Era of Remote Access
2020 shifted the workplace for numerous organizations into a remote-friendly atmosphere in efforts to combat the spread of COVID-19. While the workforce adjusted, system administrators scrambled to support this level of remote activity by configuring remote connections. Unfortunately, this added multiple new attack vectors that enabled threat actors to prey on organizations.
Malware activity began to trail off at the end of Q4 2020, and that trend continued throughout Q1 2021.
Hashes, domains and IP addresses for Emotet and Trickbot/BazarLoader malware.
Hover over tiles to learn more
January through March
Total activity in Q1 declined by -54.47% from Q4
How to Combat
To strengthen your defenses against malware activity, you’ll need to adopt a multiprong approach including endpoint protection platforms and cyber awareness training.
The decrease in activity is attributed mostly to a significant decline in activity from Visual Basic for Applications (VBA) and agent variants as well as Emotet activity.
Total activity in Q1 declined to 90,671 detections per week
How to Combat
To step up your efforts to stop botnet activity, which is usually detected post-infection, we recommend a focus on user awareness training, threat intelligence, next-generation antivirus and threat hunting.
Overall, there was a -10.68% decrease in botnet activity observed when compared to Q4 2020, with a significant spike in activity in week 11 of the quarter. The overall decrease in activity likely can be attributed to the shutdown of the Emotet botnet.
Total activity in Q1 declined by -21.76% from Q4
How To Combat
Stop exploits before they do harm by patching systems, using a firewall with IPS, monitoring security news and vendor security bulletins, and disabling unused services.
Activity witnessed in Q4 2020 remained in decline until week 10 in Q1, when a sharp increase of SMB brute force attempts occurred before activity dropped back to levels witnessed through most of the quarter.