Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

11/13/2019
03:45 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Nuspire Security Researchers Discover 730% Increase in Emotet Activity

Recent quarterly threat report highlights the return of Emotet activity throughout Q3

COMMERCE, MI. (November 11, 2019)- Managed Security Services Provider (MSSP), Nuspire today released its recent Quarterly Threat Landscape report that includes top Botnet, Malware and Exploit activity throughout the third quarter. The most prevalent activity identified in the report was Emotet, which had a 730% increase in activity in September after being in a near dormant state. 

Emotet, a modular banking Trojan, has added additional features to steal contents of victim’s inboxes and steal credentials for sending outbound emails. Those credentials are sent to the other bots in its botnet which are used to then transmit Emotet attack messages. When Emotet returned in September, it appeared with TrickBot and Ryuk ransomware to cause the most damage to a network.

“When we saw Emotet decline to a near dormant state in the second quarter, we knew it was only a matter of time until it would resurface with stronger and better tactics,” said Matt Corney, Nuspire CTO. “This significant increase in Emotet activity is one of the most dangers malware botnets affecting the world today.”

Also noted in the report; 

  • 144% increase in activity correlates to TrickBot utilizing a feature called TrickBooster. This new addition gives TrickBot the ability to use the infected machine as a spam email bot. Once the victim receives the email lists the spam campaign begins operating from the victim’s computer.
  • 113% increase in Hawkeye malware that is commonly sold on various hacking forums as a keylogger and stealer. This malware is typically delivered via malicious email campaigns that appear to be requesting invoices, bills of materials, order confirmations as well as other things related to normal corporate functions.
  • Top 5 IoT attacks include OpenDreamBox, JawsDVR, Netcore, Netgear, D-Link.
  • 97% increase in Andromeda activity sourced from Asia and the Middle East.

“The return of Emotet is a prime example of how threats may lay dormant for a while and change their tactics and techniques,” said Shawn Pope, Nuspire Senior Security Analyst. “Patching your systems and staying up to date on these changes is vital to preventing and detecting malicious threats like Emotet.”

Data reported in Nuspire’s Quarterly Threat Landscape Report correlates more than 90 billion logs across the company’s 3,000 global network sensors. Customers enterprise and mid-sized businesses operating in the automotive, franchise, manufacturing, construction healthcare and financial services industries.

 

Nuspire’s Quarterly Threat Report correlates and analyzes threats detected from July 2019 to September 2019. Download the complete report here:https://www.nuspire.com/resource-library/q3/

 

About Nuspire

 

Nuspire is the Managed Security Services (MSS) provider of choice, delivering the greatest risk reduction per cyber-dollar spent. The company’s 24x7 Security Operations Centers (SOCs) and managed detection and response (MDR) service combines award-winning threat detection and response technology with human intervention and analysis, providing end-to-end protection across the gateway, network and endpoint ecosystem. Nuspire pioneered distributed, managed security services within the enterprise and franchise market and today protects thousands of locations globally. For more information, visit www.nuspire.com and follow @Nuspire.

 

XXX

 

MEDIA CONTACT:

Brenna Schafer

[email protected]

248-896-6169

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment:   It's a PEN test of our cloud security.
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9720
PUBLISHED: 2020-01-24
Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.
CVE-2015-1525
PUBLISHED: 2020-01-24
audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attackers to cause a denial of service (audio_policy application outage) via a crafted application that provides a NULL device address.
CVE-2015-1530
PUBLISHED: 2020-01-24
media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows attackers to execute arbitrary code with media_server privileges or cause a denial of service (integer overflow) via a crafted application that provides an invalid array size.
CVE-2015-2688
PUBLISHED: 2020-01-24
buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets.
CVE-2015-2689
PUBLISHED: 2020-01-24
Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets.