Leonardo's report on the most widespread cyber attacks in the final quarter of 2021

11 February 2022

Leonardo's latest Cyber Threats Snapshot highlights the main malevolent actors (threat actors), cybercrime activities and vulnerabilities found between October and December 2021. The analysis was conducted by Leonardo’s Cyber Threat Intelligence experts in support of the Global Security Operation Center (SOC).

Among the most significant trends recorded in the last three months of 2021:

  • Telecommunications companies high on the target list of threat actors
  • COVID-19 is used as the subject of emails with malicious attachments
  • One of the most serious vulnerabilities of the decade was identified

Telecommunications under attack for wiretapping purposes

To date, the most affected sectors by threat actors have been government, defence, aerospace and healthcare. Now, however, there is a growing focus by cyber criminals on telecommunications companies. Not only are these organisations’ computer systems, software or networks being targeted, but also the infrastructures. The purpose of the attacks is to intercept sensitive user communications and spy against specific targets such as companies, politicians, government officials, law enforcement agencies and political activists.

Another case of "spam-demia"

A new malspam campaign, i.e. the receipt of emails or messages containing malicious links or attachments, which exploits COVID-19, characterised the last quarter of 2021. The scam (phishing) emails sent to the victims contain related information to an alleged contact of the recipient with a positive colleague on the Omicron variant. The victim is invited to view an attachment. By opening it and enabling its content, the malware is automatically downloaded and begins to search for banking credentials and / or to obtain remote access on the infected device.

More generally, the report highlights how malspam campaigns continue to be the most used tool to violate IT systems because they are often facilitated by the actions of people, "the victims", who, unaware, put the integrity of personal data or business systems at risk. The human factor in cyber security remains a crucial issue.

A potential risk for hundreds of millions of machines 

In December, a serious vulnerability was found that caused much concern among experts. The software in which this vulnerability is found, is one of the most important tools for managing application logging libraries used by companies, websites and online services. It is estimated that it could be present on three billion devices globally. This vulnerability allows external users to break into systems, remotely executing malicious code. Due to the spread of this software on a global scale and the ease of execution of attacks, the vulnerability received a criticality rating of 10 out of 10.

The reports' conclusions include an analysis of the dynamics observed in the reference period with a forecast of future trends for the various business sectors in light of the experience gained by Leonardo's analysts.

Download the complete report (Italian language only): https://cybersecurity.leonardocompany.com/accedi

For more information, please email: cyberandsecurity@leonardo.com
Follow us on Twitter, LinkedIn and Instagram to keep informed about our activities.