News & Press

Security Experts Discover Threat Actors Becoming More Ruthless with the Resurgence of Emotet

COMMERCE, MI. (November 12, 2020) – Nuspire, a leading managed security services provider (MSSP), today announced the release of its Q3 2020 Quarterly Threat Landscape Report, outlining new cybercriminal activity and tactics, techniques and procedures (TTPs) with additional insight from its threat intelligence partner, Recorded Future.

“With the combination of Nuspire’s 24x7x365 security experts and Recorded Future’s deep threat intelligence, these powerful insights are exactly what organizations need to know in order to enhance their security program,” said Craig Robinson, Program Director, Security Services at IDC. “The surge in threats covered in Nuspire’s latest report highlights how cybersecurity readiness is increasingly critical for organizations to address.”

The Q3 2020 Threat Landscape Report demonstrates threat actors becoming even more ruthless. Throughout Q3, hackers shifted focus from home networks to overburdened public entities, including the education sector and the Election Assistance Commission (EAC). Malware campaigns, like Emotet, utilized these events as phishing lure themes to assist in delivery.

“We continue to see attackers use newsjacking and typosquatting techniques to attack organizations with ransomware, especially this quarter with the Presidential election and schools moving to a virtual learning model,” said John Ayers, Nuspire Chief Strategy Product Officer. “It’s important for organizations to understand the latest threat landscape is changing so they can better prepare for current themes and better understand their risk.”

Nuspire observed a significant increase in malware activity over the course of Q3 2020; the 128% increase from Q2 represents more than 43,000 malware variants detected a day. As Emotet made a significant appearance, Nuspire and Recorded Future discovered new features in Emotet modules, implying the group will likely continue operations throughout the remainder of the next quarter to successfully gauge the viability of these new features.

“Intelligence is key to identifying these top threats like Emotet,” said Greg Lesnewich, Senior Intelligence Analyst, Recorded Future. “Keeping a vigilant eye on how threats evolve, grow and adapt over time helps us understand how threat actors have been retooling their tactics. It’s more important than ever to consistently have visibility into the threat landscape.”

Additional notable findings from Nuspire’s Q3 2020 Threat Landscape Report include:
● The ZeroAccess botnet made another big appearance in Q3. It resurged in Q2, coming in second for most used botnet, but then went quiet towards the end of Q2, coming back up in Q3.
● Office document phishing skyrocketed during the second half of Q3, which could be due to the upcoming election, or because attackers have just finished retooling.
● Ransomware attack on the automotive industry is on the rise. At the end of Q3 2020, references have already surpassed the 2019 total at 18,307, an increase of 79.15% with Q4 still remaining.
● H-Worm Botnet, also known as Houdini, Dunihi, njRAT, NJw0rm, Wshrat, and Kognito, surged to the top of Nuspire’s witnessed Botnet traffic for Q3 from the actors behind the botnet by deploying instances of Remote Access Trojans (RATs) using COVID-19 phishing lures and executable names.

Learn how to best protect your organization from these cyberattacks and download Nuspire’s Q3 2020 Threat Report.

To sign up for Nuspire and Recorded Future’s Q3 Threat Report Findings webinar on November 18, register here.

About Nuspire
Nuspire is a leading managed security services provider (MSSP) that is revolutionizing the cybersecurity experience by taking an optimistic and people first approach. Our deep bench of cybersecurity experts, world-class threat intelligence and 24×7 security operations centers (SOCs) detect, respond and remediate advanced cyber threats. We offer comprehensive services that combine award-winning threat detection with superior response capabilities to provide end-to-end protection across the gateway, network and endpoint ecosystem. Our client base spans thousands of enterprises of all sizes, across multiple industries, and achieves the greatest risk reduction per cyber-dollar spent. At Nuspire, we are laser-focused on delivering an extraordinary cybersecurity experience that exceeds client expectations. For more information, visit www.nuspire.com and follow @Nuspire.

About Recorded Future
Recorded Future delivers security intelligence to amplify the effectiveness of security and IT teams in reducing exposure by uncovering unknown threats and informing better, faster decisions. Working to provide a singular view of digital, brand, and third-party risk, the Recorded Future Platform provides proactive and predictive intelligence, analyzing data from open, proprietary, and aggregated customer-provided sources. Recorded Future arms threat analysts, vulnerability management teams, security operations centers, and incident responders with context-rich, actionable intelligence in real time that’s ready for integration across the security ecosystem. Learn more at www.recordedfuture.com and follow us on Twitter at @RecordedFuture.