2021 Hacker Report: Hackers are not just driven by money

HackerOne released its 2021 Hacker Report that reveals a 63% increase in the number of hackers submitting vulnerabilities in 2020.

As organizations’ attack surfaces have shifted due to pandemic led digital transformation, hackers have adapted and zeroed in on emerging threats. Reports for vulnerabilities caused by trends like moving to the cloud have proliferated in the past year, with misconfiguration vulnerabilities rising by 310%.

Other key findings

• 38% of hackers spent more time hacking since the COVID-19 pandemic started
• Top hackers, on average, are reporting bugs across 20 different vulnerability categories, with a 53% rise in submissions for both Improper Access Control and Privilege Escalation
• Half the hackers surveyed have not reported a bug because of a lack of a clear reporting process, or a previous negative experience
• Hackers are not just driven by money, 85% of hackers do it to learn and 62% do it to advance their career
• Hackers are expanding their experience of different technologies with more specialising in IoT, APIs and Android apps than ever before

“This year’s Hacker Report demonstrates the depth of vulnerability insights that hackers bring to a security program,” said HackerOne co-founder, Jobert Abma.

“We’re seeing huge growth in vulnerability submissions across all categories and an increase in hackers specialising across a wider variety of technologies. As we see slower growth in some common vulnerabilities that are easily found and fixed, we’re seeing hackers be more creative in their attempt to discover new attack vectors. Every time a hacker links several low-severity vulnerabilities together to help a customer avoid a breach, or finds a unique bypass to a software patch, it proves that machines will never truly outpace humankind.”