Nuspire announced the release of its Q3 2020 Quarterly Threat Landscape Report, outlining new cybercriminal activity and tactics, techniques and procedures (TTPs) with additional insight from its threat intelligence partner, Recorded Future.
The Q3 2020 Threat Landscape Report demonstrates threat actors becoming even more ruthless. Throughout Q3, hackers shifted focus from home networks to overburdened public entities, including the education sector and the Election Assistance Commission (EAC). Malware campaigns, like Emotet, utilized these events as phishing lure themes to assist in delivery.
“We continue to see attackers use newsjacking and typosquatting techniques to attack organizations with ransomware, especially this quarter with the Presidential election and schools moving to a virtual learning model,” said John Ayers, Nuspire Chief Strategy Product Officer. “It’s important for organizations to understand the latest threat landscape is changing so they can better prepare for current themes and better understand their risk.”
Nuspire observed a significant increase in malware activity over the course of Q3 2020; the 128% increase from Q2 represents more than 43,000 malware variants detected a day. As Emotet made a significant appearance, Nuspire and Recorded Future discovered new features in Emotet modules, implying the group will likely continue operations throughout the remainder of the next quarter to successfully gauge the viability of these new features.
“Intelligence is key to identifying these top threats like Emotet,” said Greg Lesnewich, Senior Intelligence Analyst, Recorded Future. “Keeping a vigilant eye on how threats evolve, grow and adapt over time helps us understand how threat actors have been retooling their tactics. It’s more important than ever to consistently have visibility into the threat landscape.”
Additional notable findings from Nuspire’s Q3 2020 Threat Landscape Report include:
● The ZeroAccess botnet made another big appearance in Q3. It resurged in Q2, coming in second for most used botnet, but then went quiet towards the end of Q2, coming back up in Q3.
● Office document phishing skyrocketed during the second half of Q3, which could be due to the upcoming election, or because attackers have just finished retooling.
● Ransomware attack on the automotive industry is on the rise. At the end of Q3 2020, references have already surpassed the 2019 total at 18,307, an increase of 79.15% with Q4 still remaining.
● H-Worm Botnet, also known as Houdini, Dunihi, njRAT, NJw0rm, Wshrat, and Kognito, surged to the top of Nuspire’s witnessed Botnet traffic for Q3 from the actors behind the botnet by deploying instances of Remote Access Trojans (RATs) using COVID-19 phishing lures and executable names.
Learn how to best protect your organization from these cyberattacks and download Nuspire’s Q3 2020 Threat Report. To sign up for Nuspire and Recorded Future’s Q3 Threat Report Findings webinar on November 18, register here.