Interactive Report Summary

Q1 2022 Threat Report

Use of malware, botnets and exploits expands; Mirai sees resurgence

Q1 2022 saw an increase in malware, botnet and exploitation events over Q4 2021. Learn more about the biggest threats we saw, including a slew of new vulnerabilities, in our latest report.

Download the Report

Top Findings at a Glance

MALWARE

VBA agents continue to dominate

Password-protected Microsoft Office files a close second

BOTNET

New STRRAT botnet engages in phishing campaign

45 unique botnets detected

EXPLOIT

Bruteforcing continues to dominate

Apache Log4j remains a popular exploit

SubaruDT Pre-Retailers

Industry Spotlight: Automotive

Automotive continues to be a popular industry target, fending off attacks from Conti Ransomware and Mofang (Superman).

Some of the most popular tactics used by ransomware gangs include spearphishing that leverages malicious Microsoft Office documents, bruteforcing exposed remote desktop protocol, deploying fake software updates and exploiting newly-announced vulnerabilities.

Methodology

Hover over tiles to learn more

GATHER

Collects threat intelligence and data from global sources, client devices and reputable third parties.

PROCESS

Data is analyzed by a combination of machine learning, algorithm scoring and anomaly detection.

DETECT

Using Nuspire’s cloud-based SIEM, log data is ingested and alerts the security operations center (SOC). The SOC then notifies the client and works with them to remediate the threat.

EVALUATE

Analysts further scrutinize the research, scoring and tracking of existing and new threats.

DISSEMINATE

Analysts leverage the insights to constantly improve the SOC, alerting, and the community through the creation of detection rules, briefs, and presentations.

Q1 2022 in Review

January through March

Timeline graphic

February 1

New “high-priority” Linux vulnerability affects all supported Ubuntu releases

February 3

Critical vulnerabilities announced in Cisco Small Business RV Series routers

February 8

Microsoft to block Office VBA macros by default

February 9

Critical vulnerabilities affecting SAP applications employing internet communication manager (ICM)

February 24

Russian APT cyberattacks against Ukrainian assets

March 7

New Linux vulnerability gives root access on all major distributions

March 9

CISA releases advisory to patch two actively exploited Firefox zero-day attacks

March 14

Automotive giant Denso reveals ransomware attack

March 18

Russian state-sponsored threat actors exploit default MFA protocols and PrintNightmare

March 22

Okta confirms investigation into potential client breach

March 26

Google releases “emergency patch” for Chrome zero-day attack

March 28

Patch released for Sophos firewall vulnerability that allows remote code execution

March 31

Popular Java web app framework experiences zero-day dubbed “Spring4Shell”

Let's Dive Into the Data

#
Activity
Average
0

Total Events

0

Unique Variants

0.76%

Total Activity

Malware

Detection, Q1 2022

Across Nuspire managed and monitored devices, there was an increase of 4.76% in total malware activity compared to Q4 2021.

How to Combat
To strengthen your defenses against malware activity, you’ll need to adopt a multiprong approach including endpoint protection platforms and cyber awareness training.

Malware

As previously witnessed, VBA Agents continue to dominate malware activity; however, Microsoft’s announcement around blocking VBA macros by default on Office products will likely cripple this attack vector.

#
Activity
Average
0

Total Events

0

Unique Variants

-0.21%

Total Activity

Botnets

Detection, Q1 2022

We saw an increase of 12.21% in botnet activity.

How to Combat
Step up your efforts to stop botnet activity, which is usually detected post-infection. We recommend detecting malicious activity and quarantining devices to minimize botnet spread throughout the network.

Botnets

STRRAT botnet came on the scene in Q1 2022. STRRAT contains multiple capabilities such as information stealing, keystroke logging and credential harvesting from browsers and email clients. It is typically deployed via phishing campaigns and uses JavaScript agents and malicious Microsoft Excel files with embedded macros.

#
Activity
Average
0

Total Events

0

Unique Variants

0.87%

Total Activity

Exploits

Detection, Q1 2022

Exploit activity increased by 3.87% over Q4 2021 data, and threat actors focused newly-announced vulnerabilities, especially those with remote code execution (RCE) capabilities.

How to Combat
Stop exploits before they do harm by patching systems and security monitoring to thwart attackers and decrease risk.

Exploits

Bruteforcing was the top exploit in Q1 2022. Threat actors are consistently scanning for exposed services such as SMB and SSH, and if found, will immediately attempt to gain access.

Stay Vigilant

Unfortunately, there is more in store in the cybersecurity threatscape for the rest of 2022. Download the full report to find out how you can prepare and tighten your security controls around the expected challenges highlighted by our security experts.
Download the Report