Interactive Report Summary

Q3 2022 Threat Report

Q3 maintained the surging levels of cyberattacks we saw in Q2 in all three of our tracked sectors: malware, botnets and exploits. Learn more about the biggest threats we saw, plus get a look into the healthcare industry’s threat landscape in our latest report 
Download the Report

Top Findings at a Glance

MALWARE

Kryptik trojan malware jumps nearly 240%

Malware events decreased by 16%

BOTNET

Botnet activity jumped over 35%

Older remote access trojan, Xtreme RAT, sees resurgence

EXPLOIT

Brute forcing remains top exploit tactic

VMware Workspace ONE vulnerability draws attention of multiple cybercrime families

Healthcare

Industry Spotlight: Healthcare

Healthcare organizations deal with a wide variety of sensitive and personal data, and they need operations to run flawlessly because lives are literally on the line if there is any disruption.

Threat actors know if they can launch an attack, the pressure on these organizations skyrockets, making them more inclined to pay out during a ransomware attack. In addition, personal identifying information (PII) is valuable on the dark web markets.

Top healthcare threat actors include FIN4, Orangeworm, Deep Panda, APT10, APT18, APT41, APT1 and APT29.

Methodology

How Nuspire produces its threat intelligence 

Hover over tiles to learn more

GATHER

Collects threat intelligence and data from global sources, client devices and reputable third parties.

PROCESS

Data is analyzed by a combination of machine learning, algorithm scoring and anomaly detection.

DETECT

Using Nuspire’s cloud-based SIEM, log data is ingested and alerts the security operations center (SOC). The SOC then notifies the client and works with them to remediate the threat.

EVALUATE

Analysts further scrutinize the research, scoring and tracking of existing and new threats.

DISSEMINATE

Analysts leverage the insights to constantly improve the SOC, alerting, and the community through the creation of detection rules, briefs, and presentations.

Q3 2022 in Review

July through September

Timeline graphic

July 6

North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector

July 18

CISA Updates Advisory on Cyber Actors’ Continued Exploitation of Log4Shell in VMware Horizon Systems

August 2

VMware Urges Admins to Patch Critical Vulnerability Immediately

August 16

Threat Actors Exploiting Multiple Vulnerabilities Against Zimbra Collaboration Suite

September 9

Cisco Releases Security Updates for Multiple Products

September 21

Threat Actors Using Multi-Factor Authentication Fatigue in High-Profile Breaches

September 30

Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server

Let's Dive Into the Data

#
Activity
Average
0

Total Events

0

Unique Variants

-0.73%

Total Activity

Malware

Detection, Q3 2022

Across Nuspire managed and monitored devices, there was a decrease of 15.73% in total malware activity compared to Q2 2022

How to Combat
To strengthen your defenses against malware activity, you’ll need to adopt a multiprong approach including endpoint protection platforms and cyber awareness training.

Malware

While we observed a decrease in malware activity when compared to the previous quarter, it’s important to note that malware usage is still high. In fact, Kryptik trojan malware variants increased 236.22 percent in Q3. Kryptik is distributed to victims through phishing campaigns or when victims visit malicious sites. Focused on stealing information, this malware searches for and steals credentials from users’ browsers and applications. It also can steal cryptocurrency wallets, files and SSH keys.

#
Activity
Average
0

Total Events

0

Unique Variants

0.39%

Total Activity

Botnets

Detection, Q3 2022

Nuspire saw an increase of more than 35% in botnet activity

How to Combat
Step up your efforts to stop botnet activity, which is usually detected post-infection. We recommend detecting malicious activity and quarantining devices to minimize botnet spread throughout the network.

Botnets

Torpig Mebroot maintained its spot at the top of our list of most active botnets; however, we also so a resurgence of older botnets, including Xtreme RAT. Xtreme RAT is a remote access trojan first witnessed in 2010. It has multiple capabilities such as stealing data, manipulating processes and services, worming capabilities, keylogging and more. Typically, Xtreme RAT is spread via phishing or attached maliciously to applications that may include fake driver updates, pirated software and games, and free software.

#
Activity
Average
0

Total Events

0

Unique Variants

0.84%

Total activity

Exploits

Detection, Q3 2022

Exploit activity grew slightly, continuing the heightened levels we saw in Q2

How to Combat
Stop exploits before they do harm by patching systems and security monitoring to thwart attackers and decrease risk.

Exploits

Threat actors continue to leverage brute forcing and newly-announced vulnerabilities to earn their pay. Nuspire detected a steady stream of attempts against the VMware Workspace ONE Access and Identity Manager vulnerability, and expects to see this continue given its important role in SSO, MFA and more.

Stay Vigilant

Q3 2022 maintained the elevated rate of cyberattacks we saw in Q2, reinforcing the need for organizations to double-down on their security defenses. Download the full report to find out how you can prepare and tighten your security controls around the expected challenges highlighted by our security experts. 
Download the Report