for as long as possible and that many employees are furloughed. This is a tactic increasingly used by threat actors.

(Video) The Cyber Threat Landscape: 2021 Was a Hell of a Ride – 2022 Isn’t Shaping Up Any Better

While the Kaseya and SolarWinds attacks are the most significant, they are by no means the only recent supply chain attacks. In accordance witha reportAccording to the Identity Theft Resource Center (ITRC), supply chain attacks are on the rise, with 793,000 more people affected by these attacks in the first three quarters of 2021 than in the full 12 months of 2020.

New attack paths

Over the past year, attackers have increasingly exploited vulnerabilities in public applications to gain access to corporate networks. While in some cases attackers focus on zero-day bugs, more often they look for recently patched vulnerabilities and look for unpatched systems.

A notable example of this was the critical vulnerabilities in Microsoft Exchange Server, collectively known as ProxyLogon. The bugs were fixed in early March 2021, and Microsoft said at the time that the bugs were being exploited in targeted attacks by an Advanced Persistent Threat (APT) group called Hafnium (Symantec tracks this group as Ant). However, soon after the ProxyLogon vulnerabilities became known, other threat actors started exploiting them.

The threat landscape in 2021 (3)

This rapid adoption was also highlighted when another set of vulnerabilities in Microsoft Exchange Server called ProxyShell became public in August 2021. in August. 2021 only.

Other public application vulnerabilities commonly exploited by threat actors in 2021 include flaws in VPN products from Pulse Secure (CVE 2019-11510), Fortinet (CVE-2018-13379), and SonicWall (CVE-2021-20016) as well Vulnerabilities in Accellion's File Transfer Appliance (FTA) software (CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, and CVE-2021-27104).

critical infrastructure

Cyber ​​attacks on Critical National Infrastructure (CNI) can be among the most powerful as they can potentially affect everyone in society. This became clear in May 2021 when the Colonial Pipeline, the largest pipeline in the US, suffered a ransomware attack that affected the team managing the pipeline.

The attack was carried out by the Russia-based ransomware gang DarkSide. Although the ransom was paid within hours of the attack, decryption was slow and the pipeline was disrupted, leading to fuel shortages, price spikes and panic buying in several US states.

The attack on the colonial oil pipeline was not an isolated case, and July 2021 also saw news of it being perpetrated by state-sponsored Chinese threat actorshit 23 US oil and gas pipeline attack campaigns between 2011 and 2013. US officials stated that the goal of the actors behind the attacks was to “help China develop cyber attack capabilities against US pipelines to physically damage pipelines or pipeline operations disturb".

Attacks on the CNI show no sign of stopping, with the number of network-based detections related to attacks on the CNI trending upwards (Figure 3). These attacks are blocked by Symantec Intrusion Prevention System (IPS) technologies. Malicious activity blocked on the network has been declining after peaking in July 2021, but overall numbers are increasing.

The threat landscape in 2021 (4)

As for the regions where most of the activity is directed towards CRF organizational networks, the US tops the list with 69% of all activity observed there.

The threat landscape in 2021 (5)

This was just an excerpt of the content of our latest whitepaper.Read the whole newspaperfor more information on the 2021 threat landscape.

The threat landscape in 2021 (6)Symantec Corporate Blogs

(Video) Webinar: Keeping Up with the Threat Landscape - 22 September 2022

The threat landscape in 2021 (8)Symantec Corporate Blogs

You may also like

4 minutes read

Log4j Vulnerabilities: Attack Insights

Symantec data shows the reach and scale of attacks.

The threat landscape in 2021 (10)Symantec Corporate Blogs

You may also like

3 minutes read

Apache Log4j Zero-Day is explored in the wild

Symantec products protect against attempts to exploit the CVE-2021-44228 critical vulnerability

(Video) Active Defence Cyber Security & The Threat Landscape | ConnectGov 2021 Day 2

The threat landscape in 2021 (12)

About the author

Team of threat hunters


The Threat Hunter team is a group of Symantec security researchers tasked with investigating targeted attacks, promoting enhanced protection for all Symantec products, and providing analytics to help customers respond to attacks.

