Interactive Report Summary
Q4 2022 and Year in Review Threat Report
2022 was a record-breaking year for cyber threats. While Q4 had dips across all three sectors that Nuspire monitors (malware, botnets and exploits), when examining the year’s total threats compared to 2021, we saw an overall surge in threat activity. Learn more about the biggest threats we saw in Q4, plus get a breakdown of how each category we measure compares to 2021.
Download the Report Top Findings at a Glance
Cyberattack Spotlight: Remote Code Execution
Remote code execution (RCE) is a favorite tool of cyber criminals because it allows them to gain access to a user’s data without needing physical access to the network. This means the adversary can steal data, cause service disruption, deploy ransomware and move laterally to other areas in the network.
Notable RCE vulnerabilities announced in Q4 include:
Microsoft Exchange, ConnectWise, Microsoft Windows and Microsoft SPNEGO
Methodology
How Nuspire produces its threat intelligence
Hover over tiles to learn more
Q4 2022 in Review
October through December
Activity
Average
0
Total Events
0
Unique Variants
-0.56%
Total Activity
Malware
Detection, Q4 2022Across Nuspire managed and monitored devices, there was a decrease of 34.56% in total malware activity compared to Q3 2022.
How to Combat
To strengthen your defenses against malware activity, you’ll need to adopt a multiprong approach including endpoint protection platforms and cyber awareness training.
Malware
We observed a decrease in malware activity when compared to the previous quarter, most likely due to the continuing effects of Microsoft’s decision to block Visual Basic for Applications (VBA) macros by default for Office files.
It’s important to note that year-over-year, malware usage is still high, increasing 6.85% in 2022. Phishing is far and away the most popular delivery method for malware, and in Q4, we saw threat actors shift to using Excel add-in (.XLL) files and JavaScript variants.
Activity
Average
0
Total Events
0
Unique Variants
-0.35%
Total Activity
Botnets
Detection, Q4 2022Botnet activity plunged 66.35%
How to Combat
Step up your efforts to stop botnet activity, which is usually detected post-infection. We recommend detecting malicious activity and quarantining devices to minimize botnet spread throughout the network.
Botnets
Botnet activity in Q4 dropped significantly; however, overall activity for 2022 jumped over 30% when compared to 2021.
Torpig Mebroot is a repeat offender on Nuspire’s Quarterly Threat Reports and has appeared once again in the top position in Q4. Even with a substantial decrease in activity (60.34%), Torpig Mebroot still captured just shy of 60% of all witnessed botnet activity during Q4.
Activity
Average
0
Total Events
0
Unique Variants
0.59%
Total Activity
Exploits
Detection, Q4 2022Exploits more than doubled in Q4
How to Combat
Stop exploits before they do harm by patching systems and security monitoring to thwart attackers and decrease risk.
Exploits
Nuspire witnessed a surge in brute forcing in Q4, with activity increasing by a whopping 400% over Q3. In a distant second place, we saw continued exploitation of Apache’s Log4j vulnerability – a vulnerability that shook the industry to its core in December 2021 and continues to wreak havoc today.
Our analysis also uncovered that the Hikvision security camera vulnerability announced in October 2021 saw a resurgence in exploit attempts in Q4. Our experts predict we’ll see more of these IoT attacks throughout 2023.
Stay Vigilant
Activity across all three sectors rose in 2022. Even with vendors taking actions to minimize attack vectors, such as Microsoft disabling VBA macros by default, threat actors have evolved and shifted their methods. Download the full report to find out how you can prepare and tighten your security controls around the expected challenges highlighted by our security experts.
Download the Report