Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

11/13/2019
03:45 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Nuspire Security Researchers Discover 730% Increase in Emotet Activity

Recent quarterly threat report highlights the return of Emotet activity throughout Q3

COMMERCE, MI. (November 11, 2019)- Managed Security Services Provider (MSSP), Nuspire today released its recent Quarterly Threat Landscape report that includes top Botnet, Malware and Exploit activity throughout the third quarter. The most prevalent activity identified in the report was Emotet, which had a 730% increase in activity in September after being in a near dormant state. 

Emotet, a modular banking Trojan, has added additional features to steal contents of victim’s inboxes and steal credentials for sending outbound emails. Those credentials are sent to the other bots in its botnet which are used to then transmit Emotet attack messages. When Emotet returned in September, it appeared with TrickBot and Ryuk ransomware to cause the most damage to a network.

“When we saw Emotet decline to a near dormant state in the second quarter, we knew it was only a matter of time until it would resurface with stronger and better tactics,” said Matt Corney, Nuspire CTO. “This significant increase in Emotet activity is one of the most dangers malware botnets affecting the world today.”

Also noted in the report; 

  • 144% increase in activity correlates to TrickBot utilizing a feature called TrickBooster. This new addition gives TrickBot the ability to use the infected machine as a spam email bot. Once the victim receives the email lists the spam campaign begins operating from the victim’s computer.
  • 113% increase in Hawkeye malware that is commonly sold on various hacking forums as a keylogger and stealer. This malware is typically delivered via malicious email campaigns that appear to be requesting invoices, bills of materials, order confirmations as well as other things related to normal corporate functions.
  • Top 5 IoT attacks include OpenDreamBox, JawsDVR, Netcore, Netgear, D-Link.
  • 97% increase in Andromeda activity sourced from Asia and the Middle East.

“The return of Emotet is a prime example of how threats may lay dormant for a while and change their tactics and techniques,” said Shawn Pope, Nuspire Senior Security Analyst. “Patching your systems and staying up to date on these changes is vital to preventing and detecting malicious threats like Emotet.”

Data reported in Nuspire’s Quarterly Threat Landscape Report correlates more than 90 billion logs across the company’s 3,000 global network sensors. Customers enterprise and mid-sized businesses operating in the automotive, franchise, manufacturing, construction healthcare and financial services industries.

 

Nuspire’s Quarterly Threat Report correlates and analyzes threats detected from July 2019 to September 2019. Download the complete report here:https://www.nuspire.com/resource-library/q3/

 

About Nuspire

 

Nuspire is the Managed Security Services (MSS) provider of choice, delivering the greatest risk reduction per cyber-dollar spent. The company’s 24x7 Security Operations Centers (SOCs) and managed detection and response (MDR) service combines award-winning threat detection and response technology with human intervention and analysis, providing end-to-end protection across the gateway, network and endpoint ecosystem. Nuspire pioneered distributed, managed security services within the enterprise and franchise market and today protects thousands of locations globally. For more information, visit www.nuspire.com and follow @Nuspire.

 

XXX

 

MEDIA CONTACT:

Brenna Schafer

[email protected]

248-896-6169

 

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5162
PUBLISHED: 2020-02-25
An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as t...
CVE-2019-5165
PUBLISHED: 2020-02-25
An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attacker ...
CVE-2020-9383
PUBLISHED: 2020-02-25
An issue was discovered in the Linux kernel through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.
CVE-2019-5136
PUBLISHED: 2020-02-25
An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands ...
CVE-2019-5137
PUBLISHED: 2020-02-25
The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13.