Would you like to comment on this post?

We encourage you to share your thoughts on your favorite social platform.

(Video) Cybersecurity: Understanding the threat landscape


What is the current threat landscape 2021? ›

Ransomware, or more precisely, targeted ransomware, was the most dominant threat making headlines throughout 2021. Ransomware gangs moved towards targeting entities with a broad network of downstream users.

What are the threat landscape questions? ›

ETL answers these questions: - Which sectors are affected? - What is the impact of the incidents? - Who is the threat actor? - What is the motivation? - What are the TTPs used? - What are the vulnerabilities exploited? - What are the trends (sectors, sophistication, etc.)?

What is current threat landscape? ›

The threat landscape is usually thought of as including the vulnerabilities, malware, and specific groups of attackers and their techniques that represent a danger in a given context.

What is cyber threat landscape summary? ›

The threat landscape means the entire scope of potential and recognized cybersecurity threats affecting user groups, organizations, specific industries, or a particular time. As new cyber threats emerge daily, the threat landscape changes accordingly.

What are the biggest cyber threats in 2021? ›

Without further ado are (some of) the highest profile cyberattacks of 2021:
  • CNA Financial Ransomware Attack, March. ...
  • Quanta Ransomware Attack, April. ...
  • Brenntag Ransomware Attack, April. ...
  • Colonial Pipeline Ransomware Attack, May. ...
  • JBS Foods Ransomware Attack, May. ...
  • Kaseya VSA Ransomware Attack, July.
Nov 24, 2022

What are the 4 basic stages of threat? ›

Threats can be classified into four different categories; direct, indirect, veiled, conditional. A direct threat identifies a specific target and is delivered in a straightforward, clear, and explicit manner.

What are 4 examples of threats? ›

9 examples of threats in a SWOT analysis
  • Social perception. With the rise of social media, consumers are increasingly aware of the business practices of the companies they support. ...
  • Natural disasters. ...
  • Technological changes. ...
  • Legislation. ...
  • Competition. ...
  • Globalization. ...
  • Data security. ...
  • Rising costs.
May 11, 2021

What are 4 methods of threat detection? ›

Generally, all threat detection falls into four major categories: Configuration, Modeling, Indicator, and Threat Behavior. There is no best type of threat detection. Each category can support different requirements and approaches depending on the business requirement.

What are the six common types of threats? ›

The six types of security threat
  • Cybercrime. Cybercriminals' principal goal is to monetise their attacks. ...
  • Hacktivism. Hacktivists crave publicity. ...
  • Insiders. ...
  • Physical threats. ...
  • Terrorists. ...
  • Espionage.
Mar 25, 2015

What is the biggest threat of technology today? ›

Cybercrime today is a major threat not just for the private sector and for individuals but for the government and the nation as a whole. As we move into 2022, state-sponsored attacks are expected to increase, with attacks on critical infrastructure of particular concern.

How do you respond to the 2022 cyber threat landscape Gartner? ›

Gartner®: How to Respond to the 2022 Cyberthreat Landscape
  1. Gain insight into the evolving cybersecurity threat landscape.
  2. Understand the challenges in maturing an organization's security practices.
  3. Get detailed mitigation strategies security and risk management leaders can implement.

What is a threat example? ›

Most threats are meant to pressure someone to do something (or not do something) by indicating what the punishment will be if they don't comply. For example, telling your brother that you will tell your parents that he was out past curfew unless he gives you something is a threat (it's also blackmail).

What is cyber threat Short answer? ›

A cyber security threat refers to any possible malicious attack that seeks to unlawfully access data, disrupt digital operations or damage information.

What are the 3 major threats to cyber security today? ›

Types of cyber threats your institution should be aware of include: Malware. Ransomware. Distributed denial of service (DDoS) attacks.

