McAfee reports 648 cyber security threats per minute in Q4

McAfee Threats Report: April 2021 said McAfee Labs observed an average of 648 threats per minute in Q4, an increase of 60 threats per minute (10 percent) over Q3.
McAfee threat report April 2021
The two quarters also saw COVID-19-related cyber-attack detections increase by 240 percent in Q3 and 114 percent in Q4, while Powershell threats again surged 208 percent due to continued increases in Donoff malware activity.

“Ransomware and malware targeting vulnerabilities in work-related apps and processes were active and remain dangerous threats capable of taking over networks and data, while costing millions in assets and recovery costs,” said Raj Samani, McAfee fellow and chief scientist.

As the pandemic began to surge around the world, McAfee saw a 605 percent increase in Q2 2020. These attacks again increased by 240 percent in Q3 and 114 percent in Q4.

In Q3 2020, McAfee Labs observed an average of 588 threats per minute, an increase of 169 threats per minute (40 percent). By the fourth quarter, this average rose to 648 threats per minute, an increase of 60 threats per minute (10 percent).

Powershell threats grew 208 percent in Q4 driven largely by Donoff malware. McAfee observed numerous Powershell attacks utilizing Process Injection to insert code into legitimate running processes as a privilege escalation technique.

Mobile malware grew 118 percent in Q4 in part due to a surge in SMS Reg samples. The HiddenAds, Clicker, MoqHao, HiddenApp, Dropper and FakeApp strains were the most detected mobile malware families.

Ransomware grew in volume 69 percent from Q3 to Q4 driven by Cryptodefense. REvil, Thanos, Ryuk, RansomeXX and Maze groups topped the overall list of ransomware families.

MacOS malware exploded in Q3 420 percent due to EvilQuest ransomware but then slowed towards the end of the year.

McAfee tracked a 100 percent increase in publicly reported cyber incidents targeting the technology sector during the fourth quarter of 2020. Reported incidents in the public sector grew by 93 percent over the same period.

Malware was the most reported cause of security incidents in Q4 followed by account hijackings, targeted attacks and vulnerabilities. Incidents related to new vulnerabilities surged 100 percent in Q4, malware and targeted attacks each rose 43 percent, and account hijackings increased 30 percent.

Among the campaigns McAfee monitored and investigated, the Eternal Blue exploit was the most prominent in Q4 2020.


The top MITRE ATT&CK techniques observed by McAfee in Q3 and Q4 included System Information Discovery, Obfuscated Files or Information, File and Directory Discovery, Data Encryption for Impact, Stop Services, Process Injection, Process Discovery, Masquerading Techniques, and Exploits of Public Facing Applications.

System Information Discovery was one of the more notable MITRE techniques in the campaigns McAfee observed in Q4 2020. The malware in these campaigns contained functionality that gathered the OS version, hardware configuration and hostname from a victim’s machine and communicated back to the threat actor.

Obfuscated Files or Information was the second most observed technique for Q4. One main example was threat actor group APT28’s use of virtual hard drive (VHD) files to package and obfuscate their malicious payloads to bypass security technology.

McAfee observed this privilege escalation technique among several malware families and threat groups, including Powershell threats, RAT tools such as Remcos, ransomware groups such as REvil, and multiple state-sponsored APT groups.

The fourth quarter saw an uptick in the use of this technique as multiple reports from CISA, NSA warned that industry that state sponsored threat actors are actively leveraging several vulnerabilities in public facing applications such as remote management and VPN software. Beyond sophisticated nation-state actors, McAfee also observed ransomware groups leveraging this initial access tactic.

McAfee observed nearly 3.1 million external attacks on cloud user accounts. This is based on the aggregation and anonymization of cloud usage data from more than 30 million McAfee MVISION cloud users worldwide during the fourth quarter of 2020.

This data set represents companies in all major industries across the globe, including financial services, healthcare, public sector, education, retail, technology, manufacturing, energy, utilities, legal, real estate, transportation, and business services.