{"id":222688,"date":"2022-02-08T19:41:22","date_gmt":"2022-02-08T18:41:22","guid":{"rendered":"https:\/\/www.intrinsec.com\/?p=222688"},"modified":"2022-02-08T19:41:22","modified_gmt":"2022-02-08T18:41:22","slug":"annual-threat-trends-2021","status":"publish","type":"post","link":"https:\/\/www.intrinsec.com\/en\/annual-threat-trends-2021\/","title":{"rendered":"Annual Threat Trends 2021"},"content":{"rendered":"<h2 class=\"wp-block-heading\" id=\"h-surge-in-ransomware-attacks\">Surge in ransomware attacks<\/h2>\n\n\n\n<p><\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<h2 class=\"has-text-align-center has-vivid-red-color has-text-color has-huge-font-size wp-block-heading\"><strong>2722<\/strong><\/h2>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<p class=\"has-text-align-left has-normal-font-size\"> That&#039;s <strong>the total number of ransomware attacks claimed in 2021<\/strong>, corresponding to 7 claims per day <\/p>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<p><strong>Targeted geography<\/strong><br>When looking at the victimology of ransomware operators, one significant fact stands out: the geographical distribution of victims. Although few countries have been separated (108 countries targeted in total), this victimology points to two major trends:<br>\u2013 North America and Western Europe entities represent priority targets for these actors<br>\u2013 The Commonwealth of Independent States (CIS) and Russia remain untouched areas by these attacks<br><br><strong>Most active ransomware operators in France<\/strong><br>The majority of incident responses involving <a href=\"https:\/\/www.intrinsec.com\/en\/cert-intrinsec\/\" target=\"_blank\" rel=\"noreferrer noopener\">Intrinsic CERT<\/a> have been from actors whose attribution cannot be certain. However, several cases have been explicit enough to be able to determine with certainty the nature of the ransomware operators. This year, among the observed cases, the most prolific actors were Conti, Darkside, Ryuk and Lockbit. Our daily monitoring of data leak websites shows that these actors remain in the top 10 most active ransomware affiliates against French entities (see Figure 1.)<br><br><strong>Most common techniques used by the most active ransomware operators<\/strong><br>We have analyzed the tactics, techniques and procedures employed by the 10 most active ransomware operators in 2021. This analysis reveals that the following techniques are shared by at least 6 of the 10 selected groups:<br>\u2013 Initial Access: External Remote Services (T113)<br>\u2013 Execution: Command and Scripting Interpreter (T1059)<br>\u2013 Defense Evasion: Impair Defense (Disable or Modify Tools) (T1562.001)<br>\u2013 Discovery: File and Directory Discovery (T1083)<br><\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2022\/02\/2007.i039.019_cyber_security_spyware_data_protection_isometric_set-01-2-1024x1024.jpg\" alt=\"\" class=\"wp-image-222719\"\/><\/figure><\/div>\n<\/div>\n<\/div>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-top-10-most-active-ransomware-against-france-in-2021\">Top 10 most active ransomware against France in 2021<\/h2>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full is-resized\"><img fetchpriority=\"high\" decoding=\"async\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2022\/02\/top-10.png\" alt=\"\" class=\"wp-image-222752\" width=\"779\" height=\"542\"\/><figcaption><em>Figure 1. Most active ransomware operators against French entities, based on data leak website monitoring<\/em><\/figcaption><\/figure><\/div>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-initial-access-vector-vulnerabilities-and-phishing-on-the-top\">Initial access vector: vulnerabilities and phishing on the top<\/h2>\n\n\n\n<p>Our SOC and CERT operations as well as our monitoring on hacking platforms shows that <a href=\"https:\/\/www.intrinsec.com\/en\/bonnes-pratiques-phishing\/\" target=\"_blank\" rel=\"noreferrer noopener\">phishing <\/a>and vulnerabilities exploitation remain the most common techniques employed by threat actors to gain an initial foothold on targeted networks.<\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<p><\/p>\n\n\n\n<p><strong>Operation of remote access appliances<\/strong><br><br>This is a trend largely documented in 2020 after the beginning of the Covid-19 pandemic, RDP and VPN appliances used by employees to access their network remotely increased the attack surface of the corporate network. On the 49 missions covered by our CERT throughout 2021 and with a pandemic still ongoing, Citrix, Fortinet, SonicWall and Pulse appliances have been largely exploited by threat actors to compromised networks. The interest in RDP is also largely observed on hacking platforms with a lot of initial access brokers specialized in selling this type of product as shown in the next slide.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2022\/02\/11121-1024x683.jpg\" alt=\"\" class=\"wp-image-222662\" width=\"368\" height=\"244\"\/><\/figure><\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2022\/02\/4799410-1024x683.jpg\" alt=\"\" class=\"wp-image-222663\" width=\"390\" height=\"259\"\/><\/figure><\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<p><strong>Most frequent vulnerabilities<\/strong><br><br>Among the most exploited vulnerabilities identified by our CERT in 2021, Microsoft Exchange Server and ProxyShell exploits in particular are far ahead in terms of frequency with 18% of incidents involving one of these vulnerabilities. However, more than 20% of all the vulnerabilities observed by our CERT as being actively exploited in 2021 are dating back from 2020, 2019 and 2018. Patches are not always applied immediately, allowing threat actors to exploit vulnerabilities months after their public releases. For example, ZeroLogon&#039;s vulnerability CVE-2020-1472, discovered in 2020, has continued to be exploited by actors such as Conti and Darkside during the first half of 2021. This interest for vulnerabilities demonstrated by threat actors is largely supported by our SOC operations as in 15,496 detections in 2021 \u201cExecution of malicious code attempts\u201d remains one of the most observed one (13%).<\/p>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<p><strong>Phishing<\/strong><br><br>Two key statistics highlighted by our <a href=\"https:\/\/www.intrinsec.com\/en\/soc-securite-operationnelle\/\" target=\"_blank\" rel=\"noreferrer noopener\">SOC<\/a> and CERT reveal that threat actors keep using phishing to get an initial foothold on a network:<br>\u2013 12% of the incident responses conducted by CERT Intrinsec involved phishing attempts;<br>\u2013 The incident type \u201cmalicious link\u201d is among the most observed one by our SOC (alongside aggressive port scans, aggressive subnet scans and bruteforce attempts)<br>This initial access technique is used by threat actors distributing loaders such as Emotet, IceID, Bazar Loader or QakBot. This type of threat continues to target corporates and is often combined with other threats such as the exploitation of known vulnerabilities or ransomware, making them potentially<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2022\/02\/3892309-1024x1024.jpg\" alt=\"\" class=\"wp-image-222664\" width=\"251\" height=\"251\"\/><\/figure><\/div>\n<\/div>\n<\/div>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-cybercrime-marketplace-still-going-strong\">Cybercrime marketplace still going strong<\/h2>\n\n\n\n<p>The activity on cybercrime marketplaces keeps growing, as well as shifting from Dark towards Surface Web platforms. Our investigations conducted on these networks throughout 2021 identify particularly strong demand for the diverse typologies of criminal goods and services as follows:<\/p>\n\n\n\n<h3 class=\"has-text-align-center has-vivid-cyan-blue-color has-text-color wp-block-heading\" id=\"h-33-vulnerabilities\">33% Vulnerabilities<\/h3>\n\n\n\n<p class=\"has-text-align-center\">Pronounced interest in buying\/selling Remote Desktop Protocol configurations for fraudulent access to systems of companies operating across multiple sectors. SQL injections to target vulnerable websites are also in high demand.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"has-text-align-center has-vivid-cyan-blue-color has-text-color wp-block-heading\">33% Customer Data<\/h3>\n\n\n\n<p class=\"has-text-align-center\">Stolen customer databases, containing sensitive information such as connection credentials to various online services or financial data, remain one of the most popular goods on cybercrime networks.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"has-text-align-center has-vivid-cyan-blue-color has-text-color wp-block-heading\">29% Company Data<\/h3>\n\n\n\n<p class=\"has-text-align-center\">Employee connection credentials to internal companies&#039; internal services, ie efficient vectors of compromise, are a sought-after product. Likewise for internal sensitive or confidential data, such as strategic projects or HR information.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"has-text-align-center has-vivid-cyan-blue-color has-text-color wp-block-heading\">5% Counterfeit goods \/ services<\/h3>\n\n\n\n<p class=\"has-text-align-center\">Demand for counterfeit goods and services on criminal marketplaces is persistent, although handled to a lesser extent from the viewpoint of CTI teams (dealing mostly with cases of fraudulent configurations imitating real services).