Threat Hunter TeamSymantec
We took a look through telemetry from our vast range of data sources and selected some of the trends that stood out from July, August, and September 2020
From significant increases in Emotet and Cobalt Strike activity to a spike in the number of server vulnerability exploit attempts, let’s take a quick look at the trends that shaped the cyber security threat landscape in the third quarter of 2020.
Malware steadily increases
Malware attacks have continued to increase quarter over quarter in 2020. In July, August, and September, Symantec, a division of Broadcom (NASDAQ: AVGO), blocked over 78 million malware infection attempts, which represents an almost 30% increase over Q2 and a 127% increase over the number blocked in Q1. The increase in activity may have been spurred by many countries exiting COVID-19 lockdowns, with a resurgence in business activity presenting more opportunities for cyber criminals.
Figure 1. Malware infection attempts blocked by Symantec
Downloaders
Malware that downloads files, which are often malicious, saw an increase in Q3. Symantec blocked 17% more of these threats in Q3 than in Q2.
Figure 2. Blocked downloader threats
Cobalt Strike by month
Attacks involving the use of the multipurpose commodity malware Cobalt Strike (Backdoor.Cobalt), have continued to increase. Detections of attacks involving the use of this threat increased 57% from August to September alone.
Figure 3. Cobalt Strike attack attempts by month
Cobalt Strike by quarter
The quarter on quarter trend is even more alarming, with a 163% increase seen when comparing Q1 2019 to Q3 2020. In many cases, Cobalt Strike is blocked by other detection technologies and signatures, meaning the true number of attacks involving this malware may be significantly higher.
Figure 4. Cobalt Strike attack attempts by quarter
Lokibot by quarter
The Lokibot information-stealing malware (Infostealer.Lokibot) saw a 237% increase in activity from Q2 to Q3 2020. Lokibot is on ..
Support the originator by clicking the read the rest link below.
