Nuspire’s Threat Report provides data and insight into malware, exploit and botnet activity throughout 2020, including the largest spike in ransomware activity seen to date in Q4.

Nuspire, a leading managed security services provider (MSSP), announced the release of its 2020 Q4 and Year in Review Threat Landscape Report. Sourced from its 90 billion traffic logs, the report outlines new cybercriminal activity and tactics, techniques and procedures (TTPs) with additional insight from its threat intelligence partner, Recorded Future. Craig Robinson, a Program Director, Security Services at IDC said:

“The volume of sophisticated attacks seen throughout 2020 highlight the criticality of business intelligence and cybersecurity detection and response to improving organizational cyber readiness. Nuspire’s latest report puts into perspective the changing nature of cyberattacks. Security leaders must be ready for unexpected situations, consistently revisiting and revamping their cybersecurity strategies.”

2020 was a chaotic year that shifted the threat landscape and changed the way many organizations manage their business operations. In addition to increasingly sophisticated and frequent attacks, Nuspire security experts observed a massive spike in malware with Visual Basic for Applications (VBA) agent activity, which overshadowed all other malware variants identified throughout the year. John Ayers, Nuspire Chief Strategy Product Officer added:

“The SolarWinds attack shook the cybersecurity community to its core and should serve as a reminder to organizations small or large that security must be a priority within every aspect of the business. As attack techniques continue to evolve and the frequency of attacks increases, it’s critical for business success to understand the changing threat landscape and how to protect themselves from cyberthreats.”

During Q4 security experts uncovered a 10,000% increase in ransomware activity—the largest spike in activity Nuspire has observed to date. Ransomware operators targeted some of the most vulnerable moments in time, including the U.S. Presidential Election, the holidays, and continued to leverage year-long themes, such as the COVID-19 pandemic. Additionally, exploit attacks saw a whopping 68% increment this quarter as a result of numerous SMB brute force login attempts.

Additional notable findings from Nuspire’s 2020 Q4 and Year in Review Threat Landscape Report include:

Although malware activity was on a slow decline at the beginning of 2020, activity sharply increased in Q4, reaching its highest point through the year in September. VBA Trojans were the most commonly observed malware at 95%, suggesting either numerous malspam campaigns were launched or a large-scale one was instigated by unknown operators. Nuspire expects that VBA agent activity will continue to overshadow other variants as VBA is the first stage of infection.

• Throughout 2020, Nuspire observed a consistent increase of exploitation events with DoublePulsar reigning as the top utilized technique. However, Q4 saw the largest volume of activity in December with SMB Login Brute Force attempts, closely followed by HTTP Server Authorization Buffer Overflow attacks.
• Botnet and Exploit activity remained fairly consistent throughout the year with the largest contenders being ZeroAccess Botnet, which made a significant appearance in May, and DoublePulsar staying at the top of the exploit activity list in 2020.
• In Q4, attackers increased attempts to exploit new vulnerabilities as they were disclosed. This escalation was driven by the release of a known vulnerability in over 49,000 Fortinet devices on the dark web and APT groups – which also targeted the SSL-VPN vulnerability (CVE-2018-13379). Shortly after this list was released, activity attempting to exploit this vulnerability increased by 4,176%.