Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

11/13/2019
03:45 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Nuspire Security Researchers Discover 730% Increase in Emotet Activity

Recent quarterly threat report highlights the return of Emotet activity throughout Q3

COMMERCE, MI. (November 11, 2019)- Managed Security Services Provider (MSSP), Nuspire today released its recent Quarterly Threat Landscape report that includes top Botnet, Malware and Exploit activity throughout the third quarter. The most prevalent activity identified in the report was Emotet, which had a 730% increase in activity in September after being in a near dormant state. 

Emotet, a modular banking Trojan, has added additional features to steal contents of victim’s inboxes and steal credentials for sending outbound emails. Those credentials are sent to the other bots in its botnet which are used to then transmit Emotet attack messages. When Emotet returned in September, it appeared with TrickBot and Ryuk ransomware to cause the most damage to a network.

“When we saw Emotet decline to a near dormant state in the second quarter, we knew it was only a matter of time until it would resurface with stronger and better tactics,” said Matt Corney, Nuspire CTO. “This significant increase in Emotet activity is one of the most dangers malware botnets affecting the world today.”

Also noted in the report; 

  • 144% increase in activity correlates to TrickBot utilizing a feature called TrickBooster. This new addition gives TrickBot the ability to use the infected machine as a spam email bot. Once the victim receives the email lists the spam campaign begins operating from the victim’s computer.
  • 113% increase in Hawkeye malware that is commonly sold on various hacking forums as a keylogger and stealer. This malware is typically delivered via malicious email campaigns that appear to be requesting invoices, bills of materials, order confirmations as well as other things related to normal corporate functions.
  • Top 5 IoT attacks include OpenDreamBox, JawsDVR, Netcore, Netgear, D-Link.
  • 97% increase in Andromeda activity sourced from Asia and the Middle East.

“The return of Emotet is a prime example of how threats may lay dormant for a while and change their tactics and techniques,” said Shawn Pope, Nuspire Senior Security Analyst. “Patching your systems and staying up to date on these changes is vital to preventing and detecting malicious threats like Emotet.”

Data reported in Nuspire’s Quarterly Threat Landscape Report correlates more than 90 billion logs across the company’s 3,000 global network sensors. Customers enterprise and mid-sized businesses operating in the automotive, franchise, manufacturing, construction healthcare and financial services industries.

 

Nuspire’s Quarterly Threat Report correlates and analyzes threats detected from July 2019 to September 2019. Download the complete report here:https://www.nuspire.com/resource-library/q3/

 

About Nuspire

 

Nuspire is the Managed Security Services (MSS) provider of choice, delivering the greatest risk reduction per cyber-dollar spent. The company’s 24x7 Security Operations Centers (SOCs) and managed detection and response (MDR) service combines award-winning threat detection and response technology with human intervention and analysis, providing end-to-end protection across the gateway, network and endpoint ecosystem. Nuspire pioneered distributed, managed security services within the enterprise and franchise market and today protects thousands of locations globally. For more information, visit www.nuspire.com and follow @Nuspire.

 

XXX

 

MEDIA CONTACT:

Brenna Schafer

[email protected]

248-896-6169

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Attackers Could Use Azure Apps to Sneak into Microsoft 365
Kelly Sheridan, Staff Editor, Dark Reading,  3/24/2020
Malicious USB Drive Hides Behind Gift Card Lure
Dark Reading Staff 3/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10940
PUBLISHED: 2020-03-27
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.
CVE-2020-10939
PUBLISHED: 2020-03-27
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.
CVE-2020-6095
PUBLISHED: 2020-03-27
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2020-10817
PUBLISHED: 2020-03-27
The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.
CVE-2020-10952
PUBLISHED: 2020-03-27
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.