Press "Enter" to skip to content

New data on malware and exploits

New data from Nuspire on Q4 malware and exploits – its up 58% and 68% respectively.    During weeks 9 and 10, ransomware jumped by 10,000% — yes, that’s the number.    Here’s their other findings.

  • The large spike in exploit activity was driven by a December burst of SMB Login Brute Force attempts, peaking at 90,000%. However, DoublePulsar reigned as the top utilized technique throughout 2020.
  • VBA Agent Activity dominated all other witnessed malware activity. Attackers leveraged moments in time, utilizing voter registration, how to vote during the pandemic, polling information and other election related materials to lure end users into interacting with their malicious documents.
  • Attackers increased attempts to exploit new vulnerabilities as they were disclosed in Q4. This escalation was driven by the release of known vulnerability in over 49,000 Fortinet devices on the dark web and APT groups.

Also reported a new piece of Mac malware.  Found across 30,000 macs, infected machines call home once an hour… and the payload is still unknown.  It runs on the M1 chip… and it’s the second malware to do so. 

Finally – at least the skills are in demand.  The Bureau of Labor Statistics says security jobs are going to be in demand through 2029.  

Why do we care?

I might sound a bit like a broken record, but it’s always about the data on how smart the attackers are.   Attacking specific moments in time and topics in the media is strategic and smart.  Repetition does not spoil the prayer.   Need a reminder?  That’s it.

They innovate too – M1 malware already!   

I’m not sure all this job security is necessarily a good thing.  We’re still not improving.    

Source: Nuspire

Source: Ars Technica

Source: CIO Dive