Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

checkLoop 1checkLoop 2checkLoop 3
11/13/2019
03:45 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Nuspire Security Researchers Discover 730% Increase in Emotet Activity

Recent quarterly threat report highlights the return of Emotet activity throughout Q3

COMMERCE, MI. (November 11, 2019)- Managed Security Services Provider (MSSP), Nuspire today released its recent Quarterly Threat Landscape report that includes top Botnet, Malware and Exploit activity throughout the third quarter. The most prevalent activity identified in the report was Emotet, which had a 730% increase in activity in September after being in a near dormant state. 

Emotet, a modular banking Trojan, has added additional features to steal contents of victim’s inboxes and steal credentials for sending outbound emails. Those credentials are sent to the other bots in its botnet which are used to then transmit Emotet attack messages. When Emotet returned in September, it appeared with TrickBot and Ryuk ransomware to cause the most damage to a network.

“When we saw Emotet decline to a near dormant state in the second quarter, we knew it was only a matter of time until it would resurface with stronger and better tactics,” said Matt Corney, Nuspire CTO. “This significant increase in Emotet activity is one of the most dangers malware botnets affecting the world today.”

Also noted in the report; 

  • 144% increase in activity correlates to TrickBot utilizing a feature called TrickBooster. This new addition gives TrickBot the ability to use the infected machine as a spam email bot. Once the victim receives the email lists the spam campaign begins operating from the victim’s computer.
  • 113% increase in Hawkeye malware that is commonly sold on various hacking forums as a keylogger and stealer. This malware is typically delivered via malicious email campaigns that appear to be requesting invoices, bills of materials, order confirmations as well as other things related to normal corporate functions.
  • Top 5 IoT attacks include OpenDreamBox, JawsDVR, Netcore, Netgear, D-Link.
  • 97% increase in Andromeda activity sourced from Asia and the Middle East.

“The return of Emotet is a prime example of how threats may lay dormant for a while and change their tactics and techniques,” said Shawn Pope, Nuspire Senior Security Analyst. “Patching your systems and staying up to date on these changes is vital to preventing and detecting malicious threats like Emotet.”

Data reported in Nuspire’s Quarterly Threat Landscape Report correlates more than 90 billion logs across the company’s 3,000 global network sensors. Customers enterprise and mid-sized businesses operating in the automotive, franchise, manufacturing, construction healthcare and financial services industries.

 

Nuspire’s Quarterly Threat Report correlates and analyzes threats detected from July 2019 to September 2019. Download the complete report here:https://www.nuspire.com/resource-library/q3/

 

About Nuspire

 

Nuspire is the Managed Security Services (MSS) provider of choice, delivering the greatest risk reduction per cyber-dollar spent. The company’s 24x7 Security Operations Centers (SOCs) and managed detection and response (MDR) service combines award-winning threat detection and response technology with human intervention and analysis, providing end-to-end protection across the gateway, network and endpoint ecosystem. Nuspire pioneered distributed, managed security services within the enterprise and franchise market and today protects thousands of locations globally. For more information, visit www.nuspire.com and follow @Nuspire.

 

XXX

 

MEDIA CONTACT:

Brenna Schafer

[email protected]

248-896-6169

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19777
PUBLISHED: 2019-12-13
stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main.
CVE-2019-19778
PUBLISHED: 2019-12-13
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer over-read in the function load_sixel at loader.c.
CVE-2019-16777
PUBLISHED: 2019-12-13
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of pa...
CVE-2019-16775
PUBLISHED: 2019-12-13
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publi...
CVE-2019-16776
PUBLISHED: 2019-12-13
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain...
checkLoop 4