Trend Micro Reports 20% Increase in Blocked Threats in 2020

Trend Micro reports a 20% increase in the number of threats it identified and blocked in 2020. In total, 62.6 billion threats were blocked at an average of 112,000 per day, according to the Trend Micro 2020 Annual Cybersecurity Report – A constant State of Flux.

“In 2020, businesses faced unprecedented threat volumes hitting their extended infrastructure, including the networks of home workers,” said Jon Clay, director of global threat communications for Trend Micro.

The majority of the blocked threats were attempted phishing attacks, which accounted for 91% of blocked threat volume and included almost 14 million unique phishing URLs.

The move to a distributed, remote workforce in response to the COVID-19 pandemic saw many threat actors target at home workers, with phishing the most common method of attack. In addition to phishing, cybercriminals stepped up their attacks on home routers, using brute force tactics to guess weak passwords. Attacks on home networks increased by 22% in 2020 rising to 2.9 billion attacks.

Exploitation of vulnerabilities in software, appliances, and operating systems was also common in 2020, especially targeting remote access infrastructure implemented to support a largely at-home workforce. The most commonly targeted vulnerabilities were in virtual private networks, with the Pulse Secure Pulse Connect Secure vulnerability CVE-2019-11510 exploited to deliver ransomware. Trend Micro reports almost 800,000 detected attempts to exploit this vulnerability.

2020 was a year when ransomware gangs increased their activity, with government organizations, banking, manufacturing, healthcare, and the finance sectors heavily targeted. The use of double extortion tactics became commonplace in 2020. In addition to encrypting files, data are commonly exfiltrated from victims’ networks and threats are made to publish the stolen data if the ransom is not paid. At the start of the year, very few ransomware operations were exfiltrating data, but by the end of the year, most of the major ransomware operations had adopted this tactic. Trend Micro also reports a 34% increase in ransomware families in 2020, including the emergence of Egregor ransomware, which grew into one of the biggest ransomware threats toward the end of 2020.

Trend Micro also detected a major increase in IoT attacks, rising from more than 929 million inbound attacks in 2019 to more than 2.8 billion in 2020. Outbound attacks increased from 99 million in 2019 to more than 196 million in 2020. These attacks allow cybercriminals to gain access to home networks. With so many employees working from home, this provided cybercriminals with the opportunity to exploit relatively weak defenses to gain access to the business networks that employees connect to via their home routers.

Many organizations were forced to accelerate their digital transformations in response to the pandemic to support a largely at-home workforce. That acceleration resulted in vulnerabilities being introduced that were exploited by cybercriminals to gain access to cloud resources.

The pandemic also provided many new opportunities for scammers, who used COVID-19-themed lures in a wide variety of scams sent via spam email, with the countries worst affected by the pandemic the most commonly targeted.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of