Morphisec Releases 2021 Threat Report for Black Hat USA - Security Boulevard

SBN Morphisec Releases 2021 Threat Report for Black Hat USA

Threat landscape analysis illustrates threat actors no longer discriminate as profit-motivated attacks on pipeline operators, educational institutions, and critical care hospitals continue to proliferate


DevOps Experience

Morphisec, a leader in cloud-delivered endpoint and server security solutions, today released the 2021 edition of the Morphisec Labs Threat Report at Black Hat USA. The report analyzes threat data collected from millions of Morphisec protected endpoint agents globally from the second half of 2020 through the first half of 2021, along with in-depth investigations conducted by the Morphisec Labs threat research team.

Morphisec’s research reveals key cyber threat trends, with a specific focus on highly advanced, evasive types of attacks that can bypass antivirus and other security tools. It includes technical details on particular attack techniques and tactics used, with a set of comprehensive threat analyses and risk-assessments on six of the most critical threats to enterprise organizations. This expanded edition also takes a look at how these threats have evolved overtime with an emphasis on endpoint vulnerability, human-operated attacks and increased investments in fileless capability from threat actors developing malicious tools like ransomware, RAT loaders, and info stealers.

Key findings of the 2021 Morphisec Labs Threat Report include:

  • Overall, infostealers and bankers (31%) made up most attempted attacks on endpoints over the last twelve months. This was followed by fileless attacks (29%) and ransomware (13%).
  • Meanwhile, most attempted exploits on servers focused on initial access (31%). This was followed by credential theft (20%), lateral movement attacks (20%), and ransomware (15%).
  • Ransomware attacks are most likely to be powered by ransomware purchased on a subscription basis or “Ransomware-as-a-service” (RaaS).
  • Zero-day attacks on Microsoft Exchange servers are still among today’s fastest-growing cyber threats.
  • Despite operating for less than a year, Egregor is responsible for around 13% of all ransomware extortion attempts and is being deployed through highly dynamic human-operated extortionware attacks.
  • Available on a subscription basis through “Malware-as-a-Service” (MaaS), Agent Tesla is one of the most widely used remote access Trojans (RATs) still in operation, and there are now hundreds of different RAT Loader families online.
  • Threat actors have begun hiding malware within legitimate PPC ads to lure users searching Google into downloading a pathway for Redline, Taurus, and a mini-Redline info stealer compromise.


“With fileless deployment and advanced obfuscation becoming the norm in 2021, once a threat actor enters a targeted network, it is likely to be too late for most defensive solutions to do anything,” said Morphisec CTO, Michael Gorelik. “Therefore, for anyone on the cybersecurity frontline, defense entails stopping attacks before they can gain a foothold through a network breach. To do this, organizations need to work proactively to stop attacks earlier in the MITRE ATT&CK framework.”

Download the full Morphisec 2021 Threat Report here and stop by the Morphisec booth (#1767) at Black Hat USA to speak with the Morphisec Labs team.

About Morphisec

Morphisec is the world leader in providing advanced security solutions for midsize to small enterprises around the globe. The company’s security products simplify and automatically block modern attacks from the endpoint to the cloud. Unlike traditional security solutions relying on human intervention, Morphisec delivers operationally simple, proactive prevention. This approach protects businesses around the globe with limited security resources and training from the most dangerous and sophisticated cyber attacks.


Morphisec Media Contact:                           

Kyle Austin. BMV for Morphisec

[email protected]                                           


*** This is a Security Bloggers Network syndicated blog from Morphisec Breach Prevention Blog authored by Morphisec Team. Read the original post at: