Malware activity spikes 128%, Office document phishing skyrockets

Nuspire released a report, outlining new cybercriminal activity and tactics, techniques and procedures (TTPs) throughout Q3 2020, with additional insight from Recorded Future.

malware activity q3 2020

Threat actors becoming even more ruthless

The report demonstrates threat actors becoming even more ruthless. Throughout Q3, hackers shifted focus from home networks to overburdened public entities, including the education sector and the Election Assistance Commission (EAC). Malware campaigns, like Emotet, utilized these events as phishing lure themes to assist in delivery.

“We continue to see attackers use newsjacking and typosquatting techniques to attack organizations with ransomware, especially this quarter with the Presidential election and schools moving to a virtual learning model,” said John Ayers, Nuspire Chief Strategy Product Officer.

“It’s important for organizations to understand the latest threat landscape is changing so they can better prepare for current themes and better understand their risk.”

Increase in malware activity

There has been a significant increase in malware activity over the course of Q3 2020; the 128% increase from Q2 represents more than 43,000 malware variants detected a day.

As Emotet made a significant appearance, new features in Emotet modules were discovered, implying the group will likely continue operations throughout the remainder of the next quarter to successfully gauge the viability of these new features.

“Intelligence is key to identifying these top threats like Emotet,” said Greg Lesnewich, Senior Intelligence Analyst, Recorded Future.

“Keeping a vigilant eye on how threats evolve, grow and adapt over time helps us understand how threat actors have been retooling their tactics. It’s more important than ever to consistently have visibility into the threat landscape.”

Additional findings

  • The ZeroAccess botnet made another big appearance in Q3. It resurged in Q2, coming in second for most used botnet, but then went quiet towards the end of Q2, coming back up in Q3.
  • Office document phishing skyrocketed during the second half of Q3, which could be due to the upcoming election, or because attackers have just finished retooling.
  • Ransomware attack on the automotive industry is on the rise. At the end of Q3 2020, references have already surpassed the 2019 total at 18,307, an increase of 79.15% with Q4 still remaining.
  • H-Worm Botnet, also known as Houdini, Dunihi, njRAT, NJw0rm, Wshrat, and Kognito, surged to the top of witnessed Botnet traffic for Q3 from the actors behind the botnet by deploying instances of Remote Access Trojans (RATs) using COVID-19 phishing lures and executable names.
Share this