News & Press

Use of Malware, Botnets and Exploits Expands in Q1 2022; Mirai Sees Resurgence

COMMERCE, MI (May 10, 2022) – Nuspire, a leading managed security services provider (MSSP), today announced the release of its Q1 2022 Threat Report. The report outlines new cybercriminal activity and tactics, techniques and procedures (TTPs), as well as provides data and insight into malware, exploit and botnet activity.

Nuspire’s data revealed a significant number of new vulnerabilities leading to increases in threat actor activity across all three of the threat classifications it studies: malware, botnets and exploits. Of note are several older botnets that saw a resurgence in Q1, including Mirai, STRRAT and Emotet.

Mirai, known for co-opting IoT devices to launch DDoS attacks, showed a spike in activity in February 2022. This corresponded with the discovery of Spring4Shell, a zero-day attack on popular Java web application framework, Spring Core. The attack allows for unauthenticated remote code execution, and data show Mirai exploited this vulnerability to its botnet.

STRATT botnet, which engages in information stealing, keystroke logging, and credential harvesting from browsers and email clients, also spiked in February. This data corresponds with recent announcements identifying a new STRRAT phishing campaign.

“With Q4 2021 being a quieter quarter for cyberattacks, we predicted Q1 2022 would see a rebound, and our data proves that out,” said J.R. Cunningham, Chief Security Officer at Nuspire. “As zero-day attacks and numerous other vulnerabilities among big-name companies like Google and Microsoft come to light, threat actors are quickly adjusting their tactics and these exploits tend to get industry attention, but the threat posed by older and well-understood attacks still persists. It’s critical businesses of all sizes understand the costliness of these attacks and fortify their security posture accordingly.”

Additional notable findings from Nuspire’s Q1 2022 Threat Report include:

  • Incidences of malware, botnet and exploit activity increased 4.76%, 12.21% and 3.87% respectively over Q4 2021.
  • Visual Basic Applications (VBA) trojans continue to be the top malware variant, comprising nearly 30% of all malware variants. Of note is its activity spiked just prior to Microsoft’s announcement of plans to block VBA macros by default on Office products.
  • Brute force attacks – when threat actors guess different combinations of potential passwords until the correct password is discovered – were by far the most popular exploit at 61%.

“Securing expanded risk surfaces today requires that organizations have 20/20 hindsight combined with an over-the-horizon view of current and potential future threats,” said Craig Robinson, Program Director for Security Services at IDC. “Understanding the tactics, techniques and procedures (TTPs) that attackers have historically utilized does not lose value over time, as many of these exploits get repeated with slight twists to make them dangerous zero-day exploits. Combining this historical knowledge with curated threat intelligence that shows the current threat landscape is vital for organizations to survive in these dangerous times.”

For those interested in getting an in-depth overview of the report, Nuspire is hosting a webinar this Thursday, May 12 at 2 p.m. ET, featuring the cybersecurity experts who compiled the research. You can register here.

About Nuspire
Nuspire is a managed security services provider (MSSP), offering managed security services (MSS), managed detection and response (MDR), endpoint detection and response (EDR) that supports best in breed EDR solutions, and cybersecurity consulting services (CSC) that includes incident readiness and response, threat modeling, digital forensics, technology optimization, posture assessments and more. Our self-service, technology-agnostic platform, myNuspire, allows greater visibility into your entire security program. Powered by the self-healing always on Nuspire Cyber X Platform (CXP), myNuspire will help CISOs alleviate the pain associated with tech sprawl, provide intelligence driven recommendations, solve for alert fatigue and help their clients become more secure over time. Our deep bench of cybersecurity experts, award-winning threat intelligence and three 24×7 security operations centers (SOCs) detect, respond, and remediate advanced cyber threats. Our client base spans thousands of enterprises from midsized to large enterprises that span across multiple industries and geographic footprints. For more information, visit www.nuspire.com and follow us at on LinkedIn @Nuspire.