New Skybox Security Research Discovers 106% Increase in New Malware

Vulnerability and Threat Trends Report uncovers massive rise in threats across expanding attack surfaces


SAN JOSE, Calif., Feb. 25, 2021Skybox Security, a global leader in security posture management, today announced the release of its 2021 Vulnerability and Threat Trends Report. Skybox Research Lab uncovered a massive increase in cyber threats globally year-over-year fueled by both the pandemic and expanding attack surfaces.

Skybox Research Lab key findings

  • New malware samples nearly doubled: New ransomware samples increased 106% year-over-year. Trojans increased 128%, with threat actors using trojans to exploit lower-severity vulnerabilities. Sophisticated, multi-staged attacks and malware-as-a-service have become the norm.


  • Vulnerabilities hit a new high: Skybox Research Lab reported 18,341 new vulnerabilities in 2020. To stay ahead of attacks, security and risk leaders need sophisticated insights into which vulnerabilities are high-risk and remediation options for all assets, including non-patching options.


  • Critical infrastructure has never been more vulnerable: Operational technology (OT) vulnerabilities increased 30% year-over-year. To identify and remediate critical attack vectors ahead of incidents, security programs need to evolve. Security posture management must expand from IT to OT environments.


  • Industry 4.0 spreads supply chain risks: Industrial Internet of Things (IIoT) flaws increased 308% year-over-year. A single IIoT device frequently ships with parts from dozens of manufacturers, lacking supply chain transparency. Companies must consider modeling, risk and attack vectors across organizational boundaries to address convergence between different networked environments.


  • Digital transformation breeds vulnerabilities: Cloud container vulnerabilities have increased 200% since 2016. With a lack of clarity on who owns container security, these threats continue to make headlines – underscoring the need for a different strategy from securing monolithic apps running in virtual machines (VMs).


“Security leaders face significant challenges, yet they are not impossible to overcome. Now is the moment when cybersecurity can come of age,” said Gidi Cohen, CEO and founder, Skybox Security. “Together, we can zero in on what matters to outsmart attackers and overcome security’s most enduring challenges. Strong security posture management is a competitive advantage that can position companies for return to growth in a post-pandemic economy.”


Fortifying security posture

This research underscores that traditional security strategies are no longer good enough. Prevention efforts must mature by creating a dynamic network model to visualize and assess security controls and network segmentation effectiveness. Security teams can then understand cyber exposure, prioritize vulnerabilities and determine the optimal remediation strategy.


“I’ve been saying scanners aren’t enough for years. Having that comprehensive model gives you the context that you need to stop attackers from being successful,” said Richard Stiennon, security analyst, IT Harvest. “Processes are then automated, so security practitioners immediately know what’s going to happen. That’s invaluable.”


Building on nearly 20 years of technical innovation, Skybox is the only platform that provides a multi-dimensional network model with the ability to collect, visualize, analyze and remediate vulnerabilities. With the Skybox Security Posture Management Platform, enterprises can now see every inch of the attack surface to illuminate a new path forward.


About Skybox Research Lab

Skybox security analysts scour data from dozens of security sources and investigate the dark web. Researchers determine which vulnerabilities are exploited in the wild and used in distributed crimeware such as ransomware, malware, exploit kits and more. Skybox Research Lab analysis feeds directly into its Vulnerability Control solution, which prioritizes remediation of exposed and actively exploited vulnerabilities.


About Skybox Security

Over 500 of the largest and most security-conscious enterprises in the world rely on Skybox for the insights and assurance required to stay ahead of dynamically changing attack surfaces. Our Security Posture Management Platform delivers complete visibility, analytics and automation to quickly map, prioritize and remediate vulnerabilities across your organization. The vendor-agnostic solution intelligently optimizes security policies, actions and change processes across all corporate networks and cloud environments. With Skybox, security teams can now focus on the most strategic business initiatives while ensuring enterprises remain protected.


We are Skybox. Secure more, limit less.


© 2021 Skybox Security, Inc. All rights reserved. Skybox Security and the Skybox Security logo are either registered trademarks or trademarks of Skybox Security, Inc., in the United States and/or other countries. All other trademarks are the property of their respective owners. Product specifications subject to change at any time without prior notice.


Media contact

Ashley Nakano

Corporate Communications