You are on the Cert-IST public site
Annual review regarding vulnerabilities and attacks for 2021

Date :February 18, 2022

The aim of this review is to highlight the general tendencies and threat evolution to help the community to enhance their protections.

This document is available:

Following are some of the topics you will find in this report.

Top 8 events for 2021:

  • ProxyLogon and ProxyShell attack in Microsoft Exchange,
  • Apache Log4j vulnerability,
  • PrintNightmare vulnerabilities,
  • NTLM Relay attacks are back (PetitPotam),
  • REvil attack against Kaseya
  • Pegasus attack and Zero-Click vulnerabilities in Apple (ForcedEntry)
  • attacks targeting CI-CD environments
  • The rise of vulnerability in Microsoft Azure

In this report, Cert-IST analyses the most significant trends for 2021:

  • Exchange ProxyLogon: the most important attack of 2021
  • Ransomware: attacks keep going
  • Other blackmail attacks targeting companies
  • Crypto-currencies: attacks on platforms and assets increase
  • Attacks via the supply chain
  • Source code: a new target for attacks
  • Increasing number of vulnerabilities
  • Log4j: what should we learn from it?
  • Geopolitics and state attacks