Last year, threat actors took advantage of the COVID-19 public health crisis in ways previously unimaginable, not only seizing on confusion and fear during the initial months of the pandemic, but retooling attack methods, reneging on promises, strengthening malware, and extorting victims to the tune of $100 million — in short, in 2020, cyberthreats evolved.
That’s what the Malwarebytes Labs team discovered in the 2021 State of Malware Report, which offers a comprehensive analysis of consumer and business malware detections, trends, and attacks over the last year. The report includes in-depth coverage of the impact of COVID-19 on the threat landscape, cybercriminal attack methods, and their growing enterprise.
By April 2020, half the world’s population had been ordered to stay home, and IT teams found themselves scrambling to switch entire workforces to full-time remote work practically overnight. New security “perimeters” were strung together as best as possible, but they were soon penetrated by threat actors who had ditched their old tactics and placed a new emphasis on gathering intelligence. The report found:
- In 2020, malware detections on Windows business computers decreased by 24 percent overall, likely due to improved targeting by cybercriminals and far fewer people working in offices.
- However, malware detections on Mac business computers increased by 31 percent last year.
- Detections for hack tools and rogue tools on Windows business computers increased dramatically — by 173 and 158 percent, respectively, in 2020.
- Spyware also increased by 51 percent on business computers in 2020, with 440,368 detections.
What began as a global health crisis soon became a global economic crisis too, with almost no business left unscathed. The fate of industry sectors was mirrored in the number of cyberattacks they suffered. As the manufacturing and automotive sectors contracted, attackers simply turned to agriculture and other essential industries instead. Ransomware gangs reneged on early promises to stay away from hospitals and hit new lows, attacking hospitals and medical facilities in organized campaigns.
- More traditional enterprise targets, such as education, healthcare/medical, and automotive all experienced drops in detections by varying degrees — education fell 17 percent, healthcare dropped 22 percent, and the automotive industry decreased by 18 percent.
- But the agriculture industry suffered through a 607 percent increase in malware detections, while malware detections in the food and beverage industry increased by 67 percent.
Through it all, there is one form of business that seems to have thrived in 2020 — the creation and operation of malicious software. The pace of innovation picked up as many older variants debuted with fancy upgrades while other entirely new malware families emerged. Deployment of custom intrusion tools, new exploits, and the use of commercial pen testing tools allowed criminals to map out and infect networks faster than ever before. Ransomware gangs continued to learn from each other and evolve too, with a new “double extortion” tactic emerging, which saw cybercriminal groups extorting more money with threats to leak sensitive data than from decrypting compromised computers. According to the report:
- Despite decreasing in frequency by 89 percent in 2020, Emotet morphed one last time to drop its infection chain into existing email threads and managed to compromise 250 Universal Health Services (UHS) hospitals with Ryuk ransomware.
- TrickBot dropped by 68 percent on business endpoints, but upgraded its primary bot functionality, as well as its distribution framework, adding the ZeroLogon exploit to its arsenal.
- The top Windows malware variants aimed at businesses in 2020 included a hack tool called KMS that increased by over 2,000 percent!
- New ransomware families released in 2020 that both encrypt and extort are Egregor, Sodinokibi, and Wasted Locker.
If 2020 taught us anything, it’s that cybercrime stops for nothing. There are no targets and no opportunities for exploitation that are beyond the pale.
Thankfully, the year had another lesson for us: There are heroes everywhere. Healthcare professionals, teachers, and other essential workers rightly deserve the loudest acclaim, but it was the folks in IT who got kids into their virtual classrooms and connected remote workers and families around the globe in 2020. I also want to offer an enormous thank you to the unsung army of sysadmins and security professionals who moved mountains to keep those millions of connected people safe online as the world turned upside down around them.
To learn more, check out the full 2021 State of Malware Report here: https://resources.malwarebytes.com/files/2021/02/MWB_StateOfMalwareReport2021.pdf
For a look back at the most enticing cyberattacks of 2020, check out this Labs blog: https://blog.malwarebytes.com/security-world/2020/12/the-most-enticing-cyberattacks-of-2020/
And for the strangest cyberattacks of 2020, take a look here: https://blog.malwarebytes.com/security-world/2020/12/the-strangest-cybersecurity-events-of-2020-a-look-back/