Blog

Nuspire Q4 2022 and Year in Review Threat Report: Cyber Threat Numbers Make History

Nuspire’s latest threat report, which provides an analysis on the cyberthreat landscape for both Q4 and FY 2022, revealed what many have come to believe: 2022 was the most active year in history for cyber threats. Nuspire’s threat intelligence pros, Josh Smith and Justin Heard, recently presented on their findings, offering their thoughts on why we’re continuing to see an upward trajectory of attacks as well as actionable recommendations on how organizations can protect themselves. Read on to get the highlights.

Malware: Year-over-year activity grew despite decrease in Q4

Q4 By the Numbers
2,415,119 total
590 unique variants detected
201,259 detections per week
28,751 detections per day
-34.56% decrease in total activity from Q3

Malware saw a decline in Q4 2022 activity, with CoinMiner being supplanted by Malicious Excel payloads. According to Josh, this increase appears connected to Microsoft’s blocking of VBA macros by default, which has forced threat actors to leverage different methods to spread their malware.

“When Microsoft blocked VBA macros, it made it much harder for threat actors to enable them for their phishing campaigns, and we saw adversaries experimenting with new ways to manipulate Excel files,” Josh said.

Nuspire also identified an increase in the use of JavaScript to drive phishing campaigns. In this case, JavaScript is used to redirect victims to phishing forms or malicious sites.

2022 Year in Review
Despite the significant dip in malware activity in Q4, Nuspire still saw a 6.85% increase in activity over 2021.

“Organizations should expect attackers to continue launching phishing campaigns in 2023, as it is one of the most effective methods they have to gain initial access,” said Josh. “It’s a relatively easy method – threat actors can broadly send a phishing campaign and only need one user to bite in order to gain the access they’re looking for.”

Botnets: Activity jumped over 30% in 2022

Q4 By the Numbers
741,166 total
30 unique botnets detected
61,763 detections per week
8,823 detections per day
-66.35% decrease in total activity from Q3

Botnets took a plunge in Q4, with activity reducing by more than 66%. Much of this decline was fueled by a 60% drop in activity from Torpig Mebroot. Despite the dip, Torpig remained Q4’s most active botnet. A banking botnet, Torpig uses malware that installs a difficult-to-remove rootkit, which infects the victim’s master boot record to primarily steal credit card and payment information.

Andromeda botnet also appeared high on the list. An older botnet, Andromeda is used to spread numerous malware families including ransomware, information stealers and more. Since it’s modular in nature, threat actors can make additions and customizations to better target their victims and minimize detections.

2022 Year in Review
The steep drop in Q4 isn’t reflected in Nuspire’s year-over-year comparison, with botnet activity growing by 32.14% over 2021.

Exploits: Volume of exploits nearly doubled in 2022

Q4 By the Numbers
100,891,781 total
287 unique exploits detected
8,407,648 exploits detected per week
1,201,092 exploits detected per day
104.59% increase in total activity from Q3

Unlike malware and botnets, exploits surged in Q4. The more than 100% increase in activity is attributed to a steep rise of 400% in brute forcing. Brute forcing is one of the leading exploit methods due to the ease of performing the attack and the automation behind it.

“In Q4, a lot of the brute forcing attempts we witnessed were against IoT devices, especially camera systems,” said Josh. “IoT devices are popular because users often neglect to change the default password or perform regular updates, making them incredibly easy to access.”

2022 Year in Review
Exploits grew the most year-over-year, clocking in at a 92.16% increase over 2021. With the explosion of brute forcing attacks and the agility of threat actors to quickly pounce on vulnerabilities, it’s important organizations patch their systems as soon as they’re available.

Recommendations

Justin provided a list of recommendations that organizations can follow to better protect themselves from the ever-evolving slate of cyberattacks.

“Educating all users often is critical, because humans can often be the point of entry for attackers,” said Justin. “Threat actors are very skilled at making their lures look legitimate, so training your end users on how to identify suspicious attachments, social engineering and scams goes a long way in protecting your organization.”

Additional recommendations include: