Nuspire, a Managed Security Services Provider (MSSP), recently announced its “Quarterly Threat Landscape Report Q1 2020” that detailed the cybercriminal activities, tactics, techniques, and procedures (TTPs) during the first quarter of 2020. The research found that cybercriminals have been targeting known exploits in VPN, IoT, and authentication technologies. It also revealed that the vulnerability exploitation increased by 6.3% over the quarter and phishing attempts doubled to reach 141% over the last three months.
According to the research, there is a 7% increase in malware activity, with several dramatic spikes throughout the quarter. “As the world closed its doors and embraced the new normal, cybercriminals quickly adjusted their strategies to capitalize on the world’s changing behaviors, which has, undoubtedly, created new security challenges,” the research report said.
Other notable findings include:
- A sharp increase in Executable and Linkable Format (ELF) variants targeting Internet of Things (IoT) devices with an attempt to further spread the Mirai Botnet this quarter. At its peak in Week 11, Nuspire observed an 86% increase in activity.
- DoublePulsar, the exploit developed by the NSA and leaked by Shadow Brokers, continues to be the most utilized exploit (15,275,010 hits to be exact).
- Emotet malware activity surged in Q1, peaking from March 1-7, a 1,317% increase in activity from its lowest point.
- Necurs botnet activity sharply decreased after Microsoft disrupted the botnet in March. By March 8-15, the Necurs botnet went completely silent, as zero traffic was observed.
- Although the command and control servers the Andromeda botnet operated on were shut down in 2017, it still remains the most frequently observed botnet. However, activity began to decrease at the beginning of Q1, decreasing by 58% by the end of the quarter.
- Common themes of phishing campaigns seen throughout the quarter include IRS Tax documents, financial invoices, and COVID-19 information.
- After the disclosure of the GhostCat exploit in Tomcat AJP protocol, Nuspire observed an uptick in exploit attempts demonstrating the importance of swift and responsive patching practices.