Malicious PowerShell Use, Attacks on Office 365 Accounts Surged in Q4

Malicious PowerShell Use, Attacks on Office 365 Accounts Surged in Q4
There was also a sharp increase in overall malware volumes in the fourth quarter of 2020, COVID-19 related attack activity, and mobile malware, new data shows.

For security teams, there was a lot more of everything to defend against in the final quarter of 2020 compared to previous months.


PowerShell threats grew 208%; Microsoft Office malware increased by 199%, while malware targeting mobile devices rose 118% between the third and fourth quarters of 2020. And COVID-19 related malware and threats surged 114%.


A new analysis by McAfee of threat data during the period showed similar increases on several other fronts as well. The volume of malware threats detected on enterprise networks rose 10% to 648 threats per minute compared to 588 in Q3, 2020; ransomware once again grew in volume, this time by 69% and adversaries hammered cloud user accounts belonging to McAfee's customers with an astounding 3.1 million attacks in the last quarter of 2020.


McAfee's analysis showed that technology companies were the most targeted entities in Q4, followed by organizations in the public sector. Publicly reported attacks targeting the technology sector surged 100%, while those targeting public sector entities went up 93% in the last three months of 2020.


Sandeep Chandana, director at McAfee’s MVISION Cloud group, says a large portion of the cloud attacks in Q4 were targeted at Microsoft Office 365 accounts. The attacks could be classified as either distributed login attacks on hundreds or thousands of Office 365 accounts via compromised consumer devices, or targeted attacks on a small number of potentially high-value accounts.


Other security vendors have reported a similar increase in cloud attacks targeted at Office 365 environments over the past year. A March 2021 Vectra AI