There has been a dramatic uptick in threat activity in the second quarter of 2022, according to a new report from Nuspire.
Managed security services provider Nuspire has announced the release of its Q2 2022 Quarterly Threat Report. The report outlines new cybercriminal activity and tactics, techniques and procedures (TTPs).
Nuspire's data reveals a significant increase in overall threat activity across malware, botnet and exploits. Malware events increased over 25%, botnets doubled over the first quarter and exploit activity grew by nearly 150%, buoyed by the Log4j vulnerability.
“We witnessed a stunning escalation in threat activity in Q2, and while it's not a surprise given increased attack opportunities like remote work, it's still a worrying development and one we cannot ignore,” says JR Cunningham, chief security officer at Nuspire.
"Attackers have always looked for the easiest way to profit from their targets, and because basic attacks like phishing continue to work, it's clear organisations need to shore up their fundamental security practices like patching and user awareness training.
"It's also critical organisations conduct regular reviews of their security programs to safeguard against a nonstop flow of potentially serious disruptive threats," he says.
Additional notable findings from Nuspire's Q2 2022 Threat Report include:
- VBA agent activity, which has been one of the top offenders over the past year in Nuspire's Quarterly Threat Reports, has significantly decreased as predicted last quarter, due to Microsoft's announcement of blocking them by default.
- A substantial increase in botnet activity near the end of Q2, attributed to Torpig Mebroot botnet, which is a banking trojan designed to scrape and collect credit card and payment information from infected devices. Torpig Mebroot is particularly difficult to detect and remove, as it infects the victim machine's master boot record.
- Manufacturing is the world's most attacked industry vertical. Our data shows the LockBit ransomware gang and Dynamite Panda (APT18) as two of the most prevalent threats to the manufacturing industry in the second quarter.
“Organisations continue to struggle balancing the need to protect against an onslaught of threats with the concurrent need for employees to properly manage digital sovereignty requirements,” says Craig Robinson, research vice president for security services at IDC.
“This is why we're seeing the market becoming more receptive to increasing and enhancing internal security training. This combined with tools like multi-factor authentication and endpoint detection, as well as services like MDR, can make all the difference in an organisation's security posture.