www.trendmicro.com
Open in
urlscan Pro
2.20.38.217
Public Scan
URL:
https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/attacks-from-all-angles-2021-midy...
Submission: On September 15 via api from GB — Scanned from DE
Submission: On September 15 via api from GB — Scanned from DE
Form analysis 2 forms found in the DOM
<form class="main-menu-search" aria-label="Search Trend Micro">
<div class="main-menu-search__field-wrapper" id="cludo-search-form">
<table cellspacing="0" cellpadding="0" class="gsc-search-box" style="width:100%">
<tbody>
<tr>
<td class="gsc-input">
<input type="text" size="10" class="gsc-input" name="search" title="search" placeholder="Search Trend Micro" autocomplete="off">
</td>
</tr>
</tbody>
</table>
</div>
</form><form class="main-menu-search" aria-label="Search Trend Micro">
<div class="main-menu-search__field-wrapper" id="cludo-search-form-mobile">
<table cellspacing="0" cellpadding="0" class="gsc-search-box" style="width:100%">
<tbody>
<tr>
<td class="gsc-input">
<input type="text" size="10" class="gsc-input" name="search" title="search" placeholder="Search Trend Micro" autocomplete="off">
</td>
<td class="gsc-search-close collapsed" style="width:1%;" data-target="#search-mobile-wrapper" data-toggle="collapse">
<span class="icon-close"></span>
</td>
</tr>
</tbody>
</table>
</div>
</form>Text Content
dismiss
0 Alerts
undefined
* No new notifications at this time.
Download
* Scan Engines
* All Pattern Files
* All Downloads
* Subscribe to Download Center RSS
Buy
* Home Office Online Store
* Renew Online
* Free Tools
* Find a Partner
* Contact Sales
* Locations Worldwide
* 1-888-762-8736 (M-F 8am - 5pm CST)
* Small Business
* Buy Online
* Renew Online
Region
* The Americas
* United States
* Brasil
* Canada
* México
* Asia Pacific
* Australia
* Hong Kong (English)
* 香港 (中文) (Hong Kong)
* भारत गणराज्य (India)
* Indonesia
* 日本 (Japan)
* 대한민국 (South Korea)
* Malaysia
* New Zealand
* Philippines
* Singapore
* 台灣 (Taiwan)
* ประเทศไทย (Thailand)
* Việt Nam
* Europe, Middle East & Africa
* België (Belgium)
* Česká Republika
* Danmark
* Deutschland, Österreich Schweiz
* España
* France
* Ireland
* Italia
* Middle East and North Africa
* Nederland
* Norge (Norway)
* Polska (Poland)
* Россия (Russia)
* South Africa
* Suomi (Finland)
* Sverige (Sweden)
* Türkiye (Turkey)
* United Kingdom
Log In
* My Support
* Log In to Support
* Partner Portal
* Home Solutions
* My Account
* Lost Device Portal
* Trend Micro Vault
* Password Manager
* Customer Licensing Portal
* Online Case Tracking
* Premium Support
* Worry-Free Business Security Services
* Remote Manager
* Cloud One
* Referral Affiliate
* Referral Affiliate
Contact Us
* Contact Sales
* Locations
* Support
* Find a Partner
* Learn of upcoming events
* Social Media Networks
* Facebook
* Twitter
* Linkedin
* Youtube
* Instagram
* 1-888-762-8736 (M-F 8-5 CST)
Business
For Home
Products Products
Hybrid Cloud Security
Workload Security
Conformity
Container Security
File Storage Security
Application Security
Network Security
Open Source Security
Network Security
Intrusion Prevention
Advanced Threat Protection
Industrial Network Security
Mobile Network Security
User Protection
Endpoint Security
Industrial Endpoint
Email Security
Web Security
Endpoint & Gateway Suites
Detection & Response
XDR
Managed XDR Service
Endpoint Detection & Response
Powered by
Global Threat Intelligence
Connected Threat Defense
All Products & Trials
All Solutions
Small & Midsize Business Security
Solutions Solutions
For Cloud
Cloud Migration
Cloud-Native App Development
Cloud Operational Excellence
Data Center Security
SaaS Applications
Internet of Things (IoT)
Smart Factory
Connected Car
Connected Consumer
5G Security for Enterprises
Risk Management
Ransomware
End-of-Support Systems
Compliance
Detection and Response
Industries
Healthcare
Manufacturing
Federal
Why Trend Micro Why Trend Micro
The Trend Micro Difference
Customer Successes
Strategic Alliances
Industry Leadership
Research Research
Research
About Our Research
Research and Analysis
Research, News and Perspectives
Security Reports
Security News
Zero Day Initiative (ZDI)
Blog
Research by Topic
Vulnerabilities
Annual Predictions
The Deep Web
Internet of Things (IoT)
Resources
DevOps Resource Center
CISO Resource Center
What is?
