A recent research from Nuspire, a managed security services provider (MSSP), revealed new cybercriminal activities and tactics, techniques, and procedures (TTPs) adopted by threat actors. In its research, “Q2 2020 Quarterly Threat Landscape Report,” Nuspire stated that as organizations are settling into remote working conditions, new attack vectors for cybercriminals and new challenges for security administrators are been introduced.
The research found an increase in botnet and exploit activity in the Q2 2020 by 29% and 13% respectively, which is more than 17,000 botnet and 187,000 exploit attacks a day. While attackers targeted remote work technology at the source to obtain access to the enterprise in Q1 2020, the research found hackers changed their attacking tactics to leverage botnets to obtain a foothold of the targeted network systems. Home routers typically are not monitored by the IT teams, and therefore have become a viable attack method that avoids detection while infiltrating corporate networks.
“Now six months into the pandemic, attackers pivoted away from COVID-19 themes, instead utilizing other prominent media themes like the upcoming U.S. election, and exploiting the Black Lives Matter movement to wreak havoc,” the report said.
Other notable findings from the research include:
- The ZeroAccess botnet made a resurgence in Q2, coming in second as the most used botnet. ZeroAccess was originally terminated in 2013 but has made rare resurgences over the last seven years.
- Nuspire also witnessed a significant spike (1,310% peak mid-quarter) in exploit attempts against Shellshock, an exploit discovered in 2014, demonstrating that attackers attempted to exploit old vulnerabilities to catch old operating systems and unpatched systems.
- A new signature, dubbed MSOffice Sneaky was also detected during Q2. This attack vector is increasingly dangerous, especially when remote employees disconnect from their VPN.
- DoublePulsar, the exploit developed by the NSA, also responsible for Wannacry, continues to dominate the exploit chart, consisted of 72% of all exploit attempts witnessed at Nuspire.
Lewie Dunsworth, CEO of Nuspire, said, “The pandemic has complicated an already complex threat landscape. CISOs are under great pressure to ensure their virtual organizations are secure. Threat vectors will continue to evolve as the uncertainty of our world continues to play out. That’s why our team analyzes the latest threat intelligence daily and uses this data to engage in proactive threat hunting and response to ensure our clients have the upper hand.”