by Cesar Navas
January 20, 2022
2021 was certainly a turbulent year, punctuated with the revelation of a critical vulnerability in the widely-used Apache Log4j library. The lingering Covid-19 pandemic had already accelerated online and cloud migration, providing ripe targets for attackers. Organizations were faced with higher risks from interconnectivity resulting in major disruption from breaches, ransomware attacks, and attacks on the software supply chain. Tenable’s 2021 Threat Landscape Retrospective (TLR) provides valuable lessons learned as attackers relentlessly exploited the software supply chain. Cyber security practices need to evolve to address modern technology deployments. This report leverages Tenable’s 2021 Threat Landscape Retrospective to identify the most notable vulnerabilities that occurred in 2021.
The migration to cloud platforms, SaaS, IaaS, and managed service providers has changed the definition of the perimeter. Applying outdated cyber security tactics to modern cloud infrastructure is ineffective to combat current threats. A Risk-Based Vulnerability Management (RBVM) approach that evolves with the changing threat landscape is necessary to prioritize identification of unnecessary services and software, limit third-party code, implement a secure software development lifecycle, and perform accurate asset detection across the entire attack surface. Modern vulnerability management programs must include information technology, operational technology, and internet of things (IoT), whether they reside in the cloud or on premises. RBVM requires identifying and fixing critical vulnerabilities and misconfigurations in cloud and Active Directory. Unpatched vulnerabilities represent lucrative opportunities for ransomware attackers, leading to successful ransomware attacks and breaches, such as the Kaseya, SolarWinds, Colonial Pipeline, and Conti attacks.
Organizations usually perform a “lessons learned” meeting after a breach to discuss what went right, what went wrong, and how to improve their response moving forward. Tenable’s Security Response Team (SRT) continuously provides valuable insight and perspective on new threats that may affect an organization’s cyber security posture. SRT’s research enables organizations to prioritize and create remediation plans for the evolving threat landscape. This report uses CVE filters to display the top five most notable threats and provides indicators for the remaining threats identified in 2021. The content enables organizations to understand the full scope of the current attack surface and refine their security strategy accordingly.
This report is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards (ARCs), and assets. The report is easily located in the Tenable.sc Feed in the Security Industry Trends category.
The report requirements are:
- Tenable.sc 5.20.0
- Nessus 10.0.2
Tenable Research delivers world class cyber exposure intelligence, data science insights, alerts, and security advisories. The Tenable Research teams perform diverse work that builds the foundation of vulnerability management. The Security Response Team (SRT) tracks threat and vulnerability intelligence feeds and provides rapid insight to the Vulnerability Detection team, enabling them to quickly create plugins and tools that expedite vulnerability detection. This fast turnaround enables customers to gain immediate insight into their current risk posture. Tenable Research has released over 165,000 plugins and leads the industry on CVE coverage. Additionally, the SRT provides breakdowns for the latest vulnerabilities on the Tenable Blog and produces an annual Threat Landscape Retrospective. The SRT continuously analyzes the evolving threat landscape, authors white papers, blogs, Cyber Exposure Alerts, and additional communications to provide customers with comprehensive information to evaluate cyber risk.
This report contains the following components:
Executive Summary: The Executive Summary chapter provides an overview of the organization's vulnerabilities in relation to Tenable’s 2021 Threat Landscape Retrospective. The chapter includes a trend graph and heat map which give a historical record of mitigation efforts. A Class C Summary bar chart and matrix provide the operations team with an overview of the top five threats of 2021 that were detected.
TLR 2021 Vulnerabilities: The TLR 2021 Vulnerabilities chapter is broken into two sections: TLR 2021 Top 5 Threats Summary and TLR 2021 Vulnerabilities Summary. The Top 5 Threats section uses a class c summary bar chart to show an operations team which subnet to focus their mitigation efforts on, while a table shows the detected top five vulnerabilities of 2021. The TLR 2021 Vulnerabilities Summary section uses a class c summary bar chart along with a table to show any detected CVEs of the 315 CVEs included in Tenable's TLR 2021.
Key Indicators: The Key Indicators chapter starts with a host and vulnerability count breakdown of plugin families that had 2021’s most significant vulnerabilities. Each indicator uses the CVE filter to display only the TLR 2021 CVEs related to the plugin family. A section for each group in the Key Indicator chapter's introductory matrix is also used to further drill into the CVEs detected in each.