Threat Encyclopedia
Cloud Health Assessment
Cyber Risk Assessment
Enterprise Guides
Glossary of Terms
Support Support
Business Support
Log In to Support
Technical Support
Virus & Threat Help
Renewals & Registration
Education & Certification
Contact Support
Downloads
Free Cleanup Tools
Find a Support Partner
For Popular Products
Deep Security
Apex One
Worry-Free
Worry-Free Renewals
Partners Partners
Channel Partners
Channel Partner Overview
Managed Service Provider
Cloud Service Provider
Professional Services
Resellers
Referral Partners
System Integrators
Alliance Partners
Alliance Overview
Technology Alliance Partners
Our Alliance Partners
Tools and Resources
Find a Partner
Education and Certification
Partner Successes
Distributors
Partner Login
Company Company
Overview
Leadership
Customer Success Stories
Strategic Alliances
Industry Accolades
Newsroom
Webinars
Events
Security Experts
Careers
History
Corporate Social Responsibility
Diversity, Equity & Inclusion
Trust Center
Internet Safety and Cybersecurity Education
Investors
Legal
×
0 Alerts
undefined
* No new notifications at this time.
Download
* Scan Engines
* All Pattern Files
* All Downloads
* Subscribe to Download Center RSS
Buy
* Home Office Online Store
* Renew Online
* Free Tools
* Find a Partner
* Contact Sales
* Locations Worldwide
* 1-888-762-8736 (M-F 8am - 5pm CST)
* Small Business
* Buy Online
* Renew Online
Region
* The Americas
* United States
* Brasil
* Canada
* México
* Asia Pacific
* Australia
* Hong Kong (English)
* 香港 (中文) (Hong Kong)
* भारत गणराज्य (India)
* Indonesia
* 日本 (Japan)
* 대한민국 (South Korea)
* Malaysia
* New Zealand
* Philippines
* Singapore
* 台灣 (Taiwan)
* ประเทศไทย (Thailand)
* Việt Nam
* Europe, Middle East & Africa
* België (Belgium)
* Česká Republika
* Danmark
* Deutschland, Österreich Schweiz
* España
* France
* Ireland
* Italia
* Middle East and North Africa
* Nederland
* Norge (Norway)
* Polska (Poland)
* Россия (Russia)
* South Africa
* Suomi (Finland)
* Sverige (Sweden)
* Türkiye (Turkey)
* United Kingdom
Log In
* My Support
* Log In to Support
* Partner Portal
* Home Solutions
* My Account
* Lost Device Portal
* Trend Micro Vault
* Password Manager
* Customer Licensing Portal
* Online Case Tracking
* Premium Support
* Worry-Free Business Security Services
* Remote Manager
* Cloud One
* Referral Affiliate
* Referral Affiliate
Contact Us
* Contact Sales
* Locations
* Support
* Find a Partner
* Learn of upcoming events
* Social Media Networks
* Facebook
* Twitter
* Linkedin
* Youtube
* Instagram
* 1-888-762-8736 (M-F 8-5 CST)
* No new notifications at this time.
* No new notifications at this time.
