The 2021 Threat Landscape Retrospective: Targeting the Vulnerabilities that Matter Most

A review of the year in vulnerabilities and breaches, with insights to help guide cybersecurity strategy in 2022 and beyond.

“We do not learn from experience... we learn from reflecting on experience.” - John Dewey, American philosopher

We all know that the best way to improve is by debriefing, especially when it comes to reviewing security events and vulnerabilities. Tenable’s 2021 Threat Landscape Retrospective (TLR) is a valuable resource for security professionals seeking to improve their understanding of the threat landscape in 2021 with a goal to improve their security in 2022. 

The Threat Landscape Retrospective is the result of tracking and analyzing government, vendor and researcher advisories on important vulnerabilities throughout the year. Tenable’s Security Response Team produces the report annually to provide a resource for cybersecurity professionals. 

In 2021, there were 21,957 new CVEs assigned from January to November, a 20% increase over 2020. There were 105 zero-day vulnerabilities disclosed, a 262% increase over the 29 zero-days in 2020. As for data breaches, our count is 1,825 in the 12 months from October 2020 to October 2021. These metrics all represent upticks from 2020’s data.

One element that felt like deja vu as we were compiling this report was the revelation of a major security event just as the year was coming to a close. In 2020 we were disrupted by the NOBELIUM cyberespionage campaign that targeted organizations through SolarWinds in December, and of course in 2021 it was the exposition of the Log4Shell vulnerability.

Similarly to SolarWinds, it is important not to let Log4Shell draw our attention away from the myriad other vulnerabilities and security events reviewed in the TLR. In fact, the study demonstrates the sheer volume of vulnerabilities facing security organizations and illustrates the challenges of reducing risk.

What’s inside the 2021 Threat Landscape Retrospective

Section one of the report reviews high-level events and trends from the year, zero days and legacy vulnerabilities. In this section we analyze the year’s top vulnerabilities and zero-days, including exploring their origin and the systems affected. For example, flaws in Microsoft Exchange and Windows Print Spooler dominated.

Section two is all about what bad actors did this year and how they did it. We review the outcome of their efforts, including data breaches, ransomware and attacks against the supply chain. 

Section three is a valuable list and overview of every major vulnerability from the year and the vendor it affected. There are over 300 vulnerabilities in this list including context such as the criticality of each, the events that took place and the vendor they affected. In the already busy day security personnel, the TLR helps make sense of a cacophony of vulnerabilities from a year that was unlike any other. 

What you’ll learn from Tenable’s 2021 Threat Landscape Retrospective 

• The challenges in securing an evolving perimeter
• How ransomware groups are leveraging Active Directory vulnerabilities and misconfigurations in their attacks
• Context surrounding the surge in supply chain attacks in the wake of the NOBELIUM SolarWinds incident

Get more information

• Download the full report here
• Attend the webinar: Tenable Research 2021 Recap and Defender’s Guidance for 2022
• Blog post about 2021 Threat Landscape Retrospective Tenable.io Dashboard
• Blog post about 2021 Threat Landscape Retrospective Tenable.sc Dashboard
• Follow Tenable’s Security Response Team on the Tenable Community