Botnet Activity Surges in Q3 2023

Torpig Mebroot Dominates in Nuspire’s Q3 2023 Cyber Threat Report

COMMERCE, MI (Nov. 14, 2023) Nuspire, a leading managed security services provider (MSSP), today announced the release of its Q3 2023 Cyber Threat Report. This comprehensive quarterly assessment delves into the constantly shifting threat landscape, revealing vital information about malware, botnets, exploits and ransomware.

Nuspire’s latest report highlights the stark realities of today’s cyber realm, where ransomware groups like ALPHV, 8Base and Akira employ increasingly advanced tactics, and botnets like Torpig Mebroot nearly double in activity. The report reveals an alarming surge in botnet activity, with a staggering 67.51% increase in Q3 2023. It also examines the top threat groups and techniques used to target the hospitality services industry.

“The heightened ransomware activity observed in Q2 persisted well into Q3, with formidable ransomware syndicates like ALPHV wreaking havoc on large-scale organizations,” said J.R. Cunningham, Chief Security Officer at Nuspire. “The high-profile MGM breach garnered international attention and serves as a stark reminder. Even in the presence of sophisticated hacking groups like ALPHV and Scattered Spider, a relatively basic technique like vishing was used to impersonate an employee and gain unauthorized access. This underscores the significance of the human factor in cybersecurity, and it’s incumbent on organizations to offer proper employee training, combined with multi-factor authentication and stringent verification procedures.”

Notable findings from Nuspire’s newly-released cyber threat report include:

• An explosion in botnet activity of 67.51% can largely be attributed to Torpig Mebroot, clocking an increase in activity of nearly 93% over Q2 and accounting for more than 69% of all Q3 botnet activities.
• An older botnet, TorrentLocker, re-emerged in Q3 as a favorite attack method, supplanting Q2’s FatalRAT botnet in Nuspire’s list of top five botnets. TorrentLocker is primarily delivered through phishing emails, enticing victims with unpaid invoices, undelivered packages, or fines.
• Total malware detections decreased by 5.94%; however, ransomware maintained the high level of activity Nuspire witnessed in Q2.
• Two new contenders joined the list of most active ransomware families for Q3: 8Base and Akira.

“With the continued rise in devastating ransomware attacks, cyber resilience is no longer optional; it’s a strategic necessity for ensuring the digital success of any organization, regardless of its size,” said Craig Robinson, Research VP for Security Services at IDC. “While larger enterprises often grab headlines for ransomware incidents, smaller organizations may mistakenly believe they’re immune, as revealed by IDC’s 2022-2023 Worldwide Security Services Primary Research Survey, with 43% of small enterprises yet to adopt a cyber resilience strategy. This misconception can lead to costly, business-ending consequences. Engaging with an MDR or MSS vendor is a viable option in elevating cyber resilience for organizations, regardless of their size.”

Access Nuspire’s Q3 2023 Cyber Threat Report to view the data and learn key mitigation strategies for protecting your organization’s environment.

About Nuspire
Nuspire is a managed security services provider (MSSP), offering managed security services (MSS), managed detection and response (MDR), managed endpoint detection and response (EDR) that supports best-in-breed EDR solutions, and cybersecurity consulting services (CSC) that include incident readiness and response, threat modeling, digital forensics, technology optimization, posture assessments and more. Our self-service, technology-agnostic platform, myNuspire, allows greater visibility into a CISO’s entire security program. The platform alleviates the pain associated with tech sprawl, provides intelligence-driven recommendations, solves for alert fatigue and helps clients become more secure over time. Our deep bench of cybersecurity experts, award-winning threat intelligence and two 24×7 security operations centers (SOCs) detect, respond and remediate advanced cyber threats. Our client base spans thousands of enterprises, from midsized to large enterprises across multiple industries and geographic footprints. For more information, visit https://www.nuspire.com and follow us on LinkedIn @Nuspire.