Top cybersecurity threats in 2021

2021 is coming to a close, and it’s time to take stock of the security lessons we’ve all learned this year. This is the only way we can understand the types of security threats we’ll face next year. When it comes to being prepared against cyber threats, it’s not a question of if there will be a cyber attack, but when. There’s no doubt that attacks will happen, so it’s just a question of whether or not you’re ready when they do.
In this blog post, we’ve gathered up the top security threats of 2021 to shed some light on what 2022 may have in store.

Top Threats

Having brand new, up-to-date security technology is certainly helpful, but by itself it isn’t enough. As reported by IBM, 95% of successful cyber attacks are caused by insiders – in other words, by human error.
As such, it’s clear that organizations need to make sure their analysts are aware of the latest cyber threats. Trainings, especially those which include OWASP Top 10 best practices, are one of the best ways to strengthen their security measures.

Sensitive Data Exposure

Sensitive data exposure moved up to #2 in the OWASP Top 10 web application security risks.
Application programming interfaces, or APIs, are great tools which allow developers to connect their applications to third-party services like Google Maps.
However, some APIs rely on insecure data transmission methods, which attackers can exploit to gain access to usernames, passwords, and other sensitive information.
There are different variants of sensitive data exposure:

Ransomware Attack

2021 has already proven to be the most dynamic year in terms of cyberattacks on record. After posting a groundbreaking 188.9 million ransomware attacks in the second quarter of 2021, SonicWall Capture Labs threat researchers have found that ransomware attacks have broken another record of 190.4 million in the third quarter.
As a form of malware, ransomware attacks can encrypt files as soon as they break into an organization’s network. The attackers make data and files unusable and then demand a ransom for the data they hold.
Certain aspects of business that have become widespread due to the pandemic, such as working remotely and using cloud-based technologies, have helped pave the way for these attacks.
Although IT departments are relying heavily on VPNs during the pandemic, it turns out they’re insufficient.
Zero-Trust Network Access (ZTNA) has proven to be a much more effective option for controlling remote access to sensitive data and reducing incidents like phishing attacks.

Phishing attacks

The dominant role of phishing attacks in the digital threat landscape is continuing to increase. Help Net Security revealed that the volume of phishing attacks in the first half of 2021 increased by 22% compared to the same period last year.
What’s more, 1 out of 5 respondents in the UK have fallen prey to a phishing attack. Phishing is one of the most well-known types of attack, and yet 97% of employees cannot identify a phishing email when they receive one.

These phishing attacks are usually disguised as emails with a call to action. The aim is to trick the recipient into clicking a link or opening an attachment. Phishing messages often look like they come from trusted sources, making the recipients more likely to feel confident in clicking on something in the email.
Phishing attacks are widespread and pernicious, allowing attackers to gain unauthorized access to sensitive data.
By 2023, it’s expected that 60% of organizations will have transitioned to ZTNA. As such, it will become more likely that phishing attacks can be prevented by controlling sensitive data remotely.

Broken Authentication

Broken authentication is an umbrella term to express several vulnerabilities that attackers exploit to impersonate real users.
It is considered one of the worst types of data breaches, and has been included in the OWASP Top 10 list since 2017.
In this type of attack, access to just a few accounts, or even a single admin account, allows attackers to compromise the whole system.
Depending on the domain of the application, this could have terrible consequences, including money laundering, social security fraud, identity theft, etc.
Multi-Factor Authentication (MFA), which forces employees to use more than one device to connect to the network, has already come to the fore as an additional defense against any kind of potential security breach.

XML External Entities

This is a type of attack against applications that parse XML input. If an XML is processed by a weakly configured parser, this type of attack can be very easy to perform.
XML External Entities prove the importance of secure coding. When attackers are able to include hostile XML content because of insecure code, the risk increases.
It may lead to denial of service, the disclosure of confidential data, server-side request forgery, or other negative impacts on the system.
In order to prevent these risks, security analysts need detailed guidance on how to disable XXE processing and how to defend against XXE attacks.
It is essential to train your developers to mitigate the XML External Entities (XEE) threats. They can do this by:

• Using simple data formats
• Upgrading all processors and libraries
• Using SAST tools to detect XXE in source code

Mobile Malware Attacks

Mobile malware attacks skyrocketed during the Covid-19 pandemic. In order to target users, malicious hackers are using fake apps, fraudulent behaviors, and trojans.
According to McAfee, there were over 43 million instances of mobile malware detected.
Since users tend to take advantage of the utility of these applications, and malware is embedded as a trojan horse within them, it is difficult to effectively detect such threats.
As organizations have shifted toward the work-from-home concept, cyber criminals have turned to mobile malware as an attack vector.

From a cybercriminal’s perspective, mobile devices provide an easy path to launch an attack, since mobile users use the device for both work and personal activities.
Although we tend to think of the enemy as being an external threat, many cyber threats can come from insiders.
And with usage of mobile devices for business increasing during the pandemic, cyber attackers have taken advantage of this situation.

SQL Injection

SQL injections are the most important injection risks to manage.
Injection happens when an attacker exploits insecure code to insert their own code into a program.
Since the program is unable to distinguish code injected in this way from its own code, cybercriminals are able to use injection attacks to access confidential information as if they are insiders.
However, application security testing can reveal systemic flaws and recommend remediation techniques such as (but not limited to) stripping special characters from user input or writing parameterized SQL queries.
The main problem comes from untrusted data with no parameterized queries.

Start preparing for 2022 now

Our industry is still navigating the disruptive effects of the pandemic. 23% of organizations have experienced some kind of disruption of their activities already, so these cyber threats require your team to be in tip-top shape for 2022.
Fortunately, according to the State of Cyber Security report, 32% of organizations that have invested in security training within their team reported that it had a strong and positive impact on their business.
However, according to ISACA’s UK Cyber Security Perceptions Study, 54% of employees say that their employers don’t provide any cybersecurity training.
At Avatao we offer real-life scenarios of security best practices to empower your teams with the knowledge and skills so that they can improve their secure coding skills and prevent common mistakes.