Tag Archive for: resurgence

Nuspire’s Q1 2022 Threat Data Show Resurgence in Older Attack Methods


Nuspire’s latest threat report data showed an increase in all three of the threat classifications it studies – malware, botnets and exploits – with many threat actors leveraging older tactics. In Nuspire’s webinar reviewing its findings, Josh Smith, Cyber Threat Analyst for Nuspire, and Justin Heard, Threat Intel & Rapid Response for Nuspire, reviewed the key data and trends they uncovered and offered actionable tips to combat current cybersecurity threats.

Download the latest report

Cybersecurity Live - Boston

Malware Activity Increased 4.76%

Nuspire saw nearly 3.5 million malware events in Q1 2022, an increase of 4.76% over the previous quarter. While the company was able to isolate 1,342 unique variants, two rose to the top in terms of prominence: VBA agent and JavaScript activity.

Top Malware Detections: VBA & JavaScript

VBA agents imitate legitimate Microsoft Word or Excel files with a lure attempting to trick the end-user into enabling macros. Once enabled, the macros activate a malicious script that contacts the command-and-control server to download an additional payload on the victim’s machine.

“VBA agents are one of the top issues we’ve seen for a while, accounting for nearly 30% of all malware variants we witnessed,” said Josh. “However, Microsoft recently announced plans to block macros by default on Office products files from the internet, and coincidentally, we saw VBA agent activity decrease at the same time.”

Josh added that in the same time period, the Nuspire team saw an increase in the use of JavaScript agents.

“This could potentially be a result of the decrease in VBA agent usage, and that cyber attackers are shifting tactics” he said.

JavaScript agents are a type of malware loader that typically deploy via drive-by download. When a user visits either a legitimate website that has been compromised or a malicious site, a payload is silently downloaded and installed on the victim’s machine, giving the threat actors access. These loaders can additionally be packaged up with the appearance of a legitimate email attachment and deployed during malicious spam campaigns.

“While malware being on the rise is concerning, it’s important to remember that we can do…

Source…

COVID-19 themed malware and credential theft campaigns make a resurgence as Delta variant spreads


Proofpoint finds COVID-19 themed email threats make a resurgence as the Delta variant spreads.

Since late June 2021, Proofpoint has observed high volumes of COVID-19 themed threats distributing malware and credential theft campaigns, including a Microsoft credential theft campaign targeting thousands of organisations globally. Proofpoint researchers also identified an increase in business email compromise, with threat actors posing as human resource professionals to gain an individual’s trust.  

The new attacks follow a lull in COVID-19-themed threat campaigns through the Spring and early Summer of 2021. Now, multiple types of high-volume threats have pivoted back to using COVID-19 social engineering themes as global concern about the Delta variant rises. 

Proofpoint has been tracking ongoing threats using COVID-19 and related coronavirus themes since the beginning of the pandemic. TA452, known to distribute Emotet, first began using COVID-19 in email threats in January 2020. Although the virus has remained an ongoing theme, researchers have observed a significant increase in messages leveraging COVID-19 in recent months. 

Since late June 2021, Proofpoint has observed high a volume COVID-19 themed campaigns distributing RustyBuer, Formbook, and Ave Maria malware, in addition to multiple corporate phishing attempts to steal Microsoft and O365 credentials. The researchers also found an increase in business email compromise threats using COVID-19 themes during this timeframe.

“The increase in COVID-19 themes in our data aligns with public interest in the highly contagious COVID-19 Delta variant,” says Proofpoint.

“According to global Google Trend data, worldwide searches for “Delta variant” first peaked the last week in June 2021 and have continued through August 2021 so far. The increase in COVID-19 related threats is global. We observed tens of thousands of messages intended for customers in various industries worldwide.” 

Open-source data also supports a greater threat actor adoption of COVID-19 themes. South Korea, for example, recently raised its cyber threat warning level in response to an increase of threats related to its COVID-19 relief programs. 

Threat actors…

Source…

DDoS Attacks Wane in Q4 Amid Cryptomining Resurgence – Threatpost



DDoS Attacks Wane in Q4 Amid Cryptomining Resurgence  Threatpost

Source…