* Scan Engines
* All Pattern Files
* All Downloads
* Subscribe to Download Center RSS
* Home Office Online Store
* Renew Online
* Free Tools
* Find a Partner
* Contact Sales
* Locations Worldwide
* 1-888-762-8736 (M-F 8am - 5pm CST)
* Small Business
* Buy Online
* Renew Online
* The Americas
* United States
* Brasil
* Canada
* México
* Asia Pacific
* Australia
* Hong Kong (English)
* 香港 (中文) (Hong Kong)
* भारत गणराज्य (India)
* Indonesia
* 日本 (Japan)
* 대한민국 (South Korea)
* Malaysia
* New Zealand
* Philippines
* Singapore
* 台灣 (Taiwan)
* ประเทศไทย (Thailand)
* Việt Nam
* Europe, Middle East & Africa
* België (Belgium)
* Česká Republika
* Danmark
* Deutschland, Österreich Schweiz
* España
* France
* Ireland
* Italia
* Middle East and North Africa
* Nederland
* Norge (Norway)
* Polska (Poland)
* Россия (Russia)
* South Africa
* Suomi (Finland)
* Sverige (Sweden)
* Türkiye (Turkey)
* United Kingdom
* My Support
* Log In to Support
* Partner Portal
* Home Solutions
* My Account
* Lost Device Portal
* Trend Micro Vault
* Password Manager
* Customer Licensing Portal
* Online Case Tracking
* Premium Support
* Worry-Free Business Security Services
* Remote Manager
* Cloud One
* Referral Affiliate
* Referral Affiliate
* Contact Sales
* Locations
* Support
* Find a Partner
* Learn of upcoming events
* Social Media Networks
* Facebook
* Twitter
* Linkedin
* Youtube
* Instagram
* 1-888-762-8736 (M-F 8-5 CST)
undefined
* Research & Analysis
* Threat Reports
* Roundup
* Attacks From All Angles: 2021 Midyear Cybersecurity Report
ATTACKS FROM ALL ANGLES
2021 Midyear Cybersecurity Report
September 14, 2021
* Email
* Facebook
* Twitter
* Google+
* Linkedin
Download Attacks From All Angles: 2021 Midyear Cybersecurity Report
In the first half of this year, cybersecurity strongholds were surrounded by
cybercriminals waiting to pounce at the sight of even the slightest crack in
defenses to ravage valuable assets.
Threats and risks from all angles soon closed in, bringing with them updated
tactics and greater motivation to affect targeted industries. These security
issues include high-profile modern ransomware attacks, active campaigns,
critical vulnerabilities, Covid-19-related scams, and other threats, not to
mention developing threats in the cloud and the internet of things (IoT).
We investigate these in our midyear roundup report, "Attacks From All Angles:
2021 Midyear Cybersecurity Report."
To better prepare for the future, let us retrace our steps so far this year in
the volatile landscape of cybersecurity.
Where would you like to start?
01
RANSOMWARE
Ransomware continued to evolve as one of the most menacing cyberthreats,
amassing over 7 million combined email, URL, and file threat detections. Threat
actors moved quickly and aggressively with attacks on critical sectors such as
banking, government, and manufacturing.
Banking
15,537
Government
10,225
Manufacturing
4,957
Healthcare
4,802
Food and beverage
2,330
Top five industries affected by ransomware in the first half of 2021
While some of the operators’ strategies, such as their propensity to target
crucial industries, remained constant, many of their tactics evolved drastically
and rapidly. Prominent ransomware variants raised the stakes as new families
aggravated the risks. Some threat actors were quick to jump in on the
opportunity and pretended to be ransomware gangs, such as in the case of a fake
DarkSide campaign.
NOTABLE RANSOMWARE FAMILIES
DARKSIDE
DarkSide launched a string of high-profile attacks, including the Colonial
Pipeline incident.
It has also been actively updating its technique, such as with a DarkSide Linux
variant targeting VMware ESXi servers.
REVIL
(AKA SODINOKIBI)
REvil was wielded in a recent attack on major meat supplier JBS.
In the first half of 2021, Trend Micro file detections for REvil also more than
doubled compared to the same period last year.
HELLO
Hello, a new ransomware variant, exploits the Microsoft SharePoint vulnerability
CVE-2019-0604.
We also found that it deployed the China Chopper web shell to execute PowerShell
commands.
