Popular attack methods decrease as hackers shift tactics for a new year
Researchers at managed security services provider Nuspire have released their latest quarterly threat report which looks at the top botnet, malware and exploit activity throughout 2019, focusing in on the fourth quarter.
Among the findings are that malicious cyber-activity declined towards the end of the year, partly as a result of hectic holiday schedules and vacations with fewer employees around to interact with malicious activity.
But the researchers also believe that the decrease in botnet (22 percent), malware (19 percent) and exploit activity (12 percent) also suggests that attackers are retooling their methodologies in order to change tactics and techniques for 2020.
"While we saw a reduction in known attacks in the fourth quarter, the frequency and severity of attacks will always fluctuate. However, the trends lines have always moved upwards. As an industry, we must stay diligent and focused on understanding what threat actors pose the biggest threat to your business, how they will attack you and what safeguards you have in place to detect and respond to malicious activity. We simply can't afford to let our guard down," says Lewie Dunsworth, CEO of Nuspire. "Year over year, adversaries have demonstrated their ability to evolve and increase the sophistication of their attacks doing more harm, faster than ever. While organizations must continually refresh cybersecurity policies, stress hygiene best practices, and practice effective change management, it’s critical to have trusted partners that you can lean on to assist with both the response and remediation efforts."
Other findings include Sora, a variant of the notorious Mirai IoT botnet, despite almost completely ceasing activity by the end of the year, continuing to reign supreme as the most prevalent botnet, followed by Andromeda, Necurs and Conficker.
Also njRAT detection increased by 89 percent from August to early October 2019 following the release of a new version. A significant increase in exploit attempts for IFS Remote Code Execution emphasizes the point that attackers recycle through older attack methods to catch enterprises when they least expect it.
Visual Basic for Applications (VBA) scripts remained prevalent throughout Q4 and the entirety of 2019, dropping by a mere five percent in Q4. These VBA scripts are embedded into malicious documents that perform malicious actions when executed.
The full report is available on the Nuspire site.