As the COVID-19 pandemic continues and many still work from home, cybercriminals have pivoted from trying to draw in victims using COVID-19 related content and are using other prominent media themes such as the upcoming U.S. election and the Black Lives Matter movement.
The findings come from Commerce Charter Township-based Nuspire, which has released its Q2 2020 Quarterly Threat Landscape Report, which outlines cybercriminal activity and tactics, techniques, and procedures. The COVID-19 pandemic is now in its sixth month in the U.S.
Nuspire observed an increase in both botnet (through which hackers can control devices) and exploit (a code that takes advantage of a software vulnerability or flaw) activity over the course of the second quarter by 29 percent and 13 percent respectively, coming out to more than 17,000 botnet and 187,000 exploit attacks per day.
While attackers targeted remote work technology at the source to obtain access to the enterprise in the first quarter, Nuspire observed a shift in tactics to leverage botnets to obtain a foothold in the network. Home routers typically are not monitored by information technology teams and have therefore become a viable attack method that avoids detection while infiltrating corporate networks.
“Today, the pandemic has complicated an already complex threat landscape,” says Lewie Dunsworth, CEO of Nuspire. “CISOs are under great pressure to ensure their virtual organizations are secure. Threat vectors will continue to evolve as the uncertainty of our world continues to play out. That’s why our team analyzes the latest threat intelligence daily and uses this data to engage in proactive threat hunting and response to ensure our clients have the upper hand.”
Some cyberattack methods have made a comeback during the pandemic, including the ZeroAccess botnet, which made a resurgence in the second quarter, coming in second for the most used botnet. ZeroAccess was originally terminated in 2013 but has made rare resurgences over the last seven years.
Nuspire saw a significant spike in exploit attempts against Shellshock, an exploit discovered in 2014, demonstrating attackers attempt to use old vulnerabilities to catch old operating systems and unpatched systems.
A new signature, dubbed MSOffice Sneaky, was released during the second quarter. It uses documents containing malicious macros that reach out to command and control servers to download a malware of attackers. The attack vector is increasingly dangerous, especially when remote employees disconnect from their VPNs.
DoublePulsar, the exploit developed by the National Security Agency, continues to dominate the exploit chart, consisting of 72 percent of all exploit attempts witnessed at Nuspire.
The full report is available here.
Nuspire is a managed security services provider.