Such incidents prompted discussions on the delicate issues of ransom payments,
cyber insurance, and potential legislation. There have also been aggressive
efforts by authorities and security researchers to take down ransomware gangs,
which have led to a string of high-profile arrests such as in the cases of the
crackdown on Egregor and Clop operators.
REFINED TECHNIQUES
Ransomware operators expanded their use of legitimate tools. They also upped the
ante of their extortion techniques, from encryption to exposure of stolen data,
to incorporating distributed denial-of-service (DDoS) attacks and directly
badgering customers and stakeholders of victim organizations.
Ransomware multi-extortion techniques
02
ADVANCED PERSISTENT THREATS (APTS)
APTs were also active as several campaigns were launched in the first half of
this year.
The threat groups behind these APTs brandished both tried-and-tested techniques
and innovative tactics. The former included the use of spear-phishing emails and
malicious scripts, while the latter involved new legitimate platforms, malware
variants, and remote access tools (RATs) such as the PlugX loader.
NOTABLE APTS
TEAM TNT
TeamTNT is at it again, this time targeting Amazon Web Services (AWS)
credentials and Kubernetes clusters. These attacks are related to cryptocurrency
mining as well.
For the latter, China and the US make up most of the compromised IP addresses.
WATER PAMOLA
We spotted some changes in Water Pamola’s tactics. These consist mainly of a
shift to focusing mostly on targets in Japan. Additionally, instead of using
spam, attacks are launched by exploiting a cross-site scripting (XSS)
vulnerability in a store’s online admin portal.
EARTH VETALA
Earth Vetala – MuddyWater launched campaigns against organizations in the Middle
East and surrounding regions. They took advantage of legitimate remote admin
tools such as ScreenConnect and RemoteUtilities to distribute payloads.
IRON TIGER
Iron Tiger, which is notorious for targeting gambling companies in Southeast
Asia, updated its toolkit with an evolved SysUpdate malware variant. The group
now also uses five files (instead of three) in its infection routine.
EARTH WENDIGO
Trend Micro discovered an APT has been targeting organizations in Taiwan since
2019. We dubbed the threat actors as Earth Wendigo. The attacks use
spear-phishing emails with malicious JavaScript injected onto a widely used
webmail system.
Notable APTs for the first half of 2021
The attack flow of Earth Wendigo’s operation
03
VULNERABILITIES
Notable vulnerabilities made headlines as researchers scurried to patch affected
systems before these flaws could pose dangers and disrupt work setups, including
remote ones.
PROXYLOGON
A hacking incident attributed to the Hafnium group saw the exploitation of four
zero-day vulnerabilities in the on-premises versions of Microsoft Exchange
Server. These vulnerabilities are CVE-2021-26855, CVE-2021-26857,
CVE-2021-26858, and CVE-2021-27065, collectively dubbed as ProxyLogon.
MICROSOFT SHAREPOINT VULNERABILITIES
Five notable remote code execution (RCE) vulnerabilities also affected Microsoft
SharePoint, an online document management and storage platform that can also be
used in remote work setups.
CVE-2021-24066Workflow Deserialization of Untrusted Data Remote Code Execution
VulnerabilitCVE-2021-27076InfoPath List Deserialization of Untrusted Data Remote
Code Execution VulnerabilityCVE-2021-31181WebPart Interpretation Conflict Remote
Code Execution VulnerabilityCVE-2021-28474Server-Side Control Interpretation
Conflict Remote Code Execution
VulnerabilityCVE-2021-26420WorkflowCompilerInternal Exposed Dangerous Function
Remote Code Execution Vulnerability
Microsoft SharePoint RCE vulnerabilities for the first half of 2021
VPN VULNERABILITIES
As work-from-home (WFH) setups continue to persist, virtual private networks
(VPNs) remain a vital tool for ensuring security. Detections for these
vulnerabilities continued to proliferate, with some spikes compared to the same
period last year.