What is the definition of cyber landscape? ›

The term cybersecurity landscape refers to the global and regional cyber threat environment. Also, the concept is known as the cyber threat landscape. So the cybersecurity landscape helps the organizations. To know about the various cyber security threats. Also, vulnerabilities of their systems and network.

What are the threat trends for 2022? ›

Ultimately, Gartner nailed it when they predicted in 2022 that attack surface expansion (caused by the dispersal of enterprises), supply chain risk, and identity threat detection and response would be three of the biggest cybersecurity trends in 2022. In many ways, I think the same goes for 2023.

What are the 5 main threats to cyber security? ›

Top 5 most common cyber threats to watch out for today
  • Social engineering attacks (or phishing) ...
  • Ransomware. ...
  • Mobile security attacks. ...
  • Remote working risks. ...
  • Identity-based cloud security threats.
Jul 5, 2022

What is the most common threat on the Internet *? ›

Computer viruses are the most common among internet security threats out there. Viruses enter your computers by attaching to a host file or a system. Once they enter your computer, they can create damage instantly or remain dormant. The goal of viruses is to infect your other computers and networked systems.

What are the three elements of threat? ›

With the combination of hostile intent, capability and opportunity, a threat actor can pose a real threat to a system, increasing its risk. Threat mitigations should work to eliminate one or more of these three essential components.

What are the three major classes of threats? ›

Threat agent is an actor that imposes the threat on a specific asset of the system which is represented by three classes: human, technological, and force majeure.

What are the 5 threat levels? ›

There are 5 levels of threat:
  • low - an attack is highly unlikely.
  • moderate - an attack is possible but not likely.
  • substantial - an attack is likely.
  • severe - an attack is highly likely.
  • critical - an attack is highly likely in the near future.

What is a threat list their types? ›

Threat can be anything that can take advantage of a vulnerability to breach security and negatively alter, erase, harm object or objects of interest. Software attacks means attack by Viruses, Worms, Trojan Horses etc. Many users believe that malware, virus, worms, bots are all same things.

How do you identify threats? ›

Threats can be viewed and categorised in light of the following: • the likelihood that the threat will take place • the impact if and when it does. Likelihood and impact are concepts which help us determine risk: the higher the likelihood or impact of a threat, the higher the risk.

How do you answer opportunities and threats? ›

Part 1
  1. Strengths: what do you do well? What do other people see as your strengths?
  2. Weaknesses: what areas need development? What should you avoid?
  3. Opportunities: what possibilities are open to you? What resources do you have? ...
  4. Threats: what might cause you difficulties? What responsibilities do you have?

What are 3 examples of threat detection technology? ›

These include, but are not limited to: Cloud access and security brokers (CASB) Endpoint detection and response. Intrusion detection prevention systems (IDS/IPS)

What are the 6 steps of threat modeling? ›

How Threat Modeling Protects Your Data Assets
  • Step 1: Asset Identification. Your first task is to catalog your assets, including data, applications, network components, and many others. ...
  • Step 2: Attack Surface Analysis. ...
  • Step 3: Attack Vectors. ...
  • Step 4: Analysis. ...
  • Step 5: Prioritization. ...
  • Step 6: Security Controls.
Jul 22, 2020

What are the factors of threats? ›

Factors in Threat Assessment
  • Identity of the victim or victims.
  • Reason for making the threat.
  • The means, weapon, and method by which it is to be carried out.
  • Date, time, and place where the threatened act will occur.
  • Concrete information about plans or preparations that have already been made.

What are the social threats? ›

Social media threats are common. The top five social media security threats are phishing, social engineering, information disclosure, fake accounts, and malware.

What are the two elements of a threat? ›

The following are two of the main elements of a criminal threat:
  • Intent: A criminal threat must be made with the intent to cause fear of injury or death in another person. ...
  • Specificity: A threat cannot be considered criminal if it is either unreasonable or vague.
Jun 14, 2017

How technology is a threat to society? ›

Digital technologies can fa- cilitate harm to people, such as bullying, harassment, fraud and misinformation. Other technology-related threats to human security can be associated with re- sponses to the uncertainty generated by technology diusion.

