Trend Micro claimed its team blocked significantly more threats in 2021 than the year before, and it identified a shift that ransomware actors became more deliberate in targeting critical infrastructure.

"Attackers are always working to increase their victim count and profit, whether through quantity or effectiveness of attacks," Jon Clay, VP of threat intelligence at Trend Micro, said in a statement. “Our latest research shows that while Trend Micro threat detections rose 42% year-on-year in 2021 to over 94 billion, they shrank in some areas as attacks became more precisely targeted."

Ransomware groups evolved to stage attacks on critical industries that are more likely to pay, including government, banking, and health care sectors, Trend Micro’s annual cybersecurity report found. And the research team noticed a decrease in nonspecific attacks.

Additionally, threat actors teamed up for modern ransomware attacks that usually require more time and effort in planning and reconnaissance, and that ransomware-as-a-service (RaaS) is on the rise, the team pointed out. 

The report showed that REvil group, which mainly targets victims in the U.S., was one of the most active RaaS families last year, and that the Conti RaaS group executed more than 1 million attacks on the U.S. between January and mid-November in 2021.  

Overall, the vendor saw a 21% drop in ransomware detection last year, but warned it might not mean fewer attacks. Instead, it could be the result of defensive actions that blocked more malware tools such as the Cobalt Strike beacon CoBeacon, the information stealer BazarLoader, and the trojan Trickbot, the team said. 

Malicious actors also took advantage of human errors to compromise remote workers and cloud infrastructure, the report found. One of the highlighted cases was an attack TeamTNT conducted. It was a large-scale credential campaign that used an access control misconfiguration in Kubernetes to compromise 50,000 IP addresses in China and the U.S. 

As more organizations continued migrating and expanding to the cloud environment, incorrectly configured systems remained an issue, Trend Micro's research team warned. Amazon Elastic Block Store and Microsoft Azure's Virtual Machine were among the services that had higher misconfiguration rates, according to the report.

The research team said enterprises need to implement a multilayered defense. 

“As their attack surfaces expand or otherwise evolve, enterprises across the globe are compelled to explore unfamiliar security terrain where they will need high-quality data from a unified view of their entire digital ecosystems to anticipate, assess, and mitigate risks,” Trend Micro added in a blog post.