Threat Report Shows Dramatic Uptick in Cyber Threat Activity with Exploits Growing Nearly 150%
Nuspire’s Q2 2022 Threat Report provides data and insight into malware, exploit and botnet activity
COMMERCE, MI. – Nuspire, a leading managed security services provider (MSSP), today announced the release of its Q2 2022 Quarterly Threat Report. The report outlines new cybercriminal activity and tactics, techniques and procedures (TTPs).
Nuspire’s data reveals a significant increase in overall threat activity across malware, botnet and exploits. Malware events increased over 25%, botnets doubled over the first quarter and exploit activity grew by nearly 150%, buoyed by the Log4j vulnerability.
“We witnessed a stunning escalation in threat activity in Q2, and while it’s not a surprise given increased attack opportunities like remote work, it’s still a worrying development and one we cannot ignore,” said JR Cunningham, Chief Security Officer at Nuspire. “Attackers have always looked for the easiest way to profit from their targets, and because basic attacks like phishing continue to work, it’s clear organizations need to shore up their fundamental security practices like patching and user awareness training. It’s also critical organizations conduct regular reviews of their security programs to safeguard against a nonstop flow of potentially serious disruptive threats.”
Additional notable findings from Nuspire’s Q2 2022 Threat Report include:
- VBA agent activity, which has been one of the top offenders over the past year in Nuspire’s Quarterly Threat Reports, has significantly decreased as predicted last quarter, due to Microsoft’s announcement of blocking them by default.
- A substantial increase in botnet activity near the end of Q2, attributed to Torpig Mebroot botnet, which is a banking trojan designed to scrape and collect credit card and payment information from infected devices. Torpig Mebroot is particularly difficult to detect and remove, as it infects the victim machine’s master boot record.
- Manufacturing is the world’s most attacked industry vertical. Our data shows the LockBit ransomware gang and Dynamite Panda (APT18) as two of the most prevalent threats to the manufacturing industry in the second quarter.
“Organizations continue to struggle balancing the need to protect against an onslaught of threats with the concurrent need for employees to properly manage digital sovereignty requirements,” said Craig Robinson, Research Vice President for Security Services at IDC. “This is why we’re seeing the market becoming more receptive to increasing and enhancing internal security training. This combined with tools like multi-factor authentication and endpoint detection, as well as services like MDR, can make all the difference in an organization’s security posture.”