2021 Vulnerability Landscape

Editor’s Note: The following post is an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF.

The annual vulnerability report surveys the threat landscape of 2021, summarizing a year of intelligence produced by Recorded Future’s threat research team, Insikt Group. It draws from data on the Recorded Future® Platform, including open sources like media outlets and publicly available research from other security groups, as well as closed sources on the criminal underground, to analyze global trends and evaluate the top 10 most significant vulnerability disclosures from 2021. The report will be of interest to anyone seeking a broad, holistic view of the cyber vulnerability threat landscape in 2021.

Executive Summary

The 2021 vulnerability threat landscape was defined by high-profile incidents involving integral vendor software that led to widespread data breaches and malware attacks. With timing reminiscent of the SolarWinds Orion SUNBURST backdoor disclosure in December 2020, the most serious vulnerability of 2021, commonly known as “Log4Shell” and tracked as CVE-2021-44228, was first publicly disclosed on December 9, 2021. Other major vulnerabilities throughout the year were identified affecting Microsoft Exchange and Windows Print Spoolers, VMware vCenter, legacy Accellion FTA, and the IT management company Kaseya’s Virtual System Administrator. Each of these critical vulnerabilities were exploited by criminal and state-sponsored threat actors in compromises including data breaches and ransomware attacks that had far-reaching consequences for vendors in all industry tiers. 

The severity of many of the disclosed and exploited vulnerabilities in 2021, particularly the Log4Shell vulnerabilities and the numerous vulnerabilities associated with Microsoft technologies, should not distract from the number and diversity of affected products throughout 2021. High-risk vulnerabilities and actively exploited vulnerabilities disclosed in 2021 affected products belonging to a more diverse array of parent companies than prior years. Outside of the top 10, which mainly affected Microsoft products, serious actively exploited vulnerabilities were also identified affecting products from Linux, Google, Pulse Connect Secure, and Apple, among others. 

Several of these vulnerabilities were initially exploited in zero-day attacks, as they had already been targeted prior to discovery and disclosure, or in N-day attacks, in which the vulnerability is known but a patch is unavailable. In addition, shortly after vulnerability disclosures, threat groups hastily targeted vulnerable systems to deploy post-exploitation malware and malicious tools.

Contrary to our findings in previous years (2020, 2019, 2018), none of the top exploited vulnerabilities of 2021 were recycled vulnerabilities disclosed in prior years. Rather, the notable trend in 2021 vulnerability exploitation on the criminal underground was how quickly threat actors have begun exploiting newly discovered vulnerabilities in the wild and deploying post-exploitation tools.

Editor’s Note: This post is an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF.