Nuspire announced the release of its 2020 Q4 and Year in Review Threat Landscape Report. Sourced from its 90 billion traffic logs, the report outlines new cybercriminal activity and tactics, techniques and procedures (TTPs) with additional insight from its threat intelligence partner, Recorded Future.
"The volume of sophisticated attacks seen throughout 2020 highlight the criticality of business intelligence and cybersecurity detection and response to improving organizational cyber readiness," said Craig Robinson, Program Director, Security Services at IDC. "Nuspire's latest report puts into perspective the changing nature of cyberattacks. Security leaders must be ready for unexpected situations, consistently revisiting and revamping their cybersecurity strategies."
2020 was a chaotic year that shifted the threat landscape and changed the way many organizations manage their business operations. In addition to increasingly sophisticated and frequent attacks, Nuspire security experts observed a massive spike in malware with Visual Basic for Applications (VBA) agent activity, which overshadowed all other malware variants identified throughout the year. The report also found a consistent increase of exploitation events trough 2020 with an overall growth of 116% as attackers continued to leverage newly disclosed vulnerabilities.
"The SolarWinds attack shook the cybersecurity community to its core and should serve as a reminder to organizations small or large that security must be a priority within every aspect of the business," said John Ayers, Nuspire Chief Strategy Product Officer. "As attack techniques continue to evolve and the frequency of attacks increases, it's critical for business success to understand the changing threat landscape and how to protect themselves from cyberthreats."
During Q4 security experts uncovered a 10,000% increase in ransomware activity—the largest spike in activity Nuspire has observed to date. Ransomware operators targeted some of the most vulnerable moments in time, including the U.S. Presidential Election, the holidays, and continued to leverage year-long themes, such as the COVID-19 pandemic. Additionally, exploit attacks saw a whopping 68% increment this quarter as a result of a numerous SMB brute force login attempts, activity spiked over 90,000% in bursts throughout the quarter.
Additional notable findings from Nuspire's 2020 Q4 and Year in Review Threat Landscape Report include:
- Although malware activity was on a slow decline at the beginning of 2020, activity sharply increased in Q4, reaching its highest point through the year in September. VBA Trojans were the most commonly observed malware at 95%, suggesting either numerous malspam campaigns were launched or a large-scale one was instigated by unknown operators. Nuspire expects that VBA agent activity will continue to overshadow other variants as VBA are often the first stage of infection.
- Throughout 2020, Nuspire observed a consistent increase of exploitation events with DoublePulsar reigning as the top utilized technique. However, Q4 saw the largest volume of activity in December with SMB Login Brute Force attempts, closely followed by HTTP Server Authorization Buffer Overflow attacks.
- Botnet and Exploit activity remained fairly consistent throughout the year with the largest contenders being ZeroAccess Botnet, which made a significant appearance in May, and DoublePulsar staying at the top of the exploit activity list in 2020.
- In Q4, attackers increased attempts to exploit new vulnerabilities as they were disclosed. This escalation was driven by the release of known vulnerability in over 49,000 Fortinet devices on the dark web and APT groups - which also targeted the SSL-VPN Vulnerability (CVE-2018-13379). Shortly after this list was release, activity attempting to exploit this vulnerability increased by 4,176%.
Learn more about protecting your organization from increasing cyber threats and download Nuspire's 2020 Q4 and Year in Review Threat Report.