attacking VPN vulnerabilities and leveraging MS Office and script-based threats. Consumers were also widely targeted with malware. Attacks ranged from spyware and adware to more sophisticated banking trojans and SMS stealers. These were often distributed under the flag of COVID-19 related apps. Read more in our Q2 report.
Q3 2020 saw a significant rise – nearly 50% – in the number of traditional malware, exploit based threats, and coin miner attacks. However, adware/PUA, mobile, and script-based threats saw a decline compared to the previous quarter. The surge in general malware attacks was of particular concern; this category contains the most dangerous threats found in the wild. Read more.
Our mid-2020 vulnerability report looked at some of the most critical vulnerabilities open to exploit. This report saw multiple critical high-risk vulnerabilities disclosed (and patched) across a wide range of software platforms. The most critical of these vulnerabilities was “Zerologon” which impacted domain controllers. Around the same time, Microsoft identified the SIGRed vulnerability within their DNS mechanism.
It was almost red across the board in the last quarter of 2020. Overall threat detections for Q4 surged by 47%. Adware nearly doubled over the previous quarter. Office, script and coinminer malware increased by more than 50% compared to the previous quarter. Read more.
No one can predict the future with certainty, especially when you know how adaptive, creative and quick malware authors can be. But we’ll have a go at forecasting how threats will evolve around the world in 2021.
One of the big challenges will likely be a shift away from ‘traditional’ PE malware (Windows executables) towards attacks using non-PE files (documents etc) and fileless attacks.
Every year, the number of vulnerabilities detected in common applications breaks records. The software we use is more complex and the world is more connected than ever – a boon for vulnerability hunters looking to exploit them. Obviously, not all vulnerability hunters are malware authors, but we believe more vulnerabilities will be exploited in 2021.
The world of threats is also evolving at an organizational level. Malware-as-a-service (MaaS) enables hackers to use tools and malware created by other authors. Often the service comes with surprisingly good support. Although many tend to use the terms “hackers” and “malware authors” synonymously, the rise of MaaS means they are not. Of course, we would expect some groups (and occasionally government agencies) to keep their creations to themselves and only use them for highly targeted attacks against high priority objects.
Assuming someone does not hack them and steal their creation.