Study: Malware and Exploit Activity are Up More than 57%

Published On: March 15, 2021Categories: Buzz, Uncategorized

Nuspire, a Michigan-based MSSP, has released its latest Threat Landscape Report. Sourced from 90 billion traffic logs, the report outlines new cybercriminal activity and tactics, techniques and procedures.

In addition to increasingly sophisticated and frequent attacks, the Nuspire team observed a massive spike in malware with Visual Basic for Applications (VBA) agent activity, which overshadowed all other malware variants identified throughout the year. The report also found a consistent increase of exploitation events trough 2020 with an overall growth of 116% as attackers continued to leverage newly disclosed vulnerabilities.

“The SolarWinds attack shook the cybersecurity community to its core and should serve as a reminder to organizations small or large that security must be a priority within every aspect of the business,” said Chief Strategy Product Officer John Ayers. “As attack techniques continue to evolve and the frequency of attacks increases, it’s critical for business success to understand the changing threat landscape and how to protect themselves from cyberthreats.”

The report shows a 10,000% increase in ransomware activity—the largest spike in activity that the company has observed to date. Ransomware operators targeted some of the most vulnerable moments in time, including the U.S. Presidential Election, the holidays, and continued to leverage year-long themes, such as the COVID-19 pandemic. Additionally, exploit attacks saw a whopping 68% increment this quarter as a result of a numerous SMB brute force login attempts, activity spiked over 90,000% in bursts throughout the quarter.

Although malware activity was on a slow decline at the beginning of 2020, activity sharply increased in Q4, reaching its highest point through the year in September. VBA Trojans were the most commonly observed malware at 95%, suggesting either numerous malspam campaigns were launched or a large-scale one was instigated by unknown operators. Nuspire expects that VBA agent activity will continue to overshadow other variants as VBA are often the first stage of infection.

Throughout 2020, Nuspire observed a consistent increase of exploitation events with DoublePulsar reigning as the top utilized technique. However, Q4 saw the largest volume of activity in December with SMB Login Brute Force attempts, closely followed by HTTP Server Authorization Buffer Overflow attacks. Botnet and Exploit activity remained fairly consistent throughout the year.

Channel Impact®
Nuspire’s Threat Report provides data and insight into malware, exploit and botnet activity throughout 2020, including the largest spike in ransomware activity seen to date in Q4. The results underscore the opportunity for both MSSPs and channel partners.

Stay in the Know

Keep tabs on what’s happening in the channel and the impact it will have on the partner community by subscribing to Channel Impact communications.

Recent News

Search Buzz

Buzz Categories