Q3 2021 Threat Report
Download the full report
Q3 2021 Threat Report
Botnet and exploitation activity saw significant spikes while malware and ransomware decreased compared to Q2 2021.
Top Findings at a Glance
MALWARE
VGA agents continue
to dominate
BOTNETS
ZeroAcess botnet has
seen a resurgent
Brute force attacks like NetBIos increased
EXPLOITS
Q3 in Review
July 15, 2021
Qlocker Ransomware Targets QNAP devices Via 7-Zip Archives
July 21, 2021
Windows ‘HiveNightmare’ Vulnerability Announced Allowing Privilege Escalation
MAY 14
DarkSide Ransomware Retreats and REvil Changes Targets
JUNE 1
New Ransomware Epsilon Red Actively Targeting Unpatched Microsoft Exchange Servers
JUNE 30
Proof of Concept Exploit Code Released for Windows Print Spooler Vulnerability
DECEMBER 8
NSA Advisory: Russian Threat Actors Exploit VMware Vulnerability
DECEMBER 14
CISA Directive: Active Exploitation of SolarWinds Orion Software
Let's Dive Into the Data
In Q3 2021, Nuspire saw a significant increase in botnet and exploitation events, while malware events decreased.
MALWARE
July 14, 2021
CISA Issues EmergencyDirective on Microsoft WindowsPrint Spooler Vulnerability
BOTNETS
EXPLOITS
As previously witnessed, VBA Agents continue to dominate malware activity, as these are commonly deployed in phishing malspam campaigns and act as an initial loader for other malware families.
3,407,849
TOTAL MALWARE EVENTS
UNIQUE VARIANTS
908
DECREASE IN TOTAL ACTIVITY
-8.37%
Across Nuspire managed and monitored devices, there was a decrease in total malware activity compared to Q2.
While ransomware saw an 18.55% decrease in Q3, we expect to see it surge again during the holiday season.
LEARN MORE
Nuspire team witnessed dangerous vulnerabilities targeting Microsoft Exchange servers: ProxyShell and ProxyLogon.
Methodology
1. Gather
Collects threat intelligence and data from global sources, client devices and reputable third parties.
2. Process
Data is analyzed by a combination of machine learning, algorithm scoring and anomaly detection.
3. Detect
Using Nuspire’s cloud based SIEM, log data is ingested and alerts the security operations center (SOC). The SOC then notifies the client and works with them to remediate the threat.
4. Evaluate
Analysts further scrutinize the research, scoring and tracking of existing and new threats.
5. Disseminate
Analysts leverage the insights to constantly improve the SOC, alerting and the community through the creation of detection rules, briefs, and presentations.
DETECTION, Q3 2021
How to Combat
Proactive Detection and Mitigation Measures
To strengthen your defenses against malware activity, you’ll need to adopt a multiprong approach including endpoint protection platforms and cyber awareness training.
Malware Activity
Moving Average
TOTAL BOTNET EVENTS
1,721,559
UNIQUE VARIANTS
40
INCREASE IN TOTAL ACTIVITY
218.61%
As predicted in Q2, ZeroAccess Botnet has resurged. While the botnets themselves are not new, XorDDOS and BadRabbit are two new additions.
The increase in botnets can likely be attributed to Q2 2021 being one of the least active quarters we've seen.
How to Combat
Proactive Detection and Mitigation Measures
Step up your efforts to stop botnet activity, which is usually detected post-infection. We recommend detecting malicious activity and quarantining devices to minimize botnet spread throughout the network.
TOTAL EXPLOIT EVENTS
35,385,834
UNIQUE EXPLOITS
401
INCREASE IN TOTAL ACTIVITY
82.67%
When reviewing exploit attempts against protocols, NetBIOS was the most attempted protocol again as seen in previous quarters, followed by SSH.
Exploit activity increased when compared to Q2 data, and threat actors focused on targeting perimeter devices.
How to Combat
PROACTIVE DETECTION AND MITIGATION MEASURES
Stop exploits before they do harm by patching systems and security monitoring to thwart attackers and decrease risk.
Top Exploited Vulnerabilities
Unfortunately, there is more in store in the cybersecurity threat scape for 2021. Download the full report to find out how you can prepare and tighten your security controls around the expected challenges highlighted by our security experts.
Download the full report
Download the full report
41.84%
Trojan, HTML Phishing & JavaSCript
SEE DETAILS
unique botnets detected
40
SEE DETAILS
GAIN ACCESS TO THE INTEL
Exploits detected per day
421,259
SEE DETAILS
MALWARE
BOTNETS
EXPLOITS
DOWNLOAD THE REPORT FOR OUR FULL REVIEW
CLICK TO ACCESS MORE STEPS
DOWNLOAD THE REPORT FOR OUR FULL REVIEW
CLICK TO ACCESS MORE RECOMMENDATIONS
DOWNLOAD THE REPORT FOR OUR FULL REVIEW
CLICK TO ACCESS MORE RECOMMENDATIONS
Download the full report
INTERACTIVE REPORT SUMMARY
Access the full Threat Landscape Report.
On-demand Webinar
JOIN THE LIVE WEBINAR 9/14 WITH RECORDED FUTURE
August 23, 2021
CISA Releases Advisory on Active Exploitation of ProxyShell Vulnerabilities
September 9, 2021
Microsoft Releases Multiple Out of Cycle Patches and Updated Vulnerability Disclosures
September 21, 2021
CISA Releases Advisory Regarding NETGEAR RCE Vulnerability
MALWARE
Botnet Activity
DETECTION, Q3 2021
BOTNETS
Moving Average
Botnet Average
Moving Average
DETECTION, Q3 2021
MALWARE
Exploit Activity
DETECTION, Q3 2021
EXPLOITS
Moving Average
Exploit Average
Moving Average
DETECTION, Q3 2021
BOTNET
On-demand Webinar
Download the full report
Download the full report
Access the full Threat Landscape Report.
Access the full Threat Landscape Report.