The number of hackers submitting vulnerabilities went up by 63% in 2020, according to HackerOne’s 2021 Hacker Report.
The bug bounty platform noted that hackers ramped up their workload in response to the digital shift during COVID-19, with 38% of those surveyed stating they have spent more time hacking since the start of the pandemic.
There was also an increased focus on emerging threats last year. This includes security weaknesses linked to cloud adoption, with misconfiguration vulnerabilities rising by 310%, while submissions for both improper access control and privilege escalation went up by 53%.
Additionally, hackers increasingly targeted different types of technologies in 2020. This included a 694% growth in hackers saying they spend time hacking APIs, a 663% rise in those hacking Android and a 1000% increase in hackers focusing on IoT compared to 2019.
Interestingly, half of the hackers surveyed revealed they have not disclosed a bug they found, with lack of a clear reporting focus (27%), previous negative experiences with the company in question (27%) and no bounty being offered (19%) cited as the main factors in this decision.
HackerOne also asked hackers about their motivation, finding that money is not the only factor; for instance, 85% cited learning and 62% cited advancing their career.
Overall, the report said that hackers earned over $40m in bounties last year, which brings total hacker earnings to over $100m.
Jobert Abma, HackerOne co-founder, commented: “This year’s Hacker Report demonstrates the depth of vulnerability insights that hackers bring to a security program. We’re seeing huge growth in vulnerability submissions across all categories and an increase in hackers specializing across a wider variety of technologies. As we see slower growth in some common vulnerabilities that are easily found and fixed, we’re seeing hackers be more creative in their attempt to discover new attack vectors. Every time a hacker links several low severity vulnerabilities together to help a customer avoid a breach, or finds a unique bypass to a software patch, it proves that machines will never truly outpace humankind.”