Cyberattackers decreased their activity at the end of 2019, but only to change tactics
Attackers know that humans are still the weakest link. Across the board, malicious cyber-activity was down partly as a result of hectic holiday schedules and vacations with fewer employees around to interact with malicious activity.
However, this decrease in activity also tracks to the heightened malicious activity Nuspire researchers saw at the beginning of 2019. Targeting employees returning to the office and digging through emails received over the holidays is a prime opportunity to strike.
“While we saw a reduction in known attacks in the 4th quarter, the frequency and severity of attacks will always fluctuate. However, the trends lines have always moved upwards.
“As an industry, we must stay diligent and focused on understanding what threat actors pose the biggest threat to your business, how they will attack you and what safeguards you have in place to detect and respond to malicious activity. We simply can’t afford to let our guard down”, said Lewie Dunsworth, CEO of Nuspire.
“Year over year, adversaries have demonstrated their ability to evolve and increase the sophistication of their attacks doing more harm, faster than ever. While organizations must continually refresh cybersecurity policies, stress hygiene best practices, and practice effective change management, it’s critical to have trusted partners that you can lean on to assist with both the response and remediation efforts.”
Cyberattackers are retooling methodologies
The decrease in botnet (22%), malware (19%) and exploit activity (12%) also suggests that cyberattackers are retooling methodologies in order to change tactics and techniques for 2020 as evidenced by other notable findings in the report including:
- Sora, a variant of the notorious Mirai IoT botnet, despite almost completely ceasing activity by the end of the year, continues to reign supreme as the most prevalent botnet, followed by Andromeda, Necurs and Conficker.
- njRAT detection increased by 89% from August to early October 2019 following the release of a new version.
- Increased government attention and frequency of ransomware malspam campaigns as a delivery method this quarter correlated to the spike in malware detection in early Q4 2019.
- Significant increase in exploit attempts for IFS Remote Code Execution furthered the point that attackers recycle through older attack methods to catch enterprises when they least expect it.
- Visual Basics for Applications (VBA) scripts remained prevalent throughout Q4 and the entirety of 2019, dropping by a mere 5% in detections in Q4. These VBA scripts are what is embedded into malicious documents that when executed, perform malicious actions.
“Unfortunately, 2020 will see the continued evolution of old, but tried and true, threats. Delivery will be through channels that look and seem safe but are vulnerable,” said Shawn Pope, Senior Security Analyst of Nuspire. “Organizations need to be vigilant in continually reminding and educating employees of their role as the first line of defense.”