Nuspire Report Pinpoints Changes in Adversarial Cyber Activity Capitalizing on Coronavirus Pandemic
Quarterly report examines top botnet, malware and exploit activity throughout Q1 2020
Nuspire, a leading Managed Security Services Provider (MSSP), today announced the release of its latest Quarterly Threat Landscape Report, mapping cybercriminal activity and tactics, techniques and procedures (TTPs) over the first quarter of 2020.
As the world closed its doors and embraced the “new normal,” cybercriminals quickly adjusted their strategies to capitalize on the world’s changing behaviors, which has, undoubtably, created new security challenges. Mirroring the dramatic changes in the remote workforce, Nuspire researchers observed cybercriminals targeting known exploits in VPN, IoT and authentication technology—overall, vulnerability exploitation increased over the quarter by 6.3%. Additionally, phishing attempts more than doubled (141%) over the last three months.
Recommended AI News: The University of Windsor and BlackBerry Partner to Educate Future Data Scientists
“Cybercriminals are not above taking advantage of people during these unprecedented times. Unfortunately, current events provide cybercriminals with the perfect environment for malicious activity and exploiting users across the globe,” said Lewie Dunsworth, CEO of Nuspire. “No organization wants to fall victim to a cyberattack, but companies are being forced to quickly react to keep businesses operational and potentially creating risk for themselves as part of the process. While attention is focused on saving lives, connecting with others and keeping up business operations, we remain committed to helping our clients when they need us most.”
Nuspire witnessed an overall increase in malware activity (7%), with several dramatic spikes throughout the quarter. Most notably, there was a 179% increase in activity from the quarterly low during the week of Jan 24-31 as a result of the resurgence of reported phishing campaigns spreading Microsoft Word macro-based trojans.
Other notable findings in the report include:
- A sharp increase in Executable and Linkable Format (ELF) variants targeting Internet of Things (IoT) devices with an attempt to further spread the Mirai Botnet this quarter. At its peak in Week 11, Nuspire observed 86% increase in activity.
- DoublePulsar, the exploit developed by the NSA and leaked by Shadow Brokers, continues to be the most utilized exploit (15,275,010 hits to be exact).
- Emotet malware activity surged in Q1, peaking from March 1-7, a 1,317% increase in activity from its lowest point.
- Necurs botnet activity sharply decreased after Microsoft disrupted the botnet in March. By March 8-15 the Necurs botnet went completely silent, as zero traffic was observed.
- Although the command and control servers the Andromeda botnet operated on were shut down in 2017, it still remains the most frequently observed botnet. However, activity began to decrease at the beginning of Q1, decreasing by 58% by the end of the quarter.
- Common themes of phishing campaigns seen throughout the quarter include IRS Tax documents, financial invoices and COVID-19 information.
- After the disclosure of the GhostCat exploit in Tomcat AJP protocol, Nuspire observed an uptick in exploit attempts demonstrating the importance of swift and responsive patching practices.