<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-zero-days-and-supply-chain-attacks\">Zero-days and supply chain attacks<\/h2>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2022\/02\/Schema-CTI-1024x500.png\" alt=\"\" class=\"wp-image-222749\" width=\"992\" height=\"484\"\/><\/figure><\/div>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-most-impactful-2021-flaws-involving-zero-day-vulnerabilities-and-or-a-supply-chain-attack\">Most impactful 2021 flaws involving Zero-Day vulnerabilities and\/or a supply chain attack<\/h2>\n\n\n\n<p><\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow\">\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<p class=\"has-text-align-right has-medium-font-size\"><strong>JANUARY 2021<\/strong><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"alignright size-full\"><a href=\"https:\/\/www.solarwinds.com\/fr\/\"><img decoding=\"async\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2022\/02\/image-22.png\" alt=\"\" class=\"wp-image-222726\"\/><\/a><\/figure><\/div>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p class=\"has-text-align-right\"><strong>05\/01\/2021<\/strong><br>US intelligence agencies formally accuse Russia of association with the SolarWinds attack that dates back in September 2019<\/p>\n\n\n\n<p class=\"has-text-align-right\">Russian-state sponsored attackers inserted a backdoor into SolarWinds Orion IT monitoring software updates to 18,000 government entities and Fortune 500 companies. Through this, malware was distributed to at least nine US federal agencies and more than 100 companies<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\"><\/div>\n<\/div>\n<\/div><\/div>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\"><\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<p class=\"has-medium-font-size\"><strong>MARCH 2021<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2022\/02\/image-23.png\" alt=\"\" class=\"wp-image-222727\"\/><\/figure>\n\n\n\n<p><strong>01\/03\/2021<\/strong><br>Accellion releases a latest patch based on IR mandiant report fixing a series of 0-day vulnerabilities affecting Accellion File Transfer Appliance compromised that started back in December 2020;<\/p>\n\n\n\n<p>Attacks carried out by a Russian-speaking cybercriminal group known as FIN11 using zero-days against Accellion FTA servers hit around 100 companies across the world in December 2020 and January 2021. In some cases FIN11 leveraged CLOP double extortion infrastructure<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.microsoft.com\/fr-fr\/microsoft-365\/exchange\/email\"><img decoding=\"async\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2022\/02\/image-24.png\" alt=\"\" class=\"wp-image-222732\"\/><\/a><\/figure>\n\n\n\n<p><strong>03\/03\/2021<\/strong><br>Mass exploitation of Microsoft on-prem Exchange RCE dubbed Proxylogon. Indications of retroactive exploitation dating back two weeks<\/p>\n\n\n\n<p>In March 2021 Chinese cyber espionage groups exploited four vulnerabilities in Microsoft&#039;s on-premises Exchange Server software. This compromised more than 100,000 servers worldwide.<br>Beyond the intelligence gathering from emails, the latter were abused for hijack existing email threads by the infamous Emotet botnet<\/p>\n<\/div>\n<\/div>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<p class=\"has-text-align-right has-medium-font-size\"><strong>JULY 2021<\/strong><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"alignright size-full\"><a href=\"https:\/\/www.kaseya.com\/fr\/\"><img decoding=\"async\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2022\/02\/image-25.png\" alt=\"\" class=\"wp-image-222733\"\/><\/a><\/figure><\/div>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p class=\"has-text-align-right\">02\/06\/2021<br>Pre-auth remote code execution of 0-day exploits against Kaseya VSA server<\/p>\n\n\n\n<p class=\"has-text-align-right\">At the end of June Kaseya, which provides a service to manage enterprise IT infrastructures, was compromised by the Russia-based REvil criminal gang. Kaseya can deploy software updates (patches) to the systems under management, so REvil used this to push ransomware to all Kaseya customers, affecting thousands of companies worldwide. 100 had some measure of impact from the attack, with another 25 of those experiencing significant data loss.