What are the three main challenges facing technology today? ›

Addressing these five key tech challenges will distinguish the companies that survive - and thrive - from those that fall by the wayside.
  • Supply Chain Challenges. ...
  • Increased Security Threat. ...
  • Accelerated Technological Innovation. ...
  • Talent Shortage. ...
  • Demand For More Sustainable Technology.
Nov 10, 2022

What is the biggest asset and the biggest threat? ›

The Human Element: Our Biggest Threat and Our Greatest Asset.

What is the biggest threat to cybersecurity today and why you believe it is the biggest threat? ›


Ransomware is considered to be one of the biggest cyber security threats in 2022 and poses a serious cyber threat to businesses of all sizes. Ransomware attacks work by infecting your network and locking down your data and computer systems until a ransom is paid to the hacker.

What are the biggest most concerning cyber threats that businesses face in 2022? ›

Top 10 Cybersecurity Threats in 2022
  • Social Engineering. New in 2022.
  • Third-Party Exposure. New in 2022.
  • Configuration Mistakes. New in 2022.
  • Poor Cyber Hygiene. New in 2022.
  • Cloud Vulnerabilities. New in 2022.
  • Mobile Device Vulnerabilities. New in 2022.
  • Internet of Things. New in 2022.
  • Ransomware. New in 2022.
Dec 7, 2022

What are the biggest cybersecurity threats right now 2022? ›

According to the report, some of the leading cyber risks and cybersecurity trends in 2022 include:
  • Malware on the rise. ...
  • Rise of ransomware attacks. ...
  • Zero-day attacks. ...
  • Remote code execution. ...
  • Attack surface expansion. ...
  • Digital supply-chain risks. ...
  • Cybersecurity mesh. ...
  • Zero trust.
Dec 8, 2022

What is a threat to life? ›

A Threat To Life (TTL) is described as an incident whereby someone's life is in real and immediate danger. It envokes a response under Article 2 of the Human Rights Act 1998 placing an obligation on law. enforcement agencies to take reasonable steps to protect a person whose life is in 'Real and. Immediate Danger'

Which is a threat to environment? ›

Twenty-first century threats to our environment—including invasive species, diseases, pollution, and a warming climate—are putting wildlife populations at risk.

What are the global threats? ›

The decisive role in the decline of living standards played by global threats including poverty, fundamentalism, environmental degradation, wars, and excess consumption, is compellingly presented from the perspective of the author's unique career.

What do you think the cyber threats are today? ›

Cyber attacks can cause electrical blackouts, failure of military equipment, and breaches of national security secrets. They can result in the theft of valuable, sensitive data like medical records. They can disrupt phone and computer networks or paralyze systems, making data unavailable.

What is the impact of cyber threats? ›

Cyberattacks can occur in many ways, including:

Damaging your financial security, including identity theft. Blocking your access or deleting your personal information and accounts. Complicating your employment or business services. Impacting transportation and the power grid.

How can we protect from online threats? ›

Top tips for staying secure online
  1. Top tips for staying secure online.
  2. Use a strong and separate password for your email.
  3. Install the latest software and app updates.
  4. Turn on 2-step verification (2SV)
  5. Password managers: using browsers and apps to safely store your passwords.
  6. Backing up your data.
  7. Three random words.

What are the 8 common cyber threats? ›

8 Common Cybersecurity Threats and How to Prevent Them
  • 1) Ransomware. ...
  • 2) Social Engineering/Phishing. ...
  • 3) Unpatched Systems and Misconfigurations. ...
  • 4) Credential Stuffing. ...
  • 5) Password Cracking Attacks. ...
  • 6) Man-in-the-Middle Attacks. ...
  • 7) Denial-of-Service Attacks. ...
  • 8) Drive-by Download Attacks.
Nov 10, 2022

What are the 7 types of cyber security threats? ›

7 Types of Cyber Threats
  • Malware. Malicious software (malware) is a program designed to perform malicious actions. ...
  • Ransomware. ...
  • Fileless Attacks. ...
  • DoS and DDoS Attacks. ...
  • Phishing. ...
  • Account Takeover. ...
  • MitM Attacks.

