Botnet and exploit activity increases as attackers shift tactics
Botnet and exploit activity have increased over the course 2020's second quarter by 29 percent and 13 percent respectively, representing more than 17,000 botnet and 187,000 exploit attacks a day.
The latest Quarterly Threat Landscape Report from managed security services provider Nuspire also reveals a shift in tactics as attackers pivot away from COVID-19 themes, instead using other prominent media themes like the upcoming US election and exploiting the Black Lives Matter movement.
The shift to home working has had an effect too, as home routers are not typically monitored by IT teams and have thus become a viable attack method that avoids detection while infiltrating corporate networks.
"Today, the pandemic has complicated an already complex threat landscape. CISOs are under great pressure to ensure their virtual organizations are secure," says Lewie Dunsworth, CEO of Nuspire. "Threat vectors will continue to evolve as the uncertainty of our world continues to play out. That's why our team analyzes the latest threat intelligence daily and uses this data to engage in proactive threat hunting and response to ensure our clients have the upper hand."
Among other findings of the report, the ZeroAccess botnet made a resurgence in Q2, coming in second for most used botnet. ZeroAccess was originally terminated in 2013 but has made rare resurgences over the last seven years. DoublePulsar, the exploit developed by the NSA, continues to dominate the exploit chart, consisting of 72 percent of all exploit attempts witnessed at Nuspire.
Nuspire also witnessed a significant spike (1,310 percent peak mid-quarter) in exploit attempts against Shellshock, an exploit discovered in 2014, demonstrating that attackers attempt to exploit old vulnerabilities to catch old operating systems and unpatched systems.
In addition a new signature -- dubbed MSOffice Sneaky -- released during Q2, sees documents containing malicious macros contact command and control servers to download malware of the attackers' choosing. This attack vector is increasingly dangerous, especially when remote employees disconnect from their VPN.
The full report is available from the Nuspire site.
Image credit: stevanovicigor/depositphotos.com