Interactive Report Summary

Q2 2021 Threat Report

Malware activity began to rise while Nuspire saw a decrease in botnet and exploit activity compared to Q1.

Top Findings at a Glance

Lesson learned in Q2 2021: Cybersecurity is not a solo effort. Q2 brought some major news in ransomware, including the Colonial Pipeline attack, the disbandment of the DarkSide and REvil ransomware gangs and, as we head into Q3, the arrival of the newest gang to the block, BlackMatter.

MALWARE

VBA Agent is back on the rise

41.84% spike in malware was observed in Q2

BOTNET

Emotet disruption leads to lowest number of Botnets

45,027 infections per week in Q2 2021

EXPLOIT

Increase in brute force attacks

8,458.92% SMB attacks increased throughout the quarter

Nuspire Culture - Nuspire technician in server room

If Botnet activity continues to trend up, Q3 may shine a light on major events connected to the increase in detections.

Nuspire witnessed an increase of SSH brute forcing by 34,310.07%.

Methodology

Hover over tiles to learn more

GATHER

Collects threat intelligence and data from global sources, client devices and reputable third parties.

PROCESS

Data is analyzed by a combination of machine learning, algorithm scoring and anomaly detection.

DETECT

Using Nuspire’s cloud-based SIEM, log data is ingested and alerts the security operations center (SOC). The SOC then notifies the client and works with them to remediate the threat.

EVALUATE

Analysts further scrutinize the research, scoring and tracking of existing and new threats.

DISSEMINATE

Analysts leverage the insights to constantly improve the SOC, alerting, and the community through the creation of detection rules, briefs, and presentations.

Q2 2021 in Review

April through June

APRIL 21

Joint Advisory from NSA, CISA and FBI released regarding Russian Foreign Intelligence Service

APRIL 23

Qlocker Ransomware Targets QNAP devices Via 7-Zip Archives

APRIL 26

Emotet Receives Final “Uninstall” Update from Law Enforcement

MAY 5

Millions of Dell Users at Risk from Kernel-Privilege Bugs

MAY 12

Colonial Pipeline Shuts Down Due to Ransomware Attack

MAY 14

DarkSide Ransomware Retreats and REvil Changes Targets

JUNE 1

New Ransomware Epsilon Red Actively Targeting Unpatched Microsoft Exchange Servers

JUNE 30

Proof of Concept Exploit Code Released for Windows Print Spooler Vulnerability

Let's Dive Into the Data

Activity

Average

Total Events

Unique Variants

0.84%

Total Activity

Malware

Detection, Q2 2021

Across Nuspire managed and monitored devices, there was a 41.84% increase in total malware activity compared to Q1.

How to Combat
To strengthen your defenses against malware activity you’ll need to adopt a multiprong approach including endpoint protection platforms and cyber awareness training.

Malware

VBA agent activity decreased throughout Q1, and as predicted, it’s now back on the rise ― increasing 269.94% from the beginning of the quarter to peak activity in week 10. Activity often comes and goes in waves while threat actors retool, develop new capabilities and adjust phishing lures.

Activity

Average

Total Events

Unique Variants

-0.34%

Total Activity

Botnets

Detection, Q2 2021

Overall, there was a 50.34% decrease in botnet activity observed compared to Q1 2021.

How to Combat
Step up your efforts to stop botnet activity, which is usually detected post-infection. We recommend detecting malicious activity and quarantining devices to minimize botnet spread throughout the network.

Botnets

The decrease in activity likely can be attributed to the Q1 shutdown of the Emotet botnet, which significantly impacted the botnet space. Generally, activity observed during Q2 was provided by the Andromeda and Torpig botnets, which typically have been the most active since Emotet’s disruption.

Activity

Average

Total Events

Unique Variants

0.60%

Total Activity

Exploits

Detection, Q2 2021

Throughout Q2, Nuspire witnessed an increase in brute force attacks focused on SMB and SSH logins. SMB attacks continually increased throughout the quarter with a total increase of 8,458.92%.

How to Combat
Stop exploits before they do harm by patching systems and security monitoring to thwart attackers and decrease risk.

Exploits

SSH login brute force attempts also shared a similar story with the exception of activity beginning to trail off after week 8. From the beginning of the quarter to the peak of activity, Nuspire witnessed an increase of SSH brute forcing by 34,310.07%.

Stay Vigilant

Unfortunately, there is more in store in the cybersecurity threat scape for 2021. Download the full report to find out how you can prepare and tighten your security controls around the expected challenges highlighted by our security experts.

Download the Report