Interactive Report Summary

Q3 2022 Threat Report

Q3 maintained the surging levels of cyberattacks we saw in Q2 in all three of our tracked sectors: malware, botnets and exploits. Learn more about the biggest threats we saw, plus get a look into the healthcare industry’s threat landscape in our latest report 
Download the Report

Top Findings at a Glance


Kryptik trojan malware jumps nearly 240%

Malware events decreased by 16%


Botnet activity jumped over 35%

Older remote access trojan, Xtreme RAT, sees resurgence


Brute forcing remains top exploit tactic

VMware Workspace ONE vulnerability draws attention of multiple cybercrime families


Industry Spotlight: Healthcare

Healthcare organizations deal with a wide variety of sensitive and personal data, and they need operations to run flawlessly because lives are literally on the line if there is any disruption.

Threat actors know if they can launch an attack, the pressure on these organizations skyrockets, making them more inclined to pay out during a ransomware attack. In addition, personal identifying information (PII) is valuable on the dark web markets.

Top healthcare threat actors include FIN4, Orangeworm, Deep Panda, APT10, APT18, APT41, APT1 and APT29.


How Nuspire produces its threat intelligence 

Hover over tiles to learn more


Collects threat intelligence and data from global sources, client devices and reputable third parties.


Data is analyzed by a combination of machine learning, algorithm scoring and anomaly detection.


Using Nuspire’s cloud-based SIEM, log data is ingested and alerts the security operations center (SOC). The SOC then notifies the client and works with them to remediate the threat.


Analysts further scrutinize the research, scoring and tracking of existing and new threats.


Analysts leverage the insights to constantly improve the SOC, alerting, and the community through the creation of detection rules, briefs, and presentations.

Q3 2022 in Review

July through September

Timeline graphic

July 6

North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector

July 18

CISA Updates Advisory on Cyber Actors’ Continued Exploitation of Log4Shell in VMware Horizon Systems

August 2

VMware Urges Admins to Patch Critical Vulnerability Immediately

August 16

Threat Actors Exploiting Multiple Vulnerabilities Against Zimbra Collaboration Suite

September 9

Cisco Releases Security Updates for Multiple Products

September 21

Threat Actors Using Multi-Factor Authentication Fatigue in High-Profile Breaches

September 30

Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server

Let's Dive Into the Data


Total Events


Unique Variants


Total Activity


While we observed a decrease in malware activity when compared to the previous quarter, it’s important to note that malware usage is still high. In fact, Kryptik trojan malware variants increased 236.22 percent in Q3. Kryptik is distributed to victims through phishing campaigns or when victims visit malicious sites. Focused on stealing information, this malware searches for and steals credentials from users’ browsers and applications. It also can steal cryptocurrency wallets, files and SSH keys.


Total Events


Unique Variants


Total Activity


Torpig Mebroot maintained its spot at the top of our list of most active botnets; however, we also so a resurgence of older botnets, including Xtreme RAT. Xtreme RAT is a remote access trojan first witnessed in 2010. It has multiple capabilities such as stealing data, manipulating processes and services, worming capabilities, keylogging and more. Typically, Xtreme RAT is spread via phishing or attached maliciously to applications that may include fake driver updates, pirated software and games, and free software.


Total Events


Unique Variants


Total activity


Threat actors continue to leverage brute forcing and newly-announced vulnerabilities to earn their pay. Nuspire detected a steady stream of attempts against the VMware Workspace ONE Access and Identity Manager vulnerability, and expects to see this continue given its important role in SSO, MFA and more.

Stay Vigilant

Q3 2022 maintained the elevated rate of cyberattacks we saw in Q2, reinforcing the need for organizations to double-down on their security defenses. Download the full report to find out how you can prepare and tighten your security controls around the expected challenges highlighted by our security experts. 
Download the Report