Fortinet
Pulse Secure
Citrix Systems
CVE-2018-13379
CVE-2019-11510
CVE-2019-11539
CVE-2019-19781
2020
Jan
15,834
88,506
9
856
287
Feb
9,864
66,164
12
52
19
Mar
14,910
63,716
115
118
18
Apr
18,312
62,862
69
2,703
1
May
20,897
60,791
60
2,921
7
Jun
27,110
39,994
123
2,783
5
2021
Jan
113,330
45,937
787
1,388
3
Feb
77,853
15,627
488
579
761
Mar
75,785
27,876
566
1
713
158
Apr
68,651
21,440
956
988
5
May
70,083
15,230
508
650
5
Jun
61,467
9,558
301
11
418
15
Detections for VPN vulnerabilities for the first half of 2020 and the first half
of 2021
PRINTNIGHTMARE
“PrintNightmare” is the name attributed to CVE-2021-1675, a critical Windows
Print Spooler vulnerability that allows arbitrary code execution with
system-level privileges. The accidental leak of a proof-of-concept exploit code
triggered a race to patch this vulnerability as soon as possible.
All in all, the number of vulnerability detections showed a small decrease, with
a notable decline in critical vulnerabilities.
Severity1H 2021 Count1H 2020
CountCritical16121High553547Medium10776Low9442Total770786
Half-year comparison of the severity breakdown, based on the CVSS of
vulnerabilities disclosed via our Zero Day Initiative (ZDI) program.
Source: Trend Micro ZDI program
04
COVID-19-RELATED SCAMS AND OTHER THREATS
Even amid a pandemic, it’s business as usual for many threat actors as they
either continue unleashing new threats or refurbish current ones. Some
cybercriminals directly took advantage of the pandemic, using the uncertainty
and distress brought about by the situation for social engineering ammunition in
crafting their scams.
COVID-19-RELATED THREATS
As vaccination programs continue to be rolled out across the globe, threats
related to Covid-19 vaccines proliferate as well. These involve malicious files,
emails, text messages, misinformation sites, and phishing pages. The usual
targets are telecommunications, banking, retail, government, and finance
sectors.
United States
1,584,337
Germany
832,750
Colombia
462,005
Italy
131,197
Spain
111,663
Others
1,287,440
The top countries affected by Covid-19-related threats in the first half of 2021
ACTIVE THREATS
XCSSET
XCSSET targets Mac users and infects Xcode projects. A few months into the year,
threat actors updated XCSSET with features that let it adapt to both ARM64 and
x86_x64 Macs. The malware also gained the ability to harvest sensitive
information from certain websites, including cryptocurrency-trading platforms.
PANDASTEALER
PandaStealer is a new information stealer that can gather sensitive information
like private keys and records of past transactions from a target’s digital
currency wallets. It can also harvest credentials from other applications, take
screenshots, and exfiltrate data from browsers. It is mainly propagated through
spam emails that request business quotes.
05
CLOUD AND THE INTERNET OF THINGS (IOT)
Circumstances brought about by the pandemic catalyzed the adoption of online
systems powered by technologies such as the cloud and the IoT. However, these
domains come with their own sets of threats and risks.
CLOUD
Some prominent threats this year include TeamTNT attacks. At the start of the
year, we uncovered that the threat actors behind TeamTNT were targeting certain
cloud systems:
* AWS credentials. TeamTNT stole AWS credentials through a binary containing a
hard-coded shell script. Over 4,000 instances were compromised.
* Kubernetes clusters. TeamTNT compromised Kubernetes clusters in the wild.
Almost 50,000 IP addresses were affected across multiple clusters.
THE IOT
We uncovered risks in various facets of the IoT, including Long Range Wide Area
Network (LoRaWAN), 5G, and routers.
LORAWAN
While useful in enterprises and smart cities, LoRaWAN devices are not immune to
compromise. After finding exploitable vulnerabilities in these devices, we
created the LoRaPWN tool for assessing the security of LoRaWAN communications.
5G
Establishing 4G/5G campus networks for enterprises comes with risks. To study
these perils, we identified several attack scenarios including DNS hijacking,
MQTT hijacking, Modbus/TCP hijacking, downloading or resetting unprotected
programmable logic controllers (PLCs), remote desktop, and SIM swapping.
