Hackers lure users into PDF phishing scams with fraudulent emails that invite recipients to view or download a document in Microsoft OneDrive. Nuspire’s Quarterly Threat Landscape covers botnet, malware and exploit activity during the period.
- A surge in Remote Code Execution (RCE) attacks from two ThinkPHP RCE vulnerabilities that signifies attackers are continuing to actively scan for vulnerable systems.
- Continual decrease with the banking trojan Emotet. However, researchers are confident that it will resurface with new tactics to go undetected.
- 58% increase in Andromeda activity.
- Sora tops the list with most botnet activity detected, nearly doubling Andromeda activity.
- Continued increase in DoublePulsar, as noted in last quarter’s threat report.
- Necurs botnet reappears. First identified back in 2012, Necurs was identified as one of the most prevalent botnet activities found this quarter.
“All of our findings in this report indicate just how innovative cyber criminals are when it comes to changing their tactics,” said Shawn Pope, Nuspire security analyst. “Even though some key findings slowly began to diminish, we’re confident they will reappear with new tactics and techniques in order to avoid detection.”
Data reported in Nuspire’s research correlates more than 90 billion logs across the company’s 3,000 global network sensors. Customers comprise enterprise and mid-sized businesses operating in the automotive, franchise, manufacturing, construction, healthcare and financial services industries.
Last April, the Commerce, Michigan-based Nuspire acquired GBprotect of Denver, Colorado. It marked another episode in the growing list of mergers and acquisitions across the MSSP landscape, where companies are combining forces to overcome growing cyber threats, shifting customer demands and talent shortages. In January, Nuspire expanded beyond traditional MSSP services by launching a managed detection and response (MDR) solution that includes endpoint detection and response (EDR), network detection and response (NDR) and device threat detection and response (XDR) services.