The second cyber attacks timeline of November 2021 is finally out (you can find the first one here or in the link below)! In the second half of this month I have collected 96 events, with a daily average slightly decreasing to 6.4 events/day from 6,67 events/day. Ransomware continues to dominate the threat landscape but the percentage of events directly or indirectly characterized dropped to 22% from 30.6% of the previous timeline (but despite the decrease, the criminals are still asking for massive ransoms.) I wonder if this is an effect of the increasing pressure of the law enforcement agencies against the ransomware syndicates.

Another common trend of this period is the impact of vulnerabilities: in this timeline they characterized the 12% of events including several ransomware attacks. We have, among the others, a new 0-day for Android (CVE-2021-1048), the Tortilla threat actor exploiting ProxyShell to deploy the Babuk ransomware, and several widespread operations exploiting Zoho’s ManageEngine ADSelfService Plus CVE-2021-4053 (and yes, threat actors continue to exploit SolarWinds’ Serv-U CVE-2021-35211.

Robinhood had the information of approximately 7 million customers compromised, and another decentralized finance (DeFi) platform has bitten the dust, suffering the theft of $55 million worth of crypto assets by a suspected North Korean threat actor.

As usual, the cyber espionage front is quite crowded, a threat actor dubbed DEV-0322 has been very busy to exploit the ManageEngine vulnerability, the Lazarus Group never misses a timeline, along with other well known threat actors such as Lyceum and Kimsuky. Another important cyber espionage campaign characterizing this timeline is the PhoneSpy spyware targeting Android users in South Korea.

Expand for details

Enjoy the interactive timeline, and thanks for sharing it, and supporting my work in spreading the risk awareness across the community. Also, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.



The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.

  • Q3 2023 Cyber Attacks StatisticsQ3 2023 Cyber Attacks Statistics

    The third quarter of 2023 saw a 6.5% increase in cyber attacks with 1,108 events. Cybercrime led the charts with 79.7% of motives, mostly using malware techniques. Exploitation of vulnerabilities ranked second, majorly affecting multiple industries and healthcare and financial sectors.

  • Photo by Towfiqu barbhuiya on UnsplashThe Biggest Data Breaches of 2023

    Similarly to what I have done in 2022 and 2021, I am collecting the main mega breaches...

  • Q4 2022 Cyber Attacks Statistics

    I have aggregated the statistics created from the cyber attacks timelines published during Q4 2022) In total I collected...

  • September 2023 Cyber Attacks Statistics

    In September 2023, cyber crime continued to lead with 77.1% of total events, but showed a decrease. Cyber Espionage grew to 11.6%, while Hacktivism significantly dropped. Malware remains the leading attack technique and multiple organizations are the top targets.

  • 2020 Cyber Attacks Statistics

    As promised, I have pulled together some statistics from the data collected in 2020. The master table is available at the end of the post after the charts.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.