<br><\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\"><\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\"><\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<p class=\"has-medium-font-size\" id=\"h-december-2021\"><strong>DECEMBER 2021<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/logging.apache.org\/log4j\/2.x\/\"><img decoding=\"async\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2022\/02\/image-26.png\" alt=\"\" class=\"wp-image-222734\"\/><\/a><\/figure>\n\n\n\n<p><strong>01\/12\/2021<\/strong><br>The first proof of exploitation attempts would have been observed by Cloudflare and Cisco Talos<\/p>\n\n\n\n<p>This open-source component is widely used across many suppliers&#039; software and services. Not only numerous state-sponsored threats crystallized on the situation as well as top-tier ransomcartels but also coin miners and botnets.<\/p>\n<\/div>\n<\/div>\n\n\n\n<p><\/p>","protected":false},"excerpt":{"rendered":"<p>Surge in ransomware attacks 2722 That&#039;s the total number of ransomware attacks claimed in 2021, [\u2026]<\/p>","protected":false},"author":29,"featured_media":222764,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9,1],"tags":[],"class_list":["post-222688","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-threat-intelligence","category-non-categorise"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Annual Threat trends 2021 - INTRINSEC<\/title>\n<meta name=\"description\" content=\"Our CTI team, supported by our SOC and CERT teams publishes its annual threat trends for 2021! Read all about our findings on surge in ransomware attacks, cybercrime business, the most used initial access vectors and the most impactful zero-days and supply-chain attacks\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intrinsec.com\/en\/annual-threat-trends-2021\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Annual Threat trends 2021\" \/>\n<meta property=\"og:description\" content=\"Our CTI team, supported by our SOC and CERT teams publishes its annual threat trends for 2021! Read all about our findings on surge in ransomware attacks, cybercrime business, the most used initial access vectors and the most impactful zero-days and supply-chain attacks\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intrinsec.com\/en\/annual-threat-trends-2021\/\" \/>\n<meta property=\"og:site_name\" content=\"INTRINSEC\" \/>\n<meta property=\"article:published_time\" content=\"2022-02-08T18:41:22+00:00\" \/>\n<meta name=\"author\" content=\"Equipe CTI\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Equipe CTI\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/annual-threat-trends-2021\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/annual-threat-trends-2021\\\/\"},\"author\":{\"name\":\"Equipe CTI\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/8a19ea39207ca7bd0c356c66628c86bb\"},\"headline\":\"Annual Threat trends 2021\",\"datePublished\":\"2022-02-08T18:41:22+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/annual-threat-trends-2021\\\/\"},\"wordCount\":1142,\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/annual-threat-trends-2021\\\/#primaryimage\"},\"thumbnailUrl\":\"\",\"articleSection\":[\"Cyber Threat Intelligence\",\"Non cat\u00e9goris\u00e9\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/annual-threat-trends-2021\\\/\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/annual-threat-trends-2021\\\/\",\"name\":\"Annual Threat trends 2021 - INTRINSEC\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/annual-threat-trends-2021\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/annual-threat-trends-2021\\\/#primaryimage\"},\"thumbnailUrl\":\"\",\"datePublished\":\"2022-02-08T18:41:22+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/8a19ea39207ca7bd0c356c66628c86bb\"},\"description\":\"Our CTI team, supported by our SOC and CERT teams publishes its annual threat trends for 2021! Read all about our findings on surge in ransomware attacks, cybercrime business, the most used initial access vectors and the most impactful zero-days and supply-chain attacks\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/annual-threat-trends-2021\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/annual-threat-trends-2021\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/annual-threat-trends-2021\\\/#primaryimage\",\"url\":\"\",\"contentUrl\":\"\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/annual-threat-trends-2021\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.intrinsec.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Annual Threat trends 2021\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/\",\"name\":\"INTRINSEC\",\"description\":\"Notre m\u00e9tier , Prot\u00e9ger le v\u00f4tre\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.intrinsec.