Study reveals shift in attack methods with an exponential increase of botnet and exploit activity

Nuspire, managed security services provider (MSSP), announced the release of its Q2 2020 Quarterly Threat Landscape Report, outlining new cybercriminal activity and tactics, techniques and procedures (TTPs).

“Partnering with a MSSP like Nuspire with access to the latest threat intelligence enables organizations to understand and identify current threats before they impact the business,” said Craig Robinson, Program Director, Security Services at IDC.

This latest report finds that as organizations are settling into long-term remote working, new attack vectors for opportunistic cyberattackers—and new challenges for network administrators have been introduced. Now six months into the pandemic, attackers pivoted away from COVID-19 themes, instead utilizing other prominent media themes like the upcoming U.S. election and exploiting the Black Lives Matter movement to wreak havoc.

Nuspire observed an increase in both botnet and exploit activity over the course of Q2 2020 by 29 percent and 13 percent respectively—that’s more than 17,000 botnet and 187,000 exploit attacks a day. While attackers targeted remote work technology at the source to obtain access to the enterprise in Q1 2020, Nuspire observed a shift in tactics to leverage botnets to obtain a foothold in the network. Home routers typically are not monitored by IT teams therefore have become a viable attack method that avoids detection while infiltrating corporate networks.

“Today, the pandemic has complicated an already complex threat landscape. CISOs are under great pressure to ensure their virtual organizations are secure,” said Lewie Dunsworth, CEO of Nuspire. “Threat vectors will continue to evolve as the uncertainty of our world continues to play out. That’s why our team analyzes the latest threat intelligence daily and uses this data to engage in proactive threat hunting and response to ensure our clients have the upper hand.”

Additional notable findings from Nuspire’s Q2 2020 Threat Landscape Report include:

The ZeroAccess botnet made a resurgence in Q2, coming in second for most used botnet. ZeroAccess was originally terminated in 2013 but has made rare resurgences over the last seven years.
Nuspire witnessed a significant spike (1,310 percent peak mid-quarter) in exploit attempts against Shellshock, an exploit discovered in 2014, demonstrating that attackers attempt to exploit old vulnerabilities to catch old operating systems and unpatched systems.
Nuspire identified a new signature, dubbed MSOffice Sneaky that was released during Q2. Documents containing malicious macros that reach out to command and control servers to download a malware of the attackers choosing. This attack vector is increasingly dangerous, especially when remote employees disconnect from their VPN.
DoublePulsar, the exploit developed by the NSA, continues to dominate the exploit chart, consisting of 72 percent of all exploit attempts witnessed at Nuspire.

Learn how Nuspire protects clients from cyberattacks and download Nuspire’s Q2 2020 Threat Report.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.