Interactive Report Summary

Q2 2022 Threat Report

Nuspire Sees Dramatic Uptick in Q2 2022 Threat Activity

Download the Report

Q2 2022 saw a dramatic uptick in activity across all three of our tracked sectors: malware, botnets and exploits. Learn more about the biggest threats we saw, plus get a look into the manufacturing industry’s threat landscape in our latest report.

Top Findings at a Glance


Malware events jumped over 25%

Crypto mining malware a top threat


Botnet activity doubled

Banking trojan Torpig Mebroot surges in Q2


Exploits grew nearly 150%

DoublePulsar re-emerges as top exploit

Nuspire Manufacturing

Industry Spotlight: Manufacturing

Manufacturing continues to be a popular industry target, fending off attacks from LockBit Ransomware Gang and Dynamite Panda (APT18).

Some of the most popular tactics used by LockBit include phishing, purchasing stolen credentials and access to compromised organizations from other threat actors, as well as exploiting exposed vulnerabilities. Dynamite Panda is a nation-state sponsored APT group that performs espionage operations that include the theft of intellectual property.


Hover over tiles to learn more


Collects threat intelligence and data from global sources, client devices and reputable third parties.


Data is analyzed by a combination of machine learning, algorithm scoring and anomaly detection.


Using Nuspire’s cloud-based SIEM, log data is ingested and alerts the security operations center (SOC). The SOC then notifies the client and works with them to remediate the threat.


Analysts further scrutinize the research, scoring and tracking of existing and new threats.


Analysts leverage the insights to constantly improve the SOC, alerting, and the community through the creation of detection rules, briefs, and presentations.

Q2 2022 in Review

April through June

Timeline graphic

April 6

Google and Mozilla release security updates

April 13

APT actors target ICS/SCADA devices

April 18

North Korean state-sponsored threat actors target blockchain companies

April 22

FBI releases IOCs associated with BlackCat/ALPHV ransomware

May 10

U.S. Government attributes cyberattacks on SATCOM Networks to Russian state-sponsored threat actors

May 18

Threat actors actively exploiting F5 BIG IP CVE-2022-1388

June 23

Threat actors continue to exploit Log4Shell in VMware Horizon Systems

June 29

CISA urges organizations to switch to Microsoft Exchange Online Modern Authentication

Let's Dive Into the Data


Total Events


Unique Variants


Total Activity


With the rising popularity of cryptocurrency, crypto mining malware activity has increased. This quarter, CoinMiner malware took over as Nuspire’s top witnessed malware. This malware has a clear goal: to install itself on a machine, be as quiet as possible, leech resources from the victim machine and mine cryptocurrency.


Total Events


Unique Variants


Total Activity


Torpig Mebroot surged toward the end of Q2. A banking trojan designed to scrape and collect credit card and payment information from infected devices, Torpic Mebroot is particularly difficult to detect and remove, as it infects the victim machine’s master boot record. The malware also provides backdoor access to threat actors to maintain connectivity with a device and allow additional malware to be installed.


Total Events


Unique Variants


Total Activity


DoublePulsar, an older exploit, re-emerged as a dominant threat in Q2. This is perhaps because variants of CoinMiner, a top-witnessed malware in Q2, leverage DoublePulsar to worm through a network and spread the infection.

Stay Vigilant

Q2 2022 showed a steep rise in threats, reinforcing the need for organizations to double-down on their security defenses. Download the full report to find out how you can prepare and tighten your security controls around the expected challenges highlighted by our security experts.
Download the Report