Nuspire’s Q1 2022 Threat Data Show Resurgence in Older Attack Methods

Nuspire’s latest threat report data showed an increase in all three of the threat classifications it studies – malware, botnets and exploits – with many threat actors leveraging older tactics. In Nuspire’s webinar reviewing its findings, Josh Smith, Cyber Threat Analyst for Nuspire, and Justin Heard, Threat Intel & Rapid Response for Nuspire, reviewed the key data and trends they uncovered and offered actionable tips to combat current cybersecurity threats.

Download the latest report

Cybersecurity Live - Boston

Malware Activity Increased 4.76%

Nuspire saw nearly 3.5 million malware events in Q1 2022, an increase of 4.76% over the previous quarter. While the company was able to isolate 1,342 unique variants, two rose to the top in terms of prominence: VBA agent and JavaScript activity.

Top Malware Detections: VBA & JavaScript

VBA agents imitate legitimate Microsoft Word or Excel files with a lure attempting to trick the end-user into enabling macros. Once enabled, the macros activate a malicious script that contacts the command-and-control server to download an additional payload on the victim’s machine.

“VBA agents are one of the top issues we’ve seen for a while, accounting for nearly 30% of all malware variants we witnessed,” said Josh. “However, Microsoft recently announced plans to block macros by default on Office products files from the internet, and coincidentally, we saw VBA agent activity decrease at the same time.”

Josh added that in the same time period, the Nuspire team saw an increase in the use of JavaScript agents.

“This could potentially be a result of the decrease in VBA agent usage, and that cyber attackers are shifting tactics” he said.

JavaScript agents are a type of malware loader that typically deploy via drive-by download. When a user visits either a legitimate website that has been compromised or a malicious site, a payload is silently downloaded and installed on the victim’s machine, giving the threat actors access. These loaders can additionally be packaged up with the appearance of a legitimate email attachment and deployed during malicious spam campaigns.

“While malware being on the rise is concerning, it’s important to remember that we can do…