What are the 10 common types of cyber threats? ›

What are the 10 Most Common Types of Cyber Attacks?
  • Malware.
  • Denial-of-Service (DoS) Attacks.
  • Phishing.
  • Spoofing.
  • Identity-Based Attacks.
  • Code Injection Attacks.
  • Supply Chain Attacks.
  • Insider Threats.

What does threat landscape represent? ›

The threat landscape means the entire scope of potential and recognized cybersecurity threats affecting user groups, organizations, specific industries, or a particular time. As new cyber threats emerge daily, the threat landscape changes accordingly.

What is security landscaping? ›

Security landscaping is the use of landscape features to enhance security. The term is associated with techniques that aim to be aesthetically pleasing, highly functional and reasonably secure. In other words, barbed wire fences and warning signs aren't considered security landscaping but security infrastructure.

What are the 4 principles of cybersecurity? ›

The purpose of the cyber security principles is to provide strategic guidance on how an organisation can protect their systems and data from cyber threats. These cyber security principles are grouped into four key activities: govern, protect, detect and respond.

What is the current cyber threat level? ›

Today's Cyber Threat Level

The Cyber Alert Level remains at Blue (Guarded) due to the continued threat posed by various malicious groups targeting government networks and new critical security patches released by Microsoft.

What is the #1 cybersecurity threat today? ›

1. Inadequate Training for Employees. The biggest cybersecurity threat to organizations comes from within them. According to a recent study by Stanford University, employee errors, whether intentional or accidental, are to blame for 88% of data breach occurrences.

What are the main cyber threats of 2022? ›

According to the report, some of the leading cyber risks and cybersecurity trends in 2022 include:
  • Malware on the rise. ...
  • Rise of ransomware attacks. ...
  • Zero-day attacks. ...
  • Remote code execution. ...
  • Attack surface expansion. ...
  • Digital supply-chain risks. ...
  • Cybersecurity mesh. ...
  • Zero trust.
Dec 8, 2022

What is the latest vulnerabilities? ›

  • Microsoft February 2023 Patch Tuesday fixes 3 exploited zero-days, 77 flaws. ...
  • Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day. ...
  • Money Lover for Android & iOS leaked email addresses, transactions. ...
  • Researcher breaches Toyota supplier portal with info on 14,000 partners.


1. Ransomware Attacks in 2021: How to Navigate the Evolving Threat Landscape
2. Webinar: 2021 ICS/OT Cybersecurity Year in Review - Threat Landscape
(Dragos: ICS Cybersecurity)
3. Networking Academy: The Cybersecurity Threat Landscape
4. A look at the SideWinder APT
(The CyberWire)
5. The Cyber Threat Landscape
(Bloomberg Technology)
6. Privacy in a Post-Dobbs Landscape | Health Data, Telemedicine, Self-Managed Abortion & Surveillance
(Duke University School of Law)
Top Articles
Latest Posts
Article information

Author: Amb. Frankie Simonis

Last Updated: 01/06/2023

Views: 6221

Rating: 4.6 / 5 (56 voted)

Reviews: 95% of readers found this page helpful

Author information

Name: Amb. Frankie Simonis

Birthday: 1998-02-19

Address: 64841 Delmar Isle, North Wiley, OR 74073

Phone: +17844167847676

Job: Forward IT Agent

Hobby: LARPing, Kitesurfing, Sewing, Digital arts, Sand art, Gardening, Dance

Introduction: My name is Amb. Frankie Simonis, I am a hilarious, enchanting, energetic, cooperative, innocent, cute, joyous person who loves writing and wants to share my knowledge and understanding with you.