Content, Content, Phishing

PDF Phishing Scams Rise Nearly 200%, Top 100 MSSP’s Report Finds

Malware PDF phishing scams saw a 193 percent spike in detections in Q2 2019, according to a new report from Nuspire, a Top 100 MSSP.

Hackers lure users into PDF phishing scams with fraudulent emails that invite recipients to view or download a document in Microsoft OneDrive. Nuspire’s Quarterly Threat Landscape covers botnet, malware and exploit activity during the period.


  • A surge in Remote Code Execution (RCE) attacks from two ThinkPHP RCE vulnerabilities that signifies attackers are continuing to actively scan for vulnerable systems.
  • Continual decrease with the banking trojan Emotet. However, researchers are confident that it will resurface with new tactics to go undetected.
  • 58% increase in Andromeda activity.
  • Sora tops the list with most botnet activity detected, nearly doubling Andromeda activity.
  • Continued increase in DoublePulsar, as noted in last quarter’s threat report.
  • Necurs botnet reappears. First identified back in 2012, Necurs was identified as one of the most prevalent botnet activities found this quarter.

“All of our findings in this report indicate just how innovative cyber criminals are when it comes to changing their tactics,” said Shawn Pope, Nuspire security analyst. “Even though some key findings slowly began to diminish, we’re confident they will reappear with new tactics and techniques in order to avoid detection.”

LinkedIn: Shawn Pope, security analytics, Nuspire.

Data reported in Nuspire’s research correlates more than 90 billion logs across the company’s 3,000 global network sensors. Customers comprise enterprise and mid-sized businesses operating in the automotive, franchise, manufacturing, construction, healthcare and financial services industries.

Last April, the Commerce, Michigan-based Nuspire acquired GBprotect of Denver, Colorado. It marked another episode in the growing list of mergers and acquisitions across the MSSP landscape, where companies are combining forces to overcome growing cyber threats, shifting customer demands and talent shortages. In January, Nuspire expanded beyond traditional MSSP services by launching a managed detection and response (MDR) solution that includes endpoint detection and response (EDR), network detection and response (NDR) and device threat detection and response (XDR) services.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.