Final quarter of 2020 sees massive spike in ransomware
The last quarter of 2020 saw a 10,000 percent increase in ransomware activity according to a new report from managed security services provider Nuspire.
The company's latest Year in Review Threat Landscape Report -- sourced from its 90 billion traffic logs -- outlines new cybercriminal activity and tactics, techniques and procedures.
Ransomware operators targeted some of the most vulnerable moments of the year, including the US election and the holidays, as well as year-long themes, such as the COVID-19 pandemic. Additionally, exploit attacks saw a huge 68 percent increase in Q4 as a result of numerous SMB brute force login attempts, activity spiked over 90,000 percent in bursts throughout the quarter.
"The SolarWinds attack shook the cybersecurity community to its core and should serve as a reminder to organizations small or large that security must be a priority within every aspect of the business," says John Ayers, Nuspire's chief strategy product officer. "As attack techniques continue to evolve and the frequency of attacks increases, it's critical for business success to understand the changing threat landscape and how to protect themselves from cyberthreats."
Among other findings VBA Trojans were the most commonly observed malware at 95 percent, suggesting either numerous spam campaigns being launched or a single large-scale one instigated by unknown operators. Nuspire expects that VBA agent activity will continue to overshadow other variants as VBA are often the first stage of infection.
Nuspire also observed a consistent increase in exploitation events with DoublePulsar the top utilized technique. However, Q4 has seen the largest volume of activity in December with SMB login brute force attempts, closely followed by HTTP server authorization buffer overflow attacks.
Despite this, botnet and exploit activity remained fairly consistent throughout the year with the largest contenders being ZeroAccess Botnet, which made a significant appearance in May, and DoublePulsar staying at the top of the exploit activity list in 2020.
The full report is available from the Nuspire site.