Interactive Report Summary

Q3 2023 Cyber Threat Report

In Q3 2023, Nuspire analysts observed a number of notable events and trends, including the advanced tactics employed by ransomware groups like ALPHV and the concerning rise of botnets such as Torpig Mebroot. During this quarter, there was a remarkable 67.51% surge in botnet activity, signaling a growing threat. Discover the latest insights into the most substantial threats we encountered, along with an in-depth exploration of the threat landscape within the hospitality industry in our newest report. 
Download the full report

Top Findings at a Glance

MALWARE

8Base and Akira join top 5 ransomware gangs

JavaScript phishing variants dominate

BOTNET

Botnet activity surged by 68%

TorrentLocker emerges as top botnet

EXPLOIT

Exploits decline by 33%

HTTP Server Authorization Buffer Overflow gains popularity

Industry Spotlight: Hospitality Services

Industry Spotlight: Hospitality Services

Data breaches, ransomware attacks and phishing schemes have become prevalent threats in the hospitality services industry, impacting major chains and smaller establishments. The interconnected nature of services, from third-party booking platforms to in-room IoT devices, has expanded potential vulnerabilities. We’ve seen threat actors launch a variety of attacks, such as spear phishing, brute forcing, OS credential dumping, adversary-in-the-middle attacks and more.   

MGM Resorts International recently suffered a crippling cyberattack, causing a substantial $100 million setback in its Q3 results. The breach, attributed to the ALPHV ransomware group in collaboration with Scattered Spider, exploited social engineering tactics, particularly vishing, to impersonate an MGM employee and gain unauthorized access.  

This breach exposed customer data, including sensitive information such as SSNs and passport details. The incident, coupled with a similar attack on Caesar's Entertainment, underscores the significant risks posed by neglecting the human aspect of security. While MGM contained the breach, it experienced a 6% drop in its share price and erosion of brand trust. 


Methodology

How Nuspire produces its threat intelligence 

Hover over tiles to learn more

GATHER

Collects threat intelligence and data from global sources, client devices and reputable third parties.

PROCESS

Data is analyzed by a combination of machine learning, algorithm scoring and anomaly detection.

DETECT

Using Nuspire’s cloud-based SIEM, log data is ingested and alerts the security operations center (SOC). The SOC then notifies the client and works with them to remediate the threat.

EVALUATE

Analysts further scrutinize the research, scoring and tracking of existing and new threats.

DISSEMINATE

Analysts leverage the insights to constantly improve the SOC, alerting, and the community through the creation of detection rules, briefs, and presentations.

JULY THROUGH SEPTEMBER

Q3 2023 in Review

Q3 2023 proved busy for Microsoft, which announced patches for 8 zero-days.

July
7.7
CISA Releases Joint Advisory on TrueBot Malware
7.11
Microsoft Announces Unpatched Zero-Day Affecting Office Products
7.12
Fortinet released Patches for Critical Vulnerability in FortiOS and FortiProxy
7.12
Popular Open-Source PDF Library GhostScript Announces Critical RCE
7.13
Microsoft’s July 2023 Patch Tuesday Addresses 6 Zero-Days, 132 Vulnerabilities
7.18
Citrix Discloses Actively-Exploited Critical Vulnerability
August
8.8
PaperCut Discloses New High-Level Vulnerability
8.9
Microsoft’s August 2023 Patch Tuesday Addresses 2 Zero-Days, 87 Vulnerabilities
8.16
Racoon Stealer Returns with New Version
8.30
Qakbot Malware Disrupted in Multinational Cyber Takedown
September
9.13
Microsoft’s September 2023 Patch Tuesday Addresses 2 Zero-Days, 59 Vulnerabilities
9.19
Critical Unauthenticated Juniper RCE Vulnerability Affects Estimated 12,000 Devices
9.27
Google Reclassifies libwebp Vulnerability Exploited in Attacks to Critical
9.29
Critical RCE Vulnerability Disclosed for Progress WS_FTP

Let's Dive Into the Data

Botnet activity exploded in Q3, and new ransomware operators joined our top 5 list.

#
Activity
Average
0

Total Events

0

Unique Variants

-0%

Total Activity

Malware

While we saw a decrease in total malware detections in Q3, ransomware maintained the high level of activity Nuspire witnessed in Q2. In addition, two new contenders joined the list of most active ransomware families for Q3: 8Base and Akira.  

#
Activity
Average
0

Total Events

0

Unique Variants

+0%

Total Activity

Botnets

Botnet activity skyrocketed in Q3, with top botnet Torpig Mebroot, clocking an increase in activity of nearly 93% over Q2. An older botnet, TorrentLocker, re-emerged in Q3 as a favorite attack method. The botnet is primarily delivered through phishing emails, enticing victims with unpaid invoices, undelivered packages or unpaid fines. 

#
Activity
Average
0

Total Events

0

Unique Variants

-0%

Total Activity

Exploits

While exploits saw a decrease in activity in Q3, what didn’t change was the astronomical volume of brute forcing attacks aimed at the Secure Shell (SSH) and Server Message Block (SMB) protocols. When examining specific exploits outside of brute forcing (which dwarfs all other exploit activity), we found Apache Log4j remained the most popular. Following closely behind is HTTP Server Authorization Buffer Overflow, a formidable exploit targeting potential flaws in server authorization mechanisms, enabling threat actors to run arbitrary code on affected systems. 

Stay Vigilant

While malware, botnet and exploit activity can ebb and flow, remember that it only takes one successful attack to damage your business. You can’t defend against what you can’t see, so it’s critical to have visibility into your environment and know who or what is out there that could harm you. Threat actors are always employing new or updated tactics, which means your security program needs to constantly adapt. Stay vigilant!
Download the Full Report