ROUTERS
Routers have always been plagued with security issues. We analyzed router
infections and found VPNFilter, an IoT botnet, to be one of the most prominent
threats. To compromise routers and storage devices, VPNFilter uses backdoor
accounts and various exploits.
06
THREAT
LANDSCAPE
40,956,909,973
Overall number of threats blocked for the first half of 2021
BLOCKED EMAIL THREATS
Q1
16,089,334,070
Q2
17,226,781,018
BLOCKED MALICIOUS FILES
Q1
2,343,479,304
Q2
3,997,341,419
BLOCKED MALICIOUS URLS
Q1
535,451,111
Q2
764,523,051
EMAIL REPUTATION QUERIES
Q1
20,910,330,826
Q2
22,075,108,541
FILE REPUTATION QUERIES
Q1
442,384,974,451
Q2
517,455,645,611
URL REPUTATION QUERIES
Q1
848,818,567,862
Q2
796,857,859,588
Download our full report to gain insights into the pressing cyberthreats and
risks that plagued the first half of 2021 and learn more about our expert
security recommendations for users and enterprises.
HIDE
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to
copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
Posted in Roundup, Threat Reports, Ransomware, Vulnerabilities, Advanced
Persistent Threats, COVID-19, Cloud Computing, Internet of Things
RELATED POSTS
* A Roadmap to Secure Connected Cars: Charting the WP.29's UN Regulation No.
155
* Linux Threat Report 2021 1H: Linux Threats in the Cloud and Security
Recommendations
* Islands of Telecom: Risks in IT
* TeamTNT Activities Probed: Credential Theft, Cryptocurrency Mining, and More
* 2020 Report: ICS Endpoints as Starting Points for Threats
RECENT POSTS
* Attacks From All Angles: 2021 Midyear Cybersecurity Report
* A Roadmap to Secure Connected Cars: Charting the WP.29's UN Regulation No.
155
* Earth Baku Returns: Uncovering the Upgraded Toolset Behind the APT Group’s
New Cyberespionage Campaign
* Linux Threat Report 2021 1H: Linux Threats in the Cloud and Security
Recommendations
* Islands of Telecom: Risks in IT
WE RECOMMEND
* Internet of Things
* Virtualization & Cloud
* Mobile
* Securing Home Routers
* A Roadmap to Secure Connected Cars: Charting the WP.29's UN Regulation No.
155
* Islands of Telecom: Risks in IT
* IoT Security Issues, Threats, and Defenses
* Security 101: Protecting Serverless and Container Applications with RASP
(Runtime Application Self-Protection)
* Navigating Gray Clouds: The Importance of Visibility in Cloud Security
* Supply Chain Attacks in the Age of Cloud Computing: Risks, Mitigations,
and the Importance of Securing Back Ends
* Know the Symptoms: Protect Your Devices While Working From Home
* Review, Refocus, and Recalibrate: The 2019 Mobile Threat Landscape
* Mobile Banking Trojan FakeToken Resurfaces, Sends Offensive Messages
Overseas from Victims’ Accounts
* Alexa and Google Home Devices can be Abused to Phish and Eavesdrop on Users,
Research Finds
* Mirai Variant Spotted Using Multiple Exploits, Targets Various Routers
* A Look Into the Most Noteworthy Home Network Security Threats of 2017
2021 SECURITY PREDICTIONS
The seismic events of 2020 have created long-lasting changes in work
environments across the globe, and opened up new attack avenues for
cybercriminals. Cybersecurity will help enterprises and ordinary users adapt
safely to these new conditions.
View the 2021 Security Predictions
TREND MICRO 2020 ANNUAL CYBERSECURITY REPORT
The upheavals of 2020 challenged the limits of organizations and users, and
provided openings for malicious actors. A robust cybersecurity posture can help
equip enterprises and individuals amid a continuously changing threat landscape.
View the 2020 Annual Cybersecurity Report
* Contact Sales
* Locations
* Careers
* Newsroom
* Trust Center
* Privacy
* Accessibility
* Support
* Site map
* linkedin
* twitter
* facebook
* youtube
* instagram
* rss
Copyright © 2021 Trend Micro Incorporated. All rights reserved.