Depends on where you are.
After a spike in March, malware took a dive in April. Over
the last few months, however, it’s begun to rise again. This
shows some connection with the rate at which COVID-19
cases are being diagnosed. As protective measures began
to be lifted in May and June, cases began rising again, as did
malware attacks.

Instituting widespread work-from-home policies in response
to the COVID-19 pandemic was the right thing to do, both
from a business continuity standpoint and from an employee
safety standpoint.2-2

The downside is that organizations are more distributed
than ever before — and this is having an impact on how
cybercriminals approach the targeting and deployment
of malware.

In the first half of 2020, Office files and PDFs made up a third
of all new malicious files identified by Capture ATP. For the
first half of 2019, PDFs showed an edge over Office 365 files,
outpacing them 36,488 to 25,461.

So far in 2020, we’ve seen a major reversal: While 8% fewer
PDF files were uncovered, the number of Office files identified
has exploded, climbing to 70,184 — a 176% increase.

The number of new malware variants found by SonicWall
Capture Advanced Threat Protection (ATP) with Real-Time
Deep Memory InspectionTM continues to rise: During the
first six months of 2020, the pair discovered 315,395 new
malware variants.

Each year has brought significant advancements, and the first
half of 2020 is no exception.

This list is often leveraged by the greater
security industry as a framework to protect
against common web app attacks.
Unfortunately, this dynamic also provides
cybercriminals with a better blueprint from
designing attacks.

Currently, the top known web attacks include
SQL injection, directory traversal, cross-site
scripting (XSS), broken authentication and
session management, cross-site request
forgery (CSRF) security misconfigurations,
sensitive data exposure and more.

Web applications make the digital world spin,
particularly in a hyper-connected, cloud dominant
landscape. They help deliver the client-side
experience most end-users know and use within
their favorite browser.

Everything from Office 365 and G Suite, to
Salesforce and Dropbox, either deliver cloud-first
interfaces or offer web versions that complement
a software offering.

According to one industry study, the global IoT
security market is expected to reach or exceed
$35.2 billion (USD) by 2023, a spike of 33.7%
based on compound annual growth rate
(CAGR).

As witnessed in global news headlines,
concerns over IoT device security — and
respective IoT security regulations — are
driving the high market forecasts.

To increase the chances of a malware deploying
and executing within a target environment,
savvy cybercriminals use transport layer
security (TLS) and secure sockets layer (SSL)
encryption standards to mask their attacks
from inspection by traditional security controls.

Fileless malware is a type of malicious software
that exists exclusively as a memory based artifact
(i.e., RAM).

Fileless malware does not write any part of its
activity to the computer’s hard drive, making it
very resistant to existing computer forensic
strategies that incorporate file-based whitelisting,
signature detection, hardware verification,
pattern-analysis, time-stamping, etc.

In Australia, the head of the local intelligence
agency was recruited to inform universities about
cyber threats and ways of prevention. This was
one of the initiatives put in place after an
extremely sophisticated threat actor
compromised the Australian National University
(ANU) and persisted within the university’s
network for months at a time.