Many adversaries take advantage of new vulnerabilities and convert them into weaponized attacks, while extreme adversaries focus on supply chain and targeted attacks.
The work from home (WFH) transition over this past year has triggered a historic change in how corporations do business. This has also triggered a massive change in the approach of increasingly advanced threat actors looking to take advantage of this WFH shift. Many adversaries now take advantage of new vulnerabilities and convert them into weaponized attacks very easily and very quickly, while the extreme adversaries are now focusing on supply chain and targeted attacks. This combination makes for a very challenging environment for any modern enterprise.
These increasingly advanced threats fall into two categories. Those that are (1) known and easiest to execute broadly and (2) well-funded and planned, which are also the most sophisticated and damaging. In the former, there are known threats and evasive malware. Zero-day attacks are still split between the two categories but with a growing likelihood for a new zero-day to be broadly exploited very quickly. Meanwhile, in the most sophisticated and damaging category are supply chain and targeted attacks.