COVID-Related Threats, PowerShell Attacks Lead Malware Surge

malware download pastebin

Researchers measured 648 new malware threats every minute during Q4 2020.  

Surging numbers of COVID-themed attacks, PowerShell trojans, along with the SolarWinds compromise and the continued spread of Sunburst malware were major contributors to a massive spike in the number of observed attacks in the wild during the last half of 2020, which McAfee’s said averaged 588 attacks per minute within its telemetry during Q3 and Q4 of 2020.

Researchers observed an average of 648 threats per minute in Q4 in the wild, an increase of 10 percent over the third quarter a continued upward trend from the 40 percent jump compared to Q2 2020, McAfee’s latest threat report said.

COVID-19-related attacks continued to leave their mark the ecosystem: “McAfee’s global network of more than a billion sensors registered a 605 percent increase in total Q2 COVID-19- themed threat detections,” the report said.

“The world — and enterprises — adjusted amidst pandemic restrictions and sustained remote challenges, while security threats continued to evolve in complexity and increase in volume,” the report said. “Though a large percentage of employees grew more proficient and productive in working remotely, enterprises endured more opportunistic COVID-19-related campaigns among a new cast of bad-actor schemes. Prominent campaigns such as Sunburst and new ransomware tactics left [security operations centers] SOCs no time to rest.”

PowerShell Threats Up By 208%

The team of security researchers also measured a 208 percent increase in PowerShell threats, from Q3 to Q4 2020, most notably Donoff, a sneaky trojan downloader that uses macros in a file to sneak past virus detection protections.

Additionally, Office-targeted malware grew by 199 percent, and observed mobile malware was up 118 percent thanks to SMS Reg and others, the McAfee team explained.

In a bit of good news for Mac users, EvilQuest ransomware’s levels came back to earth after a whopping 420 percent jump in Q3 2020; and the numbers of observed Coin Miner malware fell by 35 percent in the fourth quarter.

CryptoDefense boosted ransomware numbers by 69 percent from Q3 to Q4, with help from REvil, Thanos, Ryuk and Maze, which was credited with attacking household consumer electronics brand Cannon last summer, among other attacks.

“If we look in particular at Q4 2020, a lot of the ransomware-related breaches happened with vulnerabilities in ‘edge’ devices that were securing the companies,” Christiann Beek, lead scientist with McAfee, told Threatpost. His team is also closely watching in uptick in “insider” threats from within companies themselves, Beek said.

Selling remote access to breached systems is also on the rise.

“Criminals are offering money for access to companies,” Beek added. “My advice to companies would be around the lines of maintaining a secure remote access policy including patch-management, two-factor authentication, zone-isolation and strong access-policies to whom needs remote access.”

Ever wonder what goes on in underground cybercrime forums? Find out on April 21 at 2 p.m. ET during a FREE Threatpost event, “Underground Markets: A Tour of the Dark Economy.” Experts will take you on a guided tour of the Dark Web, including what’s for sale, how much it costs, how hackers work together and the latest tools available for hackers. Register here for the Wed., April 21 LIVE event. 

Suggested articles