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/8a19ea39207ca7bd0c356c66628c86bb\",\"name\":\"Equipe CTI\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/?s=96&d=retro&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/?s=96&d=retro&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/?s=96&d=retro&r=g\",\"caption\":\"Equipe CTI\"},\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/en\\\/author\\\/equipe-cti\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Annual Threat trends 2021 - INTRINSEC","description":"Our CTI team, supported by our SOC and CERT teams publishes its annual threat trends for 2021! Read all about our findings on surge in ransomware attacks, cybercrime business, the most used initial access vectors and the most impactful zero-days and supply-chain attacks","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intrinsec.com\/en\/annual-threat-trends-2021\/","og_locale":"en_US","og_type":"article","og_title":"Annual Threat trends 2021","og_description":"Our CTI team, supported by our SOC and CERT teams publishes its annual threat trends for 2021! Read all about our findings on surge in ransomware attacks, cybercrime business, the most used initial access vectors and the most impactful zero-days and supply-chain attacks","og_url":"https:\/\/www.intrinsec.com\/en\/annual-threat-trends-2021\/","og_site_name":"INTRINSEC","article_published_time":"2022-02-08T18:41:22+00:00","author":"Equipe CTI","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Equipe CTI","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.intrinsec.com\/annual-threat-trends-2021\/#article","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/annual-threat-trends-2021\/"},"author":{"name":"Equipe CTI","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/8a19ea39207ca7bd0c356c66628c86bb"},"headline":"Annual Threat trends 2021","datePublished":"2022-02-08T18:41:22+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intrinsec.com\/annual-threat-trends-2021\/"},"wordCount":1142,"image":{"@id":"https:\/\/www.intrinsec.com\/annual-threat-trends-2021\/#primaryimage"},"thumbnailUrl":"","articleSection":["Cyber Threat Intelligence","Non cat\u00e9goris\u00e9"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.intrinsec.com\/annual-threat-trends-2021\/","url":"https:\/\/www.intrinsec.com\/annual-threat-trends-2021\/","name":"Annual Threat trends 2021 - INTRINSEC","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intrinsec.com\/annual-threat-trends-2021\/#primaryimage"},"image":{"@id":"https:\/\/www.intrinsec.com\/annual-threat-trends-2021\/#primaryimage"},"thumbnailUrl":"","datePublished":"2022-02-08T18:41:22+00:00","author":{"@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/8a19ea39207ca7bd0c356c66628c86bb"},"description":"Our CTI team, supported by our SOC and CERT teams publishes its annual threat trends for 2021! Read all about our findings on surge in ransomware attacks, cybercrime business, the most used initial access vectors and the most impactful zero-days and supply-chain attacks","breadcrumb":{"@id":"https:\/\/www.intrinsec.com\/annual-threat-trends-2021\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intrinsec.com\/annual-threat-trends-2021\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intrinsec.com\/annual-threat-trends-2021\/#primaryimage","url":"","contentUrl":""},{"@type":"BreadcrumbList","@id":"https:\/\/www.intrinsec.com\/annual-threat-trends-2021\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.intrinsec.com\/"},{"@type":"ListItem","position":2,"name":"Annual Threat trends 2021"}]},{"@type":"WebSite","@id":"https:\/\/www.intrinsec.com\/#website","url":"https:\/\/www.intrinsec.com\/","name":"INTRINSEC","description":"Our job is to protect yours.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intrinsec.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/8a19ea39207ca7bd0c356c66628c86bb","name":"CTI Team","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=retro&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=retro&r=g","caption":"Equipe CTI"},"url":"https:\/\/www.intrinsec.com\/en\/author\/equipe-cti\/"}]}},"_links":{"self":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/222688","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/users\/29"}],"replies":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/comments?post=222688"}],"version-history":[{"count":0,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/222688\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/media?parent=222688"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/categories?post=222688"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/tags?post=222688"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}