Mirai, STRRAT and Emotet botnets see resurgence in Q1 2022

May 11, 2022

Nuspire’s Q1 2022 Threat Report outlines new cybercriminal activity and tactics, techniques and procedures (TTPs), as well as provides data and insight into malware, exploit and botnet activity.

A significant number of new vulnerabilities led to increased threat actor activity across all three of the threat classifications: malware, botnets and exploits. Of note are several older botnets that saw a resurgence in Q1, including Mirai, STRRAT and Emotet.

Mirai, known for co-opting IoT devices to launch DDoS attacks, showed a spike in activity in February 2022. This corresponded with the discovery of Spring4Shell, a zero-day attack on the popular Java web application framework, Spring Core. The attack allows for unauthenticated remote code execution, and data show Mirai exploited this vulnerability to its botnet.

STRATT botnet, which engages in information stealing, keystroke logging, and credential harvesting from browsers and email clients, also spiked in February. This data corresponds with recent announcements identifying a new STRRAT phishing campaign.

Additional notable findings from Nuspire’s Q1 2022 Threat Report include:

Incidences of malware, botnet, and exploit activity increased 4.76%, 12.21% and 3.87%, respectively, over Q4 2021.
Visual Basic Applications (VBA) trojans continue to be the top malware variant, comprising nearly 30% of all malware variants. Of note is its activity spiked just before Microsoft announced plans to block VBA macros by default on Office products.
Brute force attacks – when threat actors guess different combinations of potential passwords until the correct password is discovered – were by far the most popular exploit at 61%.

“Securing expanded risk surfaces today requires that organizations have 20/20 hindsight combined with an over-the-horizon view of current and potential future threats,” said Craig Robinson, Program Director for Security Services at IDC. “Understanding the tactics, techniques and procedures (TTPs) that attackers have historically utilized does not lose value over time, as many of these exploits get repeated with slight twists to make them dangerous zero-day exploits.”

For the full report, please visit https://www.nuspire.com/resources/q1-2022-threat-report/

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.

Security departments have long struggled to bring their real-time voice communications into the present, resorting to communicating with radios, unsecure applications, multiple devices, and Wi-Fi-only solutions.

Poll

Business Travel Security

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

Mirai, STRRAT and Emotet botnets see resurgence in Q1 2022

Recent Articles by Security Staff

(ISC)² to offer 100,000 free entry-level cyber certification exams

SIA opens Women in Security scholarship applications

Allied Universal acquires company serving Southeastern US

9 in 10 companies attacked by ransomware would pay if hit again

93% of orgs have suffered a data-related business disruption

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

Mirai, STRRAT and Emotet botnets see resurgence in Q1 2022

Recent Articles by Security Staff

Related Articles

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.