Malware activity spikes as attackers become more ruthless
The latest threat quarterly landscape report from managed security service provider Nuspire shows a 128 percent increase in Q3 over the previous quarter, representing more than 43,000 malware variants detected a day.
The report also shows threat actors developing a more ruthless streak in selecting their targets. Throughout Q3, hackers shifted focus from home networks to overburdened public entities, including the education sector and the Election Assistance Commission (EAC).
Malware campaigns, like Emotet, used these events as phishing lure themes to assist in delivery. Nuspire and Recorded Future have also discovered new features in Emotet modules, implying the group will likely continue operations throughout the remainder of the year to successfully gauge the viability of these new features.
"We continue to see attackers use newsjacking and typosquatting techniques to attack organizations with ransomware, especially this quarter with the presidential election and schools moving to a virtual learning model," says John Ayers, Nuspire's chief strategy product officer. "It's important for organizations to understand the latest threat landscape is changing so they can better prepare for current themes and better understand their risk."
Among other findings, the ZeroAccess botnet showed a resurgence, coming in second for most used botnet, going quiet towards the end of Q2 then coming back up in Q3. Office document phishing increased during the second half of Q3 too, which could be due to the US election, or because attackers have finished retooling.
Ransomware attacks on the automotive industry are on the rise as well. At the end of Q3 2020, references had already surpassed the 2019 total at 18,307, an increase of 79.15 percent with Q4 still remaining.
The H-Worm Botnet, also known as Houdini, Dunihi, njRAT, NJw0rm, Wshrat, and Kognito, surged to the top of Nuspire's witnessed Botnet traffic for Q3, the actors behind the botnet deploying instances of Remote Access Trojans (RATs) using COVID-19 phishing lures and executable names.
You can get the full report from the Nuspire site.