Interactive Report Summary

Q4 2020 and Year in Review Threat Report

A chaotic year shook up business operations and cybersecurity. Review the highlights below and download the full report for our in-depth analysis.
Download the Report

Top Findings at a Glance

Lesson learned in 2020: Cybersecurity is not a solo effort.

COVID-19 and work-from-home taught us a few things: the importance of deployment speed, the necessity of assuming new levels of risk and the necessity of working with what we have. The top takeaway? Cybersecurity has to be customized and multipronged in its strategy.

MALWARE

Largest spike in ransomware ever observed in Q4

10,000% spike in ransomware was observed in Q4

BOTNET

Highest number of infections in May

135,075 infections per week in May 2020

EXPLOIT

Extreme rise in Fortinet SSL-VPN activity in Q4

4,176% Extreme rise in Fortinet SSL-VPN activity in Q4

Image

Cybersecurity advisory for healthcare organizations targeted by Trickbot and BazarLoader malware in Q4.

Hashes, domains and IP addresses for Emotet and Trickbot/BazarLoader malware.

Methodology

Hover over tiles to learn more

GATHER

Collects threat intelligence and data from global sources, client devices and reputable third parties.

PROCESS

Data is analyzed by a combination of machine learning, algorithm scoring and anomaly detection.

DETECT

Using Nuspire’s cloud-based SIEM, log data is ingested and alerts the security operations center (SOC). The SOC then notifies the client and works with them to remediate the threat.

EVALUATE

Analysts further scrutinize the research, scoring and tracking of existing and new threats.

DISSEMINATE

Analysts leverage the insights to constantly improve the SOC, alerting, and the community through the creation of detection rules, briefs, and presentations.

Q4 202O in Review

October through December

Image

OCTOBER 15

Election-based Phishing Scams on the Rise

OCTOBER 21

Egregor Ransomware Samples Shared on Social Media

NOVEMBER 2

Hospitals and Healthcare Agencies Targeted in Ransomware Attack

NOVEMBER 3

Maze Ransomware Gang Announces Closing of Maze Project

NOVEMBER 5

Google Drive Notifications Abused in New Phishing Campaign

NOVEMBER 18

Holiday Shopping Phishing Scams on the Rise

NOVEMBER 25

Threat Actor Posts Exploits for Vulnerable Fortinet Devices

DECEMBER 4

APTs Target Fortinet SSL-VPN (CVE-2018-13379)

DECEMBER 8

NSA Advisory: Russian Threat Actors Exploit VMware Vulnerability

DECEMBER 14

CISA Directive: Active Exploitation of SolarWinds Orion Software

Let's Dive Into the Data

#
Activity
Average
0

Total Events

0

Unique Variants

0.93%

Total Activity

Malware

Detection, Q4 2020

Total activity in Q4 declined by 30.7% but still increased by 57.93% compared to Q3.

How to Combat
To strengthen your defenses against malware activity you’ll need to adopt a multiprong approach including endpoint protection platforms and cyber awareness training.

Malware

Malware activity declined steadily throughout the first part of the year and bottomed out in July. VBA agent activity caused a 467% spike in September, but Q4 activity trailed off slightly. The predominant themes in malspam emails? COVID-19, the U.S. election, invoices, shipping/package details and legal documents.

#
Activity
Average
0

Total Events

0

Unique Variants

-0.85%

Total Activity

Botnets

Detection, Q4 2020

Andromeda and Torpig Mebroot spiked 172% and 1,453%, respectively, although overall botnet activity declined.

How to Combat
Step up your efforts to stop botnet activity, which is usually detected post-infection. We recommend detecting malicious activity and quarantining devices to minimize botnet spread throughout the network.

Botnets

Botnet activity remained fairly consistent throughout the year except for May, in which activity spiked by 48%. The spike is attributed to the ZeroAccess botnet, which was the top-witnessed botnet during 2020 with close to 1,000,000 sightings.

#
Activity
Average
0

Total Events

0

Unique Variants

0.84%

Total Activity

Exploits

Detection, Q4 2020

Q4 exploit activity syncs closely with the release of intelligence about 49,000+ Fortinet FortiOS SSL-VPN devices vulnerable to CVE-2018-13379 and with a massive increase of SMB Login brute force attempts.

How to Combat
Stop exploits before they do harm by patching systems and security monitoring to thwart attackers and decrease risk.

Exploits

Exploit activity, which increased 116% for the year, reached its highest volume in December. Attackers searched for new vulnerabilities as well as old, unpatched vulnerabilities with a focus on remote connections. DoublePulsar was the top-utilized technique, followed by SMB Login brute force and HTTP Server Authorization Buffer Overflow.

2021 Predictions

Unfortunately, there is more in store in the cybersecurity threat scape for 2021. Download the full report to find out how you can prepare and tighten your security controls around the expected challenges highlighted by our security experts.
Download the Report