PowerShell threats increased over 200% last year

Two screens showing computer code with a red box displaying the word 'PowerShell'
(Image credit: Shutterstock)

The number of threats leveraging PowerShell grew 208% in the last quarter of 2020, according to a new report by cybersecurity firm McAfee.

The McAfee Threats Report of April 2021 found the Q4 2020 increase was driven largely by Donoff malware. It also observed numerous PowerShell attacks using process injection to insert code into legitimate running processes as a privilege escalation technique.

Mobile malware grew 118% in Q4 due in part to a surge in SMS Reg samples, according to the report. Researchers said HiddenAds, Clicker, MoqHao, HiddenApp, Dropper, and FakeApp strains were the most detected mobile malware families.

Ransomware also grew in volume between Q3 and Q4 driven by Cryptodefense. Researchers said that REvil, Thanos, Ryuk, RansomeXX, and Maze groups topped the overall list of ransomware families.

MacOS malware exploded by 420% in Q3 due to EvilQuest ransomware but returned to normal levels in Q4. Office malware surged 199% from Q3 to Q4, and new Linux malware increased 6% at the same time.


Taking a proactive approach to cyber security

A complete guide to penetration testing


The number of overall threats grew too. In Q3 2020, McAfee Labs observed an average of 588 threats per minute, an increase of 169 threats per minute (40%). By the fourth quarter, this average rose to 648 threats per minute, an increase of 60 threats per minute (10%). The firm also observed nearly 3.1 million external attacks on cloud user accounts.

Adam Philpott, EMEA President at McAfee, said the continued increase in threats is a harsh reminder of how quickly and effectively cyber criminals have taken advantage of COVID-19.

“As we emerge from the pandemic and look to navigate the new normal, it’s important that businesses reconsider their approach to security to ensure business resilience and their ability to mitigate increased cyber risk,” Philpott said.

Philpott added that his company’s research also saw increases in ransomware, malware, and PowerShell attacks, highlighting the importance of IT teams being aware of the wide variety of threats that could target their organizations.

“It is now critical that organizations go beyond the basics to create and maintain a secure environment. By effectively using technology to prioritize threats, predict the types of campaigns that will be launched against them and pre-emptively improve their defensive countermeasures, organizations can rest assured that they’re doing everything they can to protect their business,” Philpott added.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.