Global Threat Report Full Year 2021
Threat actors did not skip a beat in 2021. They continued to propagate attacks while constantly cycling through both new and old tactics. They were always revising and improving their approach to help improve their chances of subverting both security controls and the human factor. In this report, we will explore many of those tactics in detail.
The phishing landscape is ever expanding as attackers find new avenues for attack. Threat actors committing Business Email Compromise (BEC) attacks showed no signs of abating throughout the year. While their approach generally required a minimal amount of time and money investment, we saw them deploy some interesting new tactics. Those committing Living of the Land (LotL) phishing attacks continued their abuse of many of the legitimate services we had seen them using prior. However, they also added many new services to their arsenal and began chaining these services together within the same attack to enhance obfuscation. We also saw them employing the use of CAPTCHA technology to further obfuscate the true nature of their attacks. In addition, there was a significant uptick in call-center-based phishing attacks. These were far more prominent than in recent years and relied on phone-based scammers to deploy a bevy of threats. Phishing attacks targeting cryptocurrency assets were also on the rise this year with attackers finding new methods for